On 16/01/2018 14:58, Vitaly Kuznetsov wrote: >> Haven't looked into the details, but we have to watch out for other >> VCPUs trying to modify that vmcs12. >> >> Basically because other VCPUs could try to modify values in vmcs12 while >> we are currently building vmcs02. Nasty races could result in us copying >> stuff (probably unchecked) into vmcs02 and therefore running something >> that was not intended. >> > I don't think we share VMCS among vCPUs, do we? VMCS is just memory, so who knows what a malicious L1 guest will do. But for vmread/vmwrite we can go through hypervisor memory, for enlightened VMCS we cannot. Paolo
