On 27/07/2018 18:18, Jim Mattson wrote:
> The fault that should be raised for a privilege level violation is #GP
> rather than #UD.
>
> Fixes: 727ba748e110b4 ("kvm: nVMX: Enforce cpl=0 for VMX instructions")
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 5d8e317c2b04f..cb51808c73206 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -7941,7 +7941,7 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
>
> /* CPL=0 must be checked manually. */
> if (vmx_get_cpl(vcpu)) {
> - kvm_queue_exception(vcpu, UD_VECTOR);
> + kvm_inject_gp(vcpu, 0);
> return 1;
> }
>
> @@ -8005,7 +8005,7 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
> static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
> {
> if (vmx_get_cpl(vcpu)) {
> - kvm_queue_exception(vcpu, UD_VECTOR);
> + kvm_inject_gp(vcpu, 0);
> return 0;
> }
>
>
Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
