On 27/07/2018 22:44, Jim Mattson wrote:
> When checking emulated VMX instructions for faults, the #UD for "IF
> (not in VMX operation)" should take precedence over the #GP for "ELSIF
> CPL > 0."
>
> Suggested-by: Eric Northup <digitaleric@xxxxxxxxxx>
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index cb51808c73206..6568ddf9e7e3b 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -8004,15 +8004,16 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
> */
> static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
> {
> - if (vmx_get_cpl(vcpu)) {
> - kvm_inject_gp(vcpu, 0);
> + if (!to_vmx(vcpu)->nested.vmxon) {
> + kvm_queue_exception(vcpu, UD_VECTOR);
> return 0;
> }
>
> - if (!to_vmx(vcpu)->nested.vmxon) {
> - kvm_queue_exception(vcpu, UD_VECTOR);
> + if (vmx_get_cpl(vcpu)) {
> + kvm_inject_gp(vcpu, 0);
> return 0;
> }
> +
> return 1;
> }
>
>
Queued both, thanks.
Paolo
