VMX instructions directly cause VM-Exits, and so to emulate them for a
nested VMM, KVM manually calculates the address of memory operands of
VMX instructions as opposed to routing the entire instruction through
the emulator.
Unsurprisingly, there are bugs in the address calculations related to
truncating address based on mode and prefixes. Patch 1/3 addresses the
most critical bug, which AFAICT causes a 100% failure rate when running
a 32-bit KVM as L1 on top of a 64-bit KVM as L0. Patches 2/3 and 3/3
fix slightly more esoteric behavior that is unlikely to affect any real
world hypervisors.
Sean Christopherson (3):
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Apply addr size mask to effective address for VMX
instructions
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
arch/x86/kvm/vmx/nested.c | 41 ++++++++++++++++++++++++++++++++++-----
1 file changed, 36 insertions(+), 5 deletions(-)
--
2.20.1
