On 23/01/19 23:39, Sean Christopherson wrote: > VMX instructions directly cause VM-Exits, and so to emulate them for a > nested VMM, KVM manually calculates the address of memory operands of > VMX instructions as opposed to routing the entire instruction through > the emulator. > > Unsurprisingly, there are bugs in the address calculations related to > truncating address based on mode and prefixes. Patch 1/3 addresses the > most critical bug, which AFAICT causes a 100% failure rate when running > a 32-bit KVM as L1 on top of a 64-bit KVM as L0. Patches 2/3 and 3/3 > fix slightly more esoteric behavior that is unlikely to affect any real > world hypervisors. > > Sean Christopherson (3): > KVM: nVMX: Sign extend displacements of VMX instr's mem operands > KVM: nVMX: Apply addr size mask to effective address for VMX > instructions > KVM: nVMX: Ignore limit checks on VMX instructions using flat segments > > arch/x86/kvm/vmx/nested.c | 41 ++++++++++++++++++++++++++++++++++----- > 1 file changed, 36 insertions(+), 5 deletions(-) > Queued, thnaks. Paolo
