On Wed, Jan 23, 2019 at 2:39 PM Sean Christopherson
<sean.j.christopherson@xxxxxxxxx> wrote:
>
> Regarding segments with a limit==0xffffffff, the SDM officially states:
>
> When the effective limit is FFFFFFFFH (4 GBytes), these accesses may
> or may not cause the indicated exceptions. Behavior is
> implementation-specific and may vary from one execution to another.
>
> In practice, all CPUs that support VMX ignore limit checks for "flat
> segments", i.e. an expand-up data or code segment with base=0 and
> limit=0xffffffff. This is subtly different than wrapping the effective
> address calculation based on the address size, as the flat segment
> behavior also applies to accesses that would wrap the 4g boundary, e.g.
> a 4-byte access starting at 0xffffffff will access linear addresses
> 0xffffffff, 0x0, 0x1 and 0x2.
>
> Fixes: f9eb4af67c9d ("KVM: nVMX: VMX instructions: add checks for #GP/#SS exceptions")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
