On Sun, Jul 21, 2019 at 11:26:24AM -0700, Nadav Amit wrote: > > On Jul 3, 2019, at 4:54 PM, Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx> wrote: > > > > According to section "Checks on Host Segment and Descriptor-Table > > Registers" in Intel SDM vol 3C, the following checks are performed on > > vmentry of nested guests: > > > > - In the selector field for each of CS, SS, DS, ES, FS, GS and TR, the > > RPL (bits 1:0) and the TI flag (bit 2) must be 0. > > - The selector fields for CS and TR cannot be 0000H. > > - The selector field for SS cannot be 0000H if the "host address-space > > size" VM-exit control is 0. > > - On processors that support Intel 64 architecture, the base-address > > fields for FS, GS, GDTR, IDTR, and TR must contain canonical > > addresses. > > As I noted on v1, this patch causes the test to fail on bare-metal: > > FAIL: HOST_SEL_SS 0: VMX inst error is 8 (actual 7) > > I don’t know what the root-cause is, but I don't think that tests that > fail on bare-metal (excluding because of CPU errata) should be included. A 64-bit VMM isn't allowed to transition to 32-bit mode by way of VM-Exit, and the VMX tests are 64-bit only. If the logical processor is in IA-32e mode (if IA32_EFER.LMA=1) at the time of VM entry, the "host address space size" VM-exit control must be 1.
