Sean Christopherson <seanjc@xxxxxxxxxx> writes:
...
>> - if ((emulation_type & EMULTYPE_VMWARE_GP) &&
>> - !is_vmware_backdoor_opcode(ctxt)) {
>> - kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
>> - return 1;
>> + if (emulation_type & EMULTYPE_PARAVIRT_GP) {
>> + vminstr = is_vm_instr_opcode(ctxt);
>> + if (!vminstr && !is_vmware_backdoor_opcode(ctxt)) {
>> + kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
>> + return 1;
>> + }
>> + if (vminstr)
>> + return vminstr;
>
> I'm pretty sure this doesn't correctly handle a VM-instr in L2 that hits a bad
> L0 GPA and that L1 wants to intercept. The intercept bitmap isn't checked until
> x86_emulate_insn(), and the vm*_interception() helpers expect nested VM-Exits to
> be handled further up the stack.
>
So, the condition is that L2 executes a vmload and #GPs on a reserved address, jumps to L0 - L0 doesn't
check if L1 has asked for the instruction to be intercepted and goes on with emulating
vmload and returning back to L2 ?
>> }
>>
>> /*
>> --
>> 2.27.0
>>
