19.06.2021 00:07, Jim Mattson пишет:
On Fri, Jun 18, 2021 at 9:02 AM stsp <stsp2@xxxxxxxxx> wrote:
Here it goes.
But I studied it quite thoroughly
and can't see anything obviously
wrong.
[7011807.029737] *** Guest State ***
[7011807.029742] CR0: actual=0x0000000080000031,
shadow=0x00000000e0000031, gh_mask=fffffffffffffff7
[7011807.029743] CR4: actual=0x0000000000002041,
shadow=0x0000000000000001, gh_mask=ffffffffffffe871
[7011807.029744] CR3 = 0x000000000a709000
[7011807.029745] RSP = 0x000000000000eff0 RIP = 0x000000000000017c
[7011807.029746] RFLAGS=0x00080202 DR7 = 0x0000000000000400
[7011807.029747] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[7011807.029749] CS: sel=0x0097, attr=0x040fb, limit=0x000001a0,
base=0x0000000002110000
[7011807.029751] DS: sel=0x00f7, attr=0x0c0f2, limit=0xffffffff,
base=0x0000000000000000
I believe DS is illegal. Per the SDM, Checks on Guest Segment Registers:
* If the guest will not be virtual-8086, the different sub-fields are
considered separately:
- Bits 3:0 (Type).
* DS, ES, FS, GS. The following checks apply if the register is usable:
- Bit 0 of the Type must be 1 (accessed).
That seems to be it, thank you!
At least for the minimal reproducer
I've done.
So only with unrestricted guest its
possible to ignore that field?
[7011807.029764] FS: sel=0x0000, attr=0x10000, limit=0x00000000,
base=0x0000000000000000
[7011807.029765] GS: sel=0x0000, attr=0x10000, limit=0x00000000,
base=0x0000000000000000
[7011807.029767] GDTR: limit=0x00000017,
base=0x000000000a708100
[7011807.029768] LDTR: sel=0x0010, attr=0x00082, limit=0x0000ffff,
base=0x000000000ab0a000
[7011807.029769] IDTR: limit=0x000007ff,
base=0x000000000a708200
[7011807.029770] TR: sel=0x0010, attr=0x0008b, limit=0x00002088,
base=0x000000000a706000
It seems a bit odd that TR and LDTR are both 0x10, but that's perfectly legal.
This selector is fake.
Our guest doesn't do LLDT or LTR,
so we didn't care to even reserve
the GDT entries for those.
