19.06.2021 01:06, Jim Mattson пишет:
On Fri, Jun 18, 2021 at 2:55 PM stsp <stsp2@xxxxxxxxx> wrote:
19.06.2021 00:07, Jim Mattson пишет:
On Fri, Jun 18, 2021 at 9:02 AM stsp <stsp2@xxxxxxxxx> wrote:
Here it goes.
But I studied it quite thoroughly
and can't see anything obviously
wrong.
[7011807.029737] *** Guest State ***
[7011807.029742] CR0: actual=0x0000000080000031,
shadow=0x00000000e0000031, gh_mask=fffffffffffffff7
[7011807.029743] CR4: actual=0x0000000000002041,
shadow=0x0000000000000001, gh_mask=ffffffffffffe871
[7011807.029744] CR3 = 0x000000000a709000
[7011807.029745] RSP = 0x000000000000eff0 RIP = 0x000000000000017c
[7011807.029746] RFLAGS=0x00080202 DR7 = 0x0000000000000400
[7011807.029747] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[7011807.029749] CS: sel=0x0097, attr=0x040fb, limit=0x000001a0,
base=0x0000000002110000
[7011807.029751] DS: sel=0x00f7, attr=0x0c0f2, limit=0xffffffff,
base=0x0000000000000000
I believe DS is illegal. Per the SDM, Checks on Guest Segment Registers:
* If the guest will not be virtual-8086, the different sub-fields are
considered separately:
- Bits 3:0 (Type).
* DS, ES, FS, GS. The following checks apply if the register is usable:
- Bit 0 of the Type must be 1 (accessed).
That seems to be it, thank you!
At least for the minimal reproducer
I've done.
So only with unrestricted guest its
possible to ignore that field?
The VM-entry constraints are the same with unrestricted guest.
Note that *without* unrestricted guest, kvm will generally have to
emulate the early guest protected mode code--until the last vestiges
of real-address mode are purged from the descriptor cache. Maybe it
fails to set the accessed bits in the LDT on emulated segment register
loads?
I believe this is where the KVM_SET_SREGS
difference kicks in. When the segregs are
loaded in guest's ring0, there is no problem.
Likely in this case the accessed bit is properly
set.
But if we bypass the ring0 trampoline, then
the just created new LDT entry doesn't yet
have the accessed bit, and that propagates
to KVM_SET_SREGS. I believe I should just
force the accessed bit for KVM_SET_SREGS?
But there is no such problem if unrestricted
guest is available, so not everything is yet
clear.
