On 22/09/21 16:46, Sean Christopherson wrote:
On Wed, Sep 22, 2021, Paolo Bonzini wrote:
On 13/09/21 16:09, Maxim Levitsky wrote:
KVM: x86: nVMX: re-evaluate emulation_required on nested VM exit
...
Queued, thanks. However, I'm keeping patch 1 for 5.16 only.
I'm pretty sure the above patch is wrong, emulation_required can simply be
cleared on emulated VM-Exit.
Are you sure? I think you can at least set the host segment fields to a
data segment that requires emulation. For example the DPL of the host
DS is hardcoded to zero, but the RPL comes from the selector field and
the DS selector is not validated. Therefore a subsequent vmentry could
fail the access rights tests of 26.3.1.2 Checks on Guest Segment Registers:
DS, ES, FS, GS. The DPL cannot be less than the RPL in the selector
field if (1) the “unrestricted guest” VM-execution control is 0; (2) the
register is usable; and (3) the Type in the access-rights field is in
the range 0 – 11 (data segment or non-conforming code segment).
Paolo
