On Wed, Sep 22, 2021, Paolo Bonzini wrote: > On 22/09/21 16:46, Sean Christopherson wrote: > > On Wed, Sep 22, 2021, Paolo Bonzini wrote: > > > On 13/09/21 16:09, Maxim Levitsky wrote: > > > > KVM: x86: nVMX: re-evaluate emulation_required on nested VM exit > > > > ... > > > Queued, thanks. However, I'm keeping patch 1 for 5.16 only. > > > > I'm pretty sure the above patch is wrong, emulation_required can simply be > > cleared on emulated VM-Exit. > > Are you sure? Pretty sure, but not 100% sure :-) > I think you can at least set the host segment fields to a data segment that > requires emulation. For example the DPL of the host DS is hardcoded to zero, > but the RPL comes from the selector field and the DS selector is not > validated. HOST_DS_SEL is validated: In the selector field for each of CS, SS, DS, ES, FS, GS and TR, the RPL (bits 1:0) and the TI flag (bit 2) must be 0. > Therefore a subsequent vmentry could fail the access rights tests of 26.3.1.2 > Checks on Guest Segment Registers: Yes, but this path is loading host state on VM-Exit. > DS, ES, FS, GS. The DPL cannot be less than the RPL in the selector field if > (1) the “unrestricted guest” VM-execution control is 0; (2) the register is > usable; and (3) the Type in the access-rights field is in the range 0 – 11 > (data segment or non-conforming code segment). > > Paolo >
