On 08/02/2010 03:25 PM, Nadav Har'El wrote:
+ /* offfset = Base + [Index * Scale] + Displacement */
+ addr = vmx_get_segment_base(vcpu, seg_reg);
+ if (base_is_valid)
+ addr += kvm_register_read(vcpu, base_reg);
+ if (index_is_valid)
+ addr += kvm_register_read(vcpu, index_reg)<<scaling;
+ addr += exit_qualification; /* holds the displacement */
Do we need a segment limit and access rights check?
You are absolutely right. The instructions we're emulating (VMREAD, VMWRITE,
VMPTRLD, etc.) should throw a #GP in a bunch of segmentation errors, including
segment limit, execute-only segments, non-canonical 64-bit addresses, and a
bunch of other unlikely error cases.
To achieve 100% accurate emulation in the error path, it will require quite
a bit new code (here, and in many other places throughout the nested VMX code)
that isn't necessary for running a correctly-written guest hypervisor (such
as KVM or VMware). At worst, not accurately emulating the error path correctly
might allow a broken L1 to do bad things to itself, but it doesn't allow it
to do anything bad to L0 or other L1's.
Would you accept that I'll add a TODO in the code here (and in similar cases)
and leave perfecting the error path to a later path?
Given that the x86 emulator doesn't get this right, yes. But please do
document all the points where this is wrong. Silent failure is the
worst kind of failure, at least we'll know where to look.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
