On 24/06/2016 15:04, Quentin Casasnovas wrote: > On Thu, Jun 23, 2016 at 06:03:01PM +0200, Paolo Bonzini wrote: >> >> >> On 18/06/2016 11:01, Quentin Casasnovas wrote: >>> Cross-checking the KVM/VMX VMREAD emulation code with the Intel Software >>> Developper Manual Volume 3C - "VMREAD - Read Field from Virtual-Machine >>> Control Structure", I found that we're enforcing that the destination >>> operand is NOT located in a read-only data segment or any code segment when >>> the L1 is in long mode - BUT that check should only happen when it is in >>> protected mode. >>> >>> Shuffling the code a bit to make our emulation follow the specification >>> allows me to boot a Xen dom0 in a nested KVM and start HVM L2 guests >>> without problems. >> >> That's great, and I'm applying the patch, but it's also pretty weird. :) >> Do you have a pointer to Xen source code that does a VMREAD into a >> read-only data segment or a code segment? > > It is indeed pretty weird. Looking at the Xen stack trace, it looks like > the vmread is writing to an on-stack buffer, and surely it must be writable > so I wonder if Xen might not be using an executable stack for some reason? > That would be a bit scary so I'm surely missing something. > > Is there an easy way to know from my KVM host the different segment > permission setup by the guest? Remove your patch, call dump_vmcs() where the #GP is injected, and you'll find the VMCS (including segment permissions, but not the instruction info field---you probably should add it) in dmesg. Thanks, Paolo -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html