From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Maxim Levitsky <mlevitsk@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Jim Mattson <jmattson@google.com>,
Wanpeng Li <wanpengli@tencent.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Ingo Molnar <mingo@redhat.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH v3 0/7] KVM: few more SMM fixes
Date: Wed, 22 Sep 2021 15:52:40 +0000 [thread overview]
Message-ID: <YUtRSK8SwMfEZ2ca@google.com> (raw)
In-Reply-To: <427038b4-a856-826c-e9f4-01678d33ab83@redhat.com>
On Wed, Sep 22, 2021, Paolo Bonzini wrote:
> On 22/09/21 16:46, Sean Christopherson wrote:
> > On Wed, Sep 22, 2021, Paolo Bonzini wrote:
> > > On 13/09/21 16:09, Maxim Levitsky wrote:
> > > > KVM: x86: nVMX: re-evaluate emulation_required on nested VM exit
> >
> > ...
> > > Queued, thanks. However, I'm keeping patch 1 for 5.16 only.
> >
> > I'm pretty sure the above patch is wrong, emulation_required can simply be
> > cleared on emulated VM-Exit.
>
> Are you sure?
Pretty sure, but not 100% sure :-)
> I think you can at least set the host segment fields to a data segment that
> requires emulation. For example the DPL of the host DS is hardcoded to zero,
> but the RPL comes from the selector field and the DS selector is not
> validated.
HOST_DS_SEL is validated:
In the selector field for each of CS, SS, DS, ES, FS, GS and TR, the RPL
(bits 1:0) and the TI flag (bit 2) must be 0.
> Therefore a subsequent vmentry could fail the access rights tests of 26.3.1.2
> Checks on Guest Segment Registers:
Yes, but this path is loading host state on VM-Exit.
> DS, ES, FS, GS. The DPL cannot be less than the RPL in the selector field if
> (1) the “unrestricted guest” VM-execution control is 0; (2) the register is
> usable; and (3) the Type in the access-rights field is in the range 0 – 11
> (data segment or non-conforming code segment).
>
> Paolo
>
next prev parent reply other threads:[~2021-09-22 15:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-13 14:09 [PATCH v3 0/7] KVM: few more SMM fixes Maxim Levitsky
2021-09-13 14:09 ` [PATCH v3 1/7] KVM: x86: nSVM: refactor svm_leave_smm and smm_enter_smm Maxim Levitsky
2021-09-13 14:09 ` [PATCH v3 2/7] KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit Maxim Levitsky
2021-09-13 14:09 ` [PATCH v3 3/7] KVM: x86: reset pdptrs_from_userspace when exiting smm Maxim Levitsky
2021-09-13 14:09 ` [PATCH v3 4/7] KVM: x86: SVM: call KVM_REQ_GET_NESTED_STATE_PAGES on exit from SMM mode Maxim Levitsky
2021-09-13 14:09 ` [PATCH v3 5/7] KVM: x86: VMX: synthesize invalid VM exit when emulating invalid guest state Maxim Levitsky
2021-09-13 14:09 ` [PATCH v3 6/7] KVM: x86: nVMX: don't fail nested VM entry on invalid guest state if !from_vmentry Maxim Levitsky
2021-09-13 14:09 ` [PATCH v3 7/7] KVM: x86: nVMX: re-evaluate emulation_required on nested VM exit Maxim Levitsky
2021-09-22 14:35 ` [PATCH v3 0/7] KVM: few more SMM fixes Paolo Bonzini
2021-09-22 14:46 ` Sean Christopherson
2021-09-22 15:45 ` Paolo Bonzini
2021-09-22 15:52 ` Sean Christopherson [this message]
2021-09-22 18:17 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YUtRSK8SwMfEZ2ca@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.