From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: [PATCH] KVM: vmx: VMXOFF emulation in vm86 should cause #UD Date: Fri, 29 Aug 2014 10:57:58 +0200 Message-ID: <54004096.2080104@redhat.com> References: <1409300815-15126-1-git-send-email-namit@cs.technion.ac.il> <54003B8B.8070800@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Nadav Amit , KVM To: Nadav Amit Return-path: Received: from mx1.redhat.com ([209.132.183.28]:41056 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751608AbaH2I6J (ORCPT ); Fri, 29 Aug 2014 04:58:09 -0400 In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: Il 29/08/2014 10:52, Nadav Amit ha scritto: > > Patch looks good, but where is the check that MOD =3D=3D 3 in the "= case > > RMExt"? Am I just not seeing it? >=20 > This seems to be part of the =93case GroupDual=94. GroupDual handles it, but the EXT() macro you're using is exactly what=20 you want: #define RMExt (4<<15) /* Opcode extension in ModRM r/m if mod= =3D=3D 3 */ I guess what's missing is ------------------ 8< ------------------ Subject: [PATCH] Check ModRM for RMExt Some group7 extensions are only defined for mod=3D=3D3. Check this and reject emulation if mod!=3D3. Signed-off-by: Paolo Bonzini diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 56657b0bb3bb..d472e4d50e3c 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -4360,6 +4360,8 @@ done_prefixes: opcode =3D opcode.u.gdual->mod012[goffset]; break; case RMExt: + if ((ctxt->modrm >> 6) =3D=3D 3) + return EMULATION_FAILED; goffset =3D ctxt->modrm & 7; opcode =3D opcode.u.group[goffset]; break; What do you think? Paolo