From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Quentin Casasnovas" <quentin.casasnovas@oracle.com>,
x86 <x86@kernel.org>, kvm <kvm@vger.kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
"Eugene Korenevsky" <ekorenevsky@gmail.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
linux-stable <stable@vger.kernel.org>
Subject: Re: [PATCH] KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode.
Date: Fri, 24 Jun 2016 15:04:53 +0200 [thread overview]
Message-ID: <20160624130453.GA32026@chrystal.uk.oracle.com> (raw)
In-Reply-To: <24080992-801c-4606-c801-65ee68cf8779@redhat.com>
On Thu, Jun 23, 2016 at 06:03:01PM +0200, Paolo Bonzini wrote:
>
>
> On 18/06/2016 11:01, Quentin Casasnovas wrote:
> > Cross-checking the KVM/VMX VMREAD emulation code with the Intel Software
> > Developper Manual Volume 3C - "VMREAD - Read Field from Virtual-Machine
> > Control Structure", I found that we're enforcing that the destination
> > operand is NOT located in a read-only data segment or any code segment when
> > the L1 is in long mode - BUT that check should only happen when it is in
> > protected mode.
> >
> > Shuffling the code a bit to make our emulation follow the specification
> > allows me to boot a Xen dom0 in a nested KVM and start HVM L2 guests
> > without problems.
>
> That's great, and I'm applying the patch, but it's also pretty weird. :)
> Do you have a pointer to Xen source code that does a VMREAD into a
> read-only data segment or a code segment?
It is indeed pretty weird. Looking at the Xen stack trace, it looks like
the vmread is writing to an on-stack buffer, and surely it must be writable
so I wonder if Xen might not be using an executable stack for some reason?
That would be a bit scary so I'm surely missing something.
Is there an easy way to know from my KVM host the different segment
permission setup by the guest?
Quentin
next prev parent reply other threads:[~2016-06-24 13:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-18 9:01 [PATCH] KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode Quentin Casasnovas
2016-06-23 16:03 ` Paolo Bonzini
2016-06-24 13:04 ` Quentin Casasnovas [this message]
2016-06-24 13:10 ` Paolo Bonzini
2016-06-29 17:25 ` Quentin Casasnovas
2016-06-29 20:48 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160624130453.GA32026@chrystal.uk.oracle.com \
--to=quentin.casasnovas@oracle.com \
--cc=ekorenevsky@gmail.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox