Sean Christopherson <[email protected]> writes: ... >> - if ((emulation_type & EMULTYPE_VMWARE_GP) && >> - !is_vmware_backdoor_opcode(ctxt)) { >> - kvm_queue_exception_e(vcpu, GP_VECTOR, 0); >> - return 1; >> + if (emulation_type & EMULTYPE_PARAVIRT_GP) { >> + vminstr = is_vm_instr_opcode(ctxt); >> + if (!vminstr && !is_vmware_backdoor_opcode(ctxt)) { >> + kvm_queue_exception_e(vcpu, GP_VECTOR, 0); >> + return 1; >> + } >> + if (vminstr) >> + return vminstr; > > I'm pretty sure this doesn't correctly handle a VM-instr in L2 that hits a bad > L0 GPA and that L1 wants to intercept. The intercept bitmap isn't checked > until > x86_emulate_insn(), and the vm*_interception() helpers expect nested VM-Exits > to > be handled further up the stack. > So, the condition is that L2 executes a vmload and #GPs on a reserved address, jumps to L0 - L0 doesn't check if L1 has asked for the instruction to be intercepted and goes on with emulating vmload and returning back to L2 ?
>> } >> >> /* >> -- >> 2.27.0 >>
