• Paolo Bonzini's avatar
    KVM: x86: get CPL from SS.DPL · ae9fedc7
    Paolo Bonzini authored
    CS.RPL is not equal to the CPL in the few instructions between
    setting CR0.PE and reloading CS.  And CS.DPL is also not equal
    to the CPL for conforming code segments.
    
    However, SS.DPL *is* always equal to the CPL except for the weird
    case of SYSRET on AMD processors, which sets SS.DPL=SS.RPL from the
    value in the STAR MSR, but force CPL=3 (Intel instead forces
    SS.DPL=SS.RPL=CPL=3).
    
    So this patch:
    
    - modifies SVM to update the CPL from SS.DPL rather than CS.RPL;
    the above case with SYSRET is not broken further, and the way
    to fix it would be to pass the CPL to userspace and back
    
    - modifies VMX to always return the CPL from SS.DPL (except
    forcing it to 0 if we are emulating real mode via vm86 mode;
    in vm86 mode all DPLs have to be 3, but real mode does allow
    privileged instructions).  It also removes the CPL cache,
    which becomes a duplicate of the SS access rights cache.
    
    This fixes doing KVM_IOCTL_SET_SREGS exactly after setting
    CR0.PE=1 but before CS has been reloaded.
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    ae9fedc7
kvm_host.h 30.4 KB