KVM: VMX: Return correct CPL during transition to protected mode

In protected mode, the CPL is defined as the lower two bits of CS, as set by the last far jump. But during the transition to protected mode, there is no last far jump, so we need to return zero (the inherited real mode CPL). Fix by reading CPL from the cache during the transition. This isn't 100% correct since we don't set the CPL cache on a far jump, but since protected mode transition will always jump to a segment with RPL=0, it will always work. Signed-off-by: Avi Kivity <avi@redhat.com>
author: Avi Kivity <avi@redhat.com> 2012-06-06 18:36:48 +0300
committer: Avi Kivity <avi@redhat.com> 2012-07-09 14:19:00 +0300
commit: d881e6f6cffe3993245963143cab2528f918e071 (patch)
tree: e5a84dc9865e47e54a2f97fc57d2762bda45c742 /arch/x86/kvm/vmx.c
parent: e676505ac96813e8b93170b1f5e5ffe0cf6a2348 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e10ec0e4d1c6..486db2f9561b 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3175,11 +3175,22 @@ static int __vmx_get_cpl(struct kvm_vcpu *vcpu)
 
 static int vmx_get_cpl(struct kvm_vcpu *vcpu)
 {
+	struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+	/*
+	 * If we enter real mode with cs.sel & 3 != 0, the normal CPL calculations
+	 * fail; use the cache instead.
+	 */
+	if (unlikely(vmx->emulation_required && emulate_invalid_guest_state)) {
+		return vmx->cpl;
+	}
+
 	if (!test_bit(VCPU_EXREG_CPL, (ulong *)&vcpu->arch.regs_avail)) {
 		__set_bit(VCPU_EXREG_CPL, (ulong *)&vcpu->arch.regs_avail);
-		to_vmx(vcpu)->cpl = __vmx_get_cpl(vcpu);
+		vmx->cpl = __vmx_get_cpl(vcpu);
 	}
-	return to_vmx(vcpu)->cpl;
+
+	return vmx->cpl;
 }
author	Avi Kivity <avi@redhat.com>	2012-06-06 18:36:48 +0300
committer	Avi Kivity <avi@redhat.com>	2012-07-09 14:19:00 +0300
commit	d881e6f6cffe3993245963143cab2528f918e071 (patch)
tree	e5a84dc9865e47e54a2f97fc57d2762bda45c742 /arch/x86/kvm/vmx.c
parent	e676505ac96813e8b93170b1f5e5ffe0cf6a2348 (diff)