Re: [PATCH 4/4] nvmx: check for shadow vmcs check on entry
From: Paolo Bonzini
Date: Fri Jul 22 2016 - 04:41:11 EST
> Paolo Bonzini <pbonzini@xxxxxxxxxx> writes:
> > On 21/07/2016 00:25, Bandan Das wrote:
> >> vmentry should check whether the vmcs provided by
> >> the guest hypervisor is a shadow vmcs and fail.
> > How can this happen, since vmptrld checks the revision_id as you said
> > below?
> This is more of a change that adheres to the spec
> (26.1 Basic VM-Entry Checks); the failure path
> is slightly different compared to vmptrld though.
> It's small and harmless but I am ok if you prefer dropping it.
Do you mean that this could happen if the VMCS is modified by L1
after VMPTRLD? That makes sense, but with David Matlack's change
to cache the VMCS it wouldn't be possible to trigger it anymore.