seL4 icon indicating copy to clipboard operation
seL4 copied to clipboard
verified publisher icon seL4

x86/vcpu: Allow CR0.PE and CR0.PG to be cleared

Open losfair opened this issue 9 months ago • 1 comments

If "Unrestricted Guest" mode is enabled in secondary control, CR0.PE and CR0.PG may be 0.

losfair avatar Mar 30 '25 03:03 losfair

Anyway, who controls whether unrestricted guest mode is enabled or not? Is it set by the BIOS? Is this something that user space would want to control?

Unrestricted guest mode is enabled by setting the UNRESTRICTED_GUEST bit in the VMCS field SECONDARY_PROCBASED_EXEC_CONTROLS. It's possible with existing seL4 API. Tested, and works.

I guess you want to use this for one reason or other, otherwise you wouldn't run into this.

I was trying to boot an image in PVH direct boot mode, and that requires switching from unpaged 32-bit mode to long mode. Non-UG mode requires paging so it's not possible.

losfair avatar Mar 30 '25 08:03 losfair