From: Bandan Das <bsd@redhat.com>
To: kvm@vger.kernel.org
Cc: pbonzini@redhat.com, guangrong.xiao@linux.intel.com,
linux-kernel@vger.kernel.org
Subject: [PATCH 3/5] mmu: don't set the present bit unconditionally
Date: Tue, 28 Jun 2016 00:32:38 -0400 [thread overview]
Message-ID: <1467088360-10186-4-git-send-email-bsd@redhat.com> (raw)
In-Reply-To: <1467088360-10186-1-git-send-email-bsd@redhat.com>
To support execute only mappings on behalf of L1
hypervisors, we teach set_spte() to honor L1's valid XWR
bits. This is only if host supports EPT execute only. Reuse
ACC_USER_MASK to signify if the L1 hypervisor has the R bit
set
Signed-off-by: Bandan Das <bsd@redhat.com>
---
arch/x86/kvm/mmu.c | 9 +++++++--
arch/x86/kvm/paging_tmpl.h | 2 +-
arch/x86/kvm/vmx.c | 2 +-
3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 875d4f7..ee2fb16 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2516,13 +2516,17 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
gfn_t gfn, kvm_pfn_t pfn, bool speculative,
bool can_unsync, bool host_writable)
{
- u64 spte;
+ u64 spte = 0;
int ret = 0;
+ struct kvm_mmu *context = &vcpu->arch.mmu;
+ bool execonly = !(context->guest_rsvd_check.bad_mt_xwr &
+ (1ull << VMX_EPT_EXECUTABLE_MASK));
if (set_mmio_spte(vcpu, sptep, gfn, pfn, pte_access))
return 0;
- spte = PT_PRESENT_MASK;
+ if (!execonly)
+ spte |= PT_PRESENT_MASK;
if (!speculative)
spte |= shadow_accessed_mask;
@@ -2531,6 +2535,7 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
else
spte |= shadow_nx_mask;
+ /* In the EPT case, shadow_user_mask is PT_PRESENT_MASK */
if (pte_access & ACC_USER_MASK)
spte |= shadow_user_mask;
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index bc019f7..896118e 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -187,7 +187,7 @@ static inline unsigned FNAME(gpte_access)(struct kvm_vcpu *vcpu, u64 gpte)
#if PTTYPE == PTTYPE_EPT
access = ((gpte & VMX_EPT_WRITABLE_MASK) ? ACC_WRITE_MASK : 0) |
((gpte & VMX_EPT_EXECUTABLE_MASK) ? ACC_EXEC_MASK : 0) |
- ACC_USER_MASK;
+ ((gpte & VMX_EPT_READABLE_MASK) ? ACC_USER_MASK : 0);
#else
BUILD_BUG_ON(ACC_EXEC_MASK != PT_PRESENT_MASK);
BUILD_BUG_ON(ACC_EXEC_MASK != 1);
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 003618e..417debc 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6366,7 +6366,7 @@ static __init int hardware_setup(void)
vmx_disable_intercept_msr_write_x2apic(0x83f);
if (enable_ept) {
- kvm_mmu_set_mask_ptes(0ull,
+ kvm_mmu_set_mask_ptes(PT_PRESENT_MASK,
(enable_ept_ad_bits) ? VMX_EPT_ACCESS_BIT : 0ull,
(enable_ept_ad_bits) ? VMX_EPT_DIRTY_BIT : 0ull,
0ull, VMX_EPT_EXECUTABLE_MASK);
--
2.5.5
next prev parent reply other threads:[~2016-06-28 4:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-28 4:32 [PATCH 0/5] Add support for EPT execute only for nested hypervisors Bandan Das
2016-06-28 4:32 ` [PATCH 1/5] mmu: mark spte present if the x bit is set Bandan Das
2016-06-28 8:44 ` Paolo Bonzini
2016-06-28 17:33 ` Bandan Das
2016-06-28 20:17 ` Paolo Bonzini
2016-06-28 20:37 ` Bandan Das
2016-06-28 20:49 ` Paolo Bonzini
2016-06-28 21:04 ` Bandan Das
2016-06-29 3:01 ` Xiao Guangrong
2016-07-05 3:06 ` Wanpeng Li
2016-07-05 10:50 ` Paolo Bonzini
2016-07-05 11:29 ` Wanpeng Li
2016-06-28 4:32 ` [PATCH 2/5] mmu: pass execonly value when initializing rsvd bits Bandan Das
2016-06-29 3:07 ` Xiao Guangrong
2016-06-28 4:32 ` Bandan Das [this message]
2016-06-28 8:57 ` [PATCH 3/5] mmu: don't set the present bit unconditionally Paolo Bonzini
2016-06-28 17:30 ` Bandan Das
2016-06-28 20:21 ` Paolo Bonzini
2016-07-05 5:50 ` Wanpeng Li
2016-07-05 10:50 ` Paolo Bonzini
2016-06-29 3:17 ` Xiao Guangrong
2016-06-29 8:18 ` Paolo Bonzini
2016-06-30 7:18 ` Xiao Guangrong
2016-06-28 4:32 ` [PATCH 4/5] mmu: remove is_present_gpte() Bandan Das
2016-06-28 4:32 ` [PATCH 5/5] nvmx: advertise support for ept execute only Bandan Das
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467088360-10186-4-git-send-email-bsd@redhat.com \
--to=bsd@redhat.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.