From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nadav Har'El <nyh@math.technion.ac.il>
Subject: Re: [PATCH 02/10] nEPT: MMU context for nested EPT
Date: Thu, 8 Dec 2011 17:21:45 +0200
Message-ID: <20111208152145.GA25787@fermat.math.technion.ac.il>
References: <4EBBC848.7050400@redhat.com>
 <20111110144027.GB3327@fermat.math.technion.ac.il>
 <4EBBEB65.8050600@redhat.com>
 <20111110200532.GA17475@fermat.math.technion.ac.il>
 <4EBE4CE0.7070708@redhat.com>
 <20111112213747.GA741@fermat.math.technion.ac.il>
 <4EBFAA47.406@redhat.com>
 <4EBFD514.4030501@redhat.com>
 <4EC00BC1.7000101@redhat.com>
 <4EC0D081.4020106@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Orit Wasserman <owasserm@redhat.com>, kvm@vger.kernel.org,
	"Roedel, Joerg" <Joerg.Roedel@amd.com>, abelg@il.ibm.com
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mailgw12.technion.ac.il ([132.68.225.12]:42668 "EHLO
	mailgw12.technion.ac.il" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750870Ab1LHPVx (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 8 Dec 2011 10:21:53 -0500
Content-Disposition: inline
In-Reply-To: <4EC0D081.4020106@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Mon, Nov 14, 2011, Avi Kivity wrote about "Re: [PATCH 02/10] nEPT: MMU context for nested EPT":
> > >> +#if PTTYPE == EPT 
> > >> +		real_gfn = mmu->translate_gpa(vcpu, gfn_to_gpa(table_gfn),
> > >> +					      EPT_WRITABLE_MASK);
> > >> +#else
> > >>  		real_gfn = mmu->translate_gpa(vcpu, gfn_to_gpa(table_gfn),
> > >>  					      PFERR_USER_MASK|PFERR_WRITE_MASK);
> > >> +#endif
> > >> +
> > > 
> > > Unneeded, I think.
> >
> > Is it because translate_nested_gpa always set USER_MASK ? 
> 
> Yes... maybe that function needs to do something like
> 
>    access |= mmu->default_access;

Unless I'm misunderstanding something, translate_nested_gpa, and
gva_to_gpa, take as their "access" parameter a bitmask of PFERR_*,
so it's fine for PFERR_USER_MASK to be enabled in translate_nested_gpa;
It just shouldn't cause PT_USER_MASK to be used. The only additional
problem I can find is in walk_addr_generic which

does

		if (!check_write_user_access(vcpu, write_fault, user_fault,
					  pte))
			eperm = true;

and that checks pte & PT_USER_MASK, which it shouldn't if
PTTYPE==PTTYPE_EPT.

It's really confusing that we now have in mmu.c no less than 4 (!)
access bit schemes, similar in many ways but different in many others:

	1. page fault error codes (PFERR_*_MASK)
	2. x86 page tables acess bits (PT_*_MASK)
	3. KVM private access bits (ACC_*_MASK)
	4. EPT access bits (VMX_EPT_*_MASK).

I just have to try hard not to confuse them.

-- 
Nadav Har'El                        |                   Thursday, Dec 8 2011, 
nyh@math.technion.ac.il             |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |Sorry, but my karma just ran over your
http://nadav.harel.org.il           |dogma.