From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xiao Guangrong Subject: Re: [PATCH 2/3] KVM: MMU: Remove user access when allowing kernel access to gpte.w=0 page Date: Thu, 27 May 2010 20:07:01 +0800 Message-ID: <4BFE6065.9020901@cn.fujitsu.com> References: <1274961006-19413-1-git-send-email-avi@redhat.com> <1274961006-19413-3-git-send-email-avi@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Marcelo Tosatti , kvm@vger.kernel.org To: Avi Kivity Return-path: Received: from cn.fujitsu.com ([222.73.24.84]:51087 "EHLO song.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S933281Ab0E0MK0 (ORCPT ); Thu, 27 May 2010 08:10:26 -0400 In-Reply-To: <1274961006-19413-3-git-send-email-avi@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: Avi Kivity wrote: > If cr0.wp=0, we have to allow the guest kernel access to a page with pte.w=0. > We do that by setting spte.w=1, since the host cr0.wp must remain set so the > host can write protect pages. Once we allow write access, we must remove > user access otherwise we mistakenly allow the user to write the page. > Yeah, it's really a nice way :-) Reviewed-by: Xiao Guangrong > Signed-off-by: Avi Kivity > --- > arch/x86/kvm/mmu.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c > index 39dd8d3..56f8c3c 100644 > --- a/arch/x86/kvm/mmu.c > +++ b/arch/x86/kvm/mmu.c > @@ -1894,6 +1894,9 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, > > spte |= PT_WRITABLE_MASK; > > + if (!tdp_enabled && !(pte_access & ACC_WRITE_MASK)) > + spte &= ~PT_USER_MASK; > + > /* > * Optimization: for pte sync, if spte was writable the hash > * lookup is unnecessary (and expensive). Write protection