From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Nested EPT Write Protection
Date: Mon, 22 Jun 2015 15:59:33 +0200
Message-ID: <558814C5.6050804@redhat.com>
References: <CAHqbYQvzU=U=SrNeip_zjWkQAdu2Sfwd1nPfYuJ012xPUrTKdw@mail.gmail.com>	<5583B63B.1080907@redhat.com>	<CAHqbYQtLSUr+TTxn-QJVpXt257ZowMVH+1B+DSR1X2KEgmFawg@mail.gmail.com>	<558433EF.4040508@redhat.com>	<CAHqbYQv0RT-LGCF8cBv0xjYyhLJW99bz_9iMt_LGtHmDAGek1w@mail.gmail.com>	<5587F0E7.4030801@redhat.com> <CAHqbYQsXfmQfBGva2t_VSFMQj3dnwUUcFPBbvnQDN_tR0y3i8g@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Cc: kvm <kvm@vger.kernel.org>
To: Hu Yaohui <loki2441@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:37219 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750861AbbFVN7g (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 22 Jun 2015 09:59:36 -0400
In-Reply-To: <CAHqbYQsXfmQfBGva2t_VSFMQj3dnwUUcFPBbvnQDN_tR0y3i8g@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>



On 22/06/2015 15:28, Hu Yaohui wrote:
> 
> */2504             pseudo_gfn = base_addr >> PAGE_SHIFT;
> 2505             sp = kvm_mmu_get_page(vcpu, pseudo_gfn, iterator.addr,
> 2506                           iterator.level - 1,
> 2507                           1, ACC_ALL, iterator.sptep);/*
> 2508             if (!sp) {
> 2509                 pgprintk("nonpaging_map: ENOMEM\n");
> 2510                 kvm_release_pfn_clean(pfn);
> 2511                 return -ENOMEM;
> 2512             }
>                                    .........
> 
> </code>
> it will get a pseudo_gfn to allocate a kvm_mmu_page. What if a
> pseudo_gfn itself causes a tdp_page_fault?
> Will it make the corresponding EPT page table entry marked as readonly also?

If tdp_page_fault is used (meaning non-nested KVM: nested KVM uses
ept_page_fault instead), sp->unsync is always true:

	/* in kvm_mmu_get_page - __direct_map passes direct == true */
        if (!direct) {
                if (rmap_write_protect(vcpu, gfn))
                        kvm_flush_remote_tlbs(vcpu->kvm);
                if (level > PT_PAGE_TABLE_LEVEL && need_sync)
                        kvm_sync_pages(vcpu, gfn);

                account_shadowed(vcpu->kvm, sp);
        }

so mmu_need_write_protect always returns false.

Note that higher in kvm_mmu_get_page there is another conditional:

                if (!need_sync && sp->unsync)
                        need_sync = true;

but it only applies to the !direct case.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in