From: Paolo Bonzini <pbonzini@redhat.com>
To: Xiao Guangrong <guangrong.xiao@linux.intel.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: stable@vger.kernel.org
Subject: Re: [PATCH 2/2] KVM: MMU: fix reserved bit check for pte.u=0/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0
Date: Thu, 10 Mar 2016 11:02:47 +0100 [thread overview]
Message-ID: <56E14647.8040803@redhat.com> (raw)
In-Reply-To: <56E1322A.203@linux.intel.com>
On 10/03/2016 09:36, Xiao Guangrong wrote:
>
>
> On 03/08/2016 07:44 PM, Paolo Bonzini wrote:
>> KVM handles supervisor writes of a pte.u=0/pte.w=0/CR0.WP=0 page by
>> setting U=0 and W=1 in the shadow PTE. This will cause a user write
>> to fault and a supervisor write to succeed (which is correct because
>> CR0.WP=0). A user read instead will flip U=0 to 1 and W=1 back to 0.
>> This enables user reads; it also disables supervisor writes, the next
>> of which will then flip the bits again.
>>
>> When SMEP is in effect, however, pte.u=0 will enable kernel execution
>> of this page. To avoid this, KVM also sets pte.nx=1. The reserved bit
>> catches this because it only looks at the guest's EFER.NX bit. Teach it
>> that smep_andnot_wp will also use the NX bit of SPTEs.
>>
>> Cc: stable@vger.kernel.org
>> Cc: Xiao Guangrong <guangrong.xiao@redhat.com>
>
> As a redhat guy i am so proud. :)
>
>> Fixes: c258b62b264fdc469b6d3610a907708068145e3b
>
> Thanks for you fixing it, Paolo!
>
> Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
>
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>> arch/x86/kvm/mmu.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
>> index 95a955de5964..0cd4ee01de94 100644
>> --- a/arch/x86/kvm/mmu.c
>> +++ b/arch/x86/kvm/mmu.c
>> @@ -3721,13 +3721,15 @@ static void reset_rsvds_bits_mask_ept(struct
>> kvm_vcpu *vcpu,
>> void
>> reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu
>> *context)
>> {
>> + int uses_nx = context->nx || context->base_role.smep_andnot_wp;
>
> It would be better if it is 'bool'
Ok, will do.
Paolo
prev parent reply other threads:[~2016-03-10 10:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-08 11:44 [PATCH 0/2] KVM: MMU: fix ept=0/pte.u=0/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 Paolo Bonzini
2016-03-08 11:44 ` [PATCH 1/2] KVM: MMU: fix ept=0/pte.u=0/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo Paolo Bonzini
2016-03-10 8:27 ` Xiao Guangrong
2016-03-10 10:01 ` Paolo Bonzini
2016-03-10 10:09 ` Paolo Bonzini
2016-03-10 12:14 ` Xiao Guangrong
2016-03-10 12:26 ` Paolo Bonzini
2016-03-10 8:46 ` Xiao Guangrong
2016-03-10 10:03 ` Paolo Bonzini
2016-03-08 11:44 ` [PATCH 2/2] KVM: MMU: fix reserved bit check for pte.u=0/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 Paolo Bonzini
2016-03-10 8:36 ` Xiao Guangrong
2016-03-10 10:02 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56E14647.8040803@redhat.com \
--to=pbonzini@redhat.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.