From: Bandan Das <bsd@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, guangrong.xiao@linux.intel.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/5] mmu: don't set the present bit unconditionally
Date: Tue, 28 Jun 2016 13:30:58 -0400 [thread overview]
Message-ID: <jpgh9cdgqzx.fsf@linux.bootlegged.copy> (raw)
In-Reply-To: <60e083e8-596a-5641-fcb9-ede8bce32b58@redhat.com> (Paolo Bonzini's message of "Tue, 28 Jun 2016 10:57:45 +0200")
Paolo Bonzini <pbonzini@redhat.com> writes:
> On 28/06/2016 06:32, Bandan Das wrote:
>> + bool execonly = !(context->guest_rsvd_check.bad_mt_xwr &
>> + (1ull << VMX_EPT_EXECUTABLE_MASK));
>>
>> if (set_mmio_spte(vcpu, sptep, gfn, pfn, pte_access))
>> return 0;
>>
>> - spte = PT_PRESENT_MASK;
>> + if (!execonly)
>> + spte |= PT_PRESENT_MASK;
>
> This needs a comment:
>
> /*
> * There are two cases in which execonly is false: 1) for
> * non-EPT page tables, in which case we need to set the
> * P bit; 2) for EPT page tables where an X-- page table
> * entry is invalid, in which case we need to force the R
> * bit of the page table entry to 1.
> */
I think this should be: 2) for EPT page tables where an X-- page
table entry is invalid and a EPT misconfig is injected to the guest
before we reach here.
> BUILD_BUG_ON(PT_PRESENT_MASK != VMX_EPT_READABLE_MASK);
> if (!execonly)
> spte |= PT_PRESENT_MASK;
>
>
>> if (!speculative)
>> spte |= shadow_accessed_mask;
>>
>> if (enable_ept) {
>> - kvm_mmu_set_mask_ptes(0ull,
>> + kvm_mmu_set_mask_ptes(PT_PRESENT_MASK,
>
> This should be VMX_EPT_READABLE_MASK.
>
>> @@ -2531,6 +2535,7 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
>> else
>> spte |= shadow_nx_mask;
>>
>> + /* In the EPT case, shadow_user_mask is PT_PRESENT_MASK */
>
> I don't think this comment is necessary, but it's better to add one in
> FNAME(gpte_access).
>
> /*
> * In the EPT case, a page table can be executable but not
> * readable (on some processors). Therefore, set_spte does not
> * automatically set bit 0 if execute-only is supported.
> * Instead, since EPT page tables do not have a U bit, we
> * repurpose ACC_USER_MASK to signify readability. Likewise,
> * when EPT is in use shadow_user_mask is set to
> * VMX_EPT_READABLE_MASK.
> */
>
>
> Thanks,
>
> Paolo
>
>> if (pte_access & ACC_USER_MASK)
>> spte |= shadow_user_mask;
>
>
> Paolo
>
>> (enable_ept_ad_bits) ? VMX_EPT_ACCESS_BIT : 0ull,
>> (enable_ept_ad_bits) ? VMX_EPT_DIRTY_BIT : 0ull,
>> 0ull, VMX_EPT_EXECUTABLE_MASK);
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-06-28 17:30 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-28 4:32 [PATCH 0/5] Add support for EPT execute only for nested hypervisors Bandan Das
2016-06-28 4:32 ` [PATCH 1/5] mmu: mark spte present if the x bit is set Bandan Das
2016-06-28 8:44 ` Paolo Bonzini
2016-06-28 17:33 ` Bandan Das
2016-06-28 20:17 ` Paolo Bonzini
2016-06-28 20:37 ` Bandan Das
2016-06-28 20:49 ` Paolo Bonzini
2016-06-28 21:04 ` Bandan Das
2016-06-29 3:01 ` Xiao Guangrong
2016-07-05 3:06 ` Wanpeng Li
2016-07-05 10:50 ` Paolo Bonzini
2016-07-05 11:29 ` Wanpeng Li
2016-06-28 4:32 ` [PATCH 2/5] mmu: pass execonly value when initializing rsvd bits Bandan Das
2016-06-29 3:07 ` Xiao Guangrong
2016-06-28 4:32 ` [PATCH 3/5] mmu: don't set the present bit unconditionally Bandan Das
2016-06-28 8:57 ` Paolo Bonzini
2016-06-28 17:30 ` Bandan Das [this message]
2016-06-28 20:21 ` Paolo Bonzini
2016-07-05 5:50 ` Wanpeng Li
2016-07-05 10:50 ` Paolo Bonzini
2016-06-29 3:17 ` Xiao Guangrong
2016-06-29 8:18 ` Paolo Bonzini
2016-06-30 7:18 ` Xiao Guangrong
2016-06-28 4:32 ` [PATCH 4/5] mmu: remove is_present_gpte() Bandan Das
2016-06-28 4:32 ` [PATCH 5/5] nvmx: advertise support for ept execute only Bandan Das
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jpgh9cdgqzx.fsf@linux.bootlegged.copy \
--to=bsd@redhat.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.