From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bandan Das <bsd@redhat.com>
Subject: [PATCH v2 0/5] Add support for EPT execute only for nested hypervisors
Date: Tue, 12 Jul 2016 18:18:47 -0400
Message-ID: <1468361932-16580-1-git-send-email-bsd@redhat.com>
Cc: pbonzini@redhat.com, guangrong.xiao@linux.intel.com,
	kernellwp@gmail.com, linux-kernel@vger.kernel.org
To: kvm@vger.kernel.org
Return-path: <linux-kernel-owner@vger.kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org

v1 of this series posted at https://lkml.org/lkml/2016/6/28/7

Changes since v1:
 - 1/5 : modify is_shadow_present_pte to check against 0xffffffff
   Reasoning provided in commit message.
 - 2/5 : Removed 2/5 from v1 since kvm doesn't use execute only.
   3/5 from v1 is now 2/5. Introduce shadow_present_mask that
   signifies whether ept execute only is supported. Add/remove some
   comments as suggested in v1.
 - 3/5 : 4/5 from v1 is now 3/5.
 - 4/5 : update_permission_bitmask now sets u=1 only if host doesn't
   support ept execute only.
 - 5/5 : No change
 
These patches are based on reviews to my RFC
http://www.spinics.net/lists/kvm/msg134440.html

Changes since RFC:
 - Remove shadow_xonly_valid, it's not needed
 - Remove checks from is_shadow_present_pte()
 - In reset_tdp_shadow_zero_bits_mask, pass correct execonly to __reset_rsvds_bits_mask_ept
 - Reuse shadow_user_mask in set_spte()
 - Remove is_present_gpte() and inline the operation at the two call sites

I spoke to Paolo about this a while back and thought to post this as
RFC while I am thinking of adding some unit tests.

Background: ESX refuses to run as L1 if support for EPT execute only isn't
found. I am not really sure if it uses it for anything since just advertising
the bits seems to work but adding the necessary plumbing seemed like a good idea.

Xiao, I took the liberty of adding you based on "git blame" :)

Thanks in advance.

Bandan Das (5):
  mmu: extend the is_present check to 32 bits
  mmu: don't set the present bit unconditionally
  mmu: remove is_present_gpte()
  mmu: change unconditional setting of the u bit in fault bitmap
  vmx: advertise support for ept execute only

 arch/x86/include/asm/kvm_host.h |  2 +-
 arch/x86/kvm/mmu.c              | 26 ++++++++++++++++++--------
 arch/x86/kvm/mmu.h              |  5 -----
 arch/x86/kvm/paging_tmpl.h      | 10 ++++++++--
 arch/x86/kvm/vmx.c              | 10 ++++++++--
 arch/x86/kvm/x86.c              |  6 +++---
 6 files changed, 38 insertions(+), 21 deletions(-)

-- 
2.5.5