From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: [PATCH] KVM: MMU: Segregate shadow pages with different cr0.wp
Date: Thu, 13 May 2010 19:31:28 -0300
Message-ID: <20100513223128.GC27620@amt.cnet>
References: <1273654098-1543-1-git-send-email-avi@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org, Sheng Yang <sheng@linux.intel.com>
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:11207 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1758981Ab0ENStV (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 14 May 2010 14:49:21 -0400
Content-Disposition: inline
In-Reply-To: <1273654098-1543-1-git-send-email-avi@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Wed, May 12, 2010 at 11:48:18AM +0300, Avi Kivity wrote:
> When cr0.wp=0, we may shadow a gpte having u/s=1 and r/w=0 with an spte
> having u/s=0 and r/w=1.  This allows excessive access if the guest sets
> cr0.wp=1 and accesses through this spte.
> 
> Fix by making cr0.wp part of the base role; we'll have different sptes for
> the two cases and the problem disappears.
> 
> Signed-off-by: Avi Kivity <avi@redhat.com>
> ---
>  Documentation/kvm/mmu.txt       |    2 ++
>  arch/x86/include/asm/kvm_host.h |    1 +
>  arch/x86/kvm/mmu.c              |    3 ++-
>  3 files changed, 5 insertions(+), 1 deletions(-)

Applied, thanks.