From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: [patch 2/5] KVM: MMU: allow pinning spte translations (TDP-only)
Date: Wed, 9 Jul 2014 10:25:50 -0300
Message-ID: <20140709132550.GB14106@amt.cnet>
References: <20140618231203.846608908@amt.cnet>
 <20140618231521.569025131@amt.cnet>
 <53A298C2.4040005@gmail.com>
 <20140619182627.GA32410@amt.cnet>
 <53A6DB9C.7040107@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org, ak@linux.intel.com, pbonzini@redhat.com,
	xiaoguangrong@linux.vnet.ibm.com, gleb@kernel.org
To: Avi Kivity <avi.kivity@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:21554 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755858AbaGIN0R (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 9 Jul 2014 09:26:17 -0400
Content-Disposition: inline
In-Reply-To: <53A6DB9C.7040107@gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Sun, Jun 22, 2014 at 04:35:24PM +0300, Avi Kivity wrote:
> >>>+ * Failure to instantiate pages will abort guest entry.
> >>>+ *
> >>>+ * Page frames should be pinned with get_page in advance.
> >>>+ *
> >>>+ * Pinning is not guaranteed while executing as L2 guest.
> >>Does this undermine security?
> >PEBS writes should not be enabled when L2 guest is executing.
> 
> What prevents L1 for setting up PEBS MSRs for L2?

L2 should set up PEBS MSR, not L1 setup MSRs for L2.

In case L2 sets up PEBS, L1->L2 switch should pin pages 
as well. 

But since PEBS is not supported for L2 ATM, i'll keep the code
as is so it can be fixed later.