[PATCH 2/2] kvm, ept: remove the default write bit

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 2/2] kvm, ept: remove the default write bit
@ 2010-06-11 11:30 Lai Jiangshan
  2010-06-11 19:50 ` Marcelo Tosatti
  0 siblings, 1 reply; 3+ messages in thread
From: Lai Jiangshan @ 2010-06-11 11:30 UTC (permalink / raw)
  To: Avi Kivity, Marcelo Tosatti, kvm, LKML

When ept enabled, current code set shadow_base_present_pte
including the write bit, thus all pte entries have
writabe bit, and it means guest os can always
write to any mapped page (even VMM maps RO pages for
the guest.)

We always use get_user_pages(write=1), so this bad code does not
cause any bad result currently.

But it is really bad, so fix it, and we will use RO pages future.

We will set writabe bit when it is really writable (determined by
the parameters of the set_spte())

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
---
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index fdb18cf..c7565ea 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -4365,8 +4365,7 @@ static int __init vmx_init(void)
 
 	if (enable_ept) {
 		bypass_guest_pf = 0;
-		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
-			VMX_EPT_WRITABLE_MASK);
+		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK);
 		kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull,
 				VMX_EPT_EXECUTABLE_MASK);
 		kvm_enable_tdp();

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 2/2] kvm, ept: remove the default write bit
  2010-06-11 11:30 [PATCH 2/2] kvm, ept: remove the default write bit Lai Jiangshan
@ 2010-06-11 19:50 ` Marcelo Tosatti
  2010-06-13  8:09   ` Avi Kivity
  0 siblings, 1 reply; 3+ messages in thread
From: Marcelo Tosatti @ 2010-06-11 19:50 UTC (permalink / raw)
  To: Lai Jiangshan; +Cc: Avi Kivity, kvm, LKML

On Fri, Jun 11, 2010 at 07:30:50PM +0800, Lai Jiangshan wrote:
> When ept enabled, current code set shadow_base_present_pte
> including the write bit, thus all pte entries have
> writabe bit, and it means guest os can always
> write to any mapped page (even VMM maps RO pages for
> the guest.)
> 
> We always use get_user_pages(write=1), so this bad code does not
> cause any bad result currently.
> 
> But it is really bad, so fix it, and we will use RO pages future.
> 
> We will set writabe bit when it is really writable (determined by
> the parameters of the set_spte())
> 
> Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
> ---
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index fdb18cf..c7565ea 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -4365,8 +4365,7 @@ static int __init vmx_init(void)
>  
>  	if (enable_ept) {
>  		bypass_guest_pf = 0;
> -		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
> -			VMX_EPT_WRITABLE_MASK);
> +		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK);
>  		kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull,
>  				VMX_EPT_EXECUTABLE_MASK);
>  		kvm_enable_tdp();

You can remove the call to kvm_mmu_set_base_ptes entirely, because
VMX_EPT_READABLE_MASK == PT_PRESENT_MASK.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 2/2] kvm, ept: remove the default write bit
  2010-06-11 19:50 ` Marcelo Tosatti
@ 2010-06-13  8:09   ` Avi Kivity
  0 siblings, 0 replies; 3+ messages in thread
From: Avi Kivity @ 2010-06-13  8:09 UTC (permalink / raw)
  To: Marcelo Tosatti; +Cc: Lai Jiangshan, kvm, LKML

On 06/11/2010 10:50 PM, Marcelo Tosatti wrote:
> On Fri, Jun 11, 2010 at 07:30:50PM +0800, Lai Jiangshan wrote:
>    
>> When ept enabled, current code set shadow_base_present_pte
>> including the write bit, thus all pte entries have
>> writabe bit, and it means guest os can always
>> write to any mapped page (even VMM maps RO pages for
>> the guest.)
>>
>> We always use get_user_pages(write=1), so this bad code does not
>> cause any bad result currently.
>>
>> But it is really bad, so fix it, and we will use RO pages future.
>>
>> We will set writabe bit when it is really writable (determined by
>> the parameters of the set_spte())
>>
>> Signed-off-by: Lai Jiangshan<laijs@cn.fujitsu.com>
>> ---
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index fdb18cf..c7565ea 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -4365,8 +4365,7 @@ static int __init vmx_init(void)
>>
>>   	if (enable_ept) {
>>   		bypass_guest_pf = 0;
>> -		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
>> -			VMX_EPT_WRITABLE_MASK);
>> +		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK);
>>   		kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull,
>>   				VMX_EPT_EXECUTABLE_MASK);
>>   		kvm_enable_tdp();
>>      
> You can remove the call to kvm_mmu_set_base_ptes entirely, because
> VMX_EPT_READABLE_MASK == PT_PRESENT_MASK.
>    

We can leave that to a later patch which removes kvm_mmu_set_base_ptes() 
entirely.

-- 
error compiling committee.c: too many arguments to function


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-06-13  8:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-11 11:30 [PATCH 2/2] kvm, ept: remove the default write bit Lai Jiangshan
2010-06-11 19:50 ` Marcelo Tosatti
2010-06-13  8:09   ` Avi Kivity

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).