From: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
To: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>,
LKML <linux-kernel@vger.kernel.org>, KVM <kvm@vger.kernel.org>
Subject: Re: [PATCH v2 1/5] KVM: MMU: move adjusting pte access for softmmu to FNAME(page_fault)
Date: Thu, 13 Dec 2012 02:53:33 +0800 [thread overview]
Message-ID: <50C8D2AD.4030707@linux.vnet.ibm.com> (raw)
In-Reply-To: <20121211234751.GB14520@amt.cnet>
On 12/12/2012 07:47 AM, Marcelo Tosatti wrote:
>> + if (write_fault && !(walker.pte_access & ACC_WRITE_MASK) &&
>> + !is_write_protection(vcpu) && !user_fault) {
>> + walker.pte_access |= ACC_WRITE_MASK;
>> + walker.pte_access &= ~ACC_USER_MASK;
>> +
>> + /*
>> + * If we converted a user page to a kernel page,
>> + * so that the kernel can write to it when cr0.wp=0,
>> + * then we should prevent the kernel from executing it
>> + * if SMEP is enabled.
>> + */
>> + if (kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))
>> + walker.pte_access &= ~ACC_EXEC_MASK;
>> + }
>
> Don't think you should modify walker.pte_access here, since it can be
> used afterwards (eg for handle_abnormal_pfn).
Yes, you're right. It will cache !U+W instead of U+!W into mmio spte.
It causes the mmio access from userspace always fail. I will recheck it
carefully.
Hmm, the current code seems buggy if CR0.WP = 0. Say if two mappings
map to the same gfn, both of them use large page and small page size
is used on kvm. If guest write fault on the first mapping, kvm will
create a writable spte(!U + W) in the readonly sp
(sp.role.access = readonly). Then, read fault on the second mapping,
it will establish shadow page table by using the readonly sp which is
created by first mapping, so the second mapping has writable spte
even if Dirty bit in the second mapping is not set.
>
> BTW, your patch is fixing a bug:
>
> host_writable is ignored for CR0.WP emulation:
>
> if (host_writable)
> spte |= SPTE_HOST_WRITEABLE;
> else
> pte_access &= ~ACC_WRITE_MASK;
>
> spte |= (u64)pfn << PAGE_SHIFT;
>
> if ((pte_access & ACC_WRITE_MASK)
> || (!vcpu->arch.mmu.direct_map && write_fault
> && !is_write_protection(vcpu) && !user_fault)) {
I noticed it too but it is not a bug, because the access is adjusted only
if it is a write fault. For the write #PF, the pfn is always writeable on
host.
next prev parent reply other threads:[~2012-12-12 18:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-10 9:11 [PATCH v2 0/5] KVM: x86: improve reexecute_instruction Xiao Guangrong
2012-12-10 9:12 ` [PATCH v2 1/5] KVM: MMU: move adjusting pte access for softmmu to FNAME(page_fault) Xiao Guangrong
2012-12-11 23:47 ` Marcelo Tosatti
2012-12-12 18:53 ` Xiao Guangrong [this message]
2012-12-10 9:13 ` [PATCH v2 2/5] KVM: MMU: adjust page size early if gfn used as page table Xiao Guangrong
2012-12-12 0:57 ` Marcelo Tosatti
2012-12-12 19:23 ` Xiao Guangrong
2012-12-13 22:37 ` Marcelo Tosatti
2012-12-10 9:13 ` [PATCH v2 3/5] KVM: x86: clean up reexecute_instruction Xiao Guangrong
2012-12-10 9:14 ` [PATCH v2 4/5] KVM: x86: let reexecute_instruction work for tdp Xiao Guangrong
2012-12-10 9:14 ` [PATCH v2 5/5] KVM: x86: improve reexecute_instruction Xiao Guangrong
2012-12-12 1:09 ` Marcelo Tosatti
2012-12-12 19:29 ` Xiao Guangrong
2012-12-13 23:02 ` Marcelo Tosatti
2012-12-14 3:40 ` Xiao Guangrong
2012-12-11 23:36 ` [PATCH v2 0/5] " Marcelo Tosatti
2012-12-12 20:05 ` Xiao Guangrong
2012-12-13 22:54 ` Marcelo Tosatti
2012-12-14 4:50 ` Xiao Guangrong
2012-12-15 1:05 ` Marcelo Tosatti
2012-12-23 11:46 ` Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50C8D2AD.4030707@linux.vnet.ibm.com \
--to=xiaoguangrong@linux.vnet.ibm.com \
--cc=gleb@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).