From: "Huang, Kai" <kai.huang@intel.com>
To: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: "amit.shah@amd.com" <amit.shah@amd.com>,
"Kohler, Jon" <jon@nutanix.com>,
"seanjc@google.com" <seanjc@google.com>,
"mtosatti@redhat.com" <mtosatti@redhat.com>,
"nikunj@amd.com" <nikunj@amd.com>
Subject: Re: [PATCH 10/22] KVM: x86/mmu: split XS/XU bits for MBEC
Date: Wed, 25 Mar 2026 04:28:20 +0000 [thread overview]
Message-ID: <ac26eeac658af6d9bf87c93cd09c3d0dabbb41f1.camel@intel.com> (raw)
In-Reply-To: <fb159f31-4cf2-4d6e-aee3-97ad68200824@redhat.com>
On Tue, 2026-03-24 at 12:24 +0100, Paolo Bonzini wrote:
> On 3/24/26 11:45, Huang, Kai wrote:
> > On Sat, 2026-03-21 at 01:09 +0100, Paolo Bonzini wrote:
> > > When EPT is in use, replace ACC_USER_MASK with ACC_USER_EXEC_MASK,
> > > so that supervisor and user-mode execution can be controlled
> > > independently (ACC_USER_MASK would not allow a setting similar to
> > > XU=0 XS=1 W=1 R=1).
> > >
> > > Replace shadow_x_mask with shadow_xs_mask/shadow_xu_mask, to allow
> > > setting XS and XU bits separately in EPT entries.
> > >
> > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > > ---
> > > arch/x86/include/asm/vmx.h | 1 +
> > > arch/x86/kvm/mmu/mmu.c | 15 ++++++++---
> > > arch/x86/kvm/mmu/mmutrace.h | 6 ++---
> > > arch/x86/kvm/mmu/paging_tmpl.h | 4 +++
> > > arch/x86/kvm/mmu/spte.c | 47 ++++++++++++++++++++++------------
> > > arch/x86/kvm/mmu/spte.h | 8 +++---
> > > 6 files changed, 55 insertions(+), 26 deletions(-)
> > >
> > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> > > index 4a0804cc7c82..0041f8a77447 100644
> > > --- a/arch/x86/include/asm/vmx.h
> > > +++ b/arch/x86/include/asm/vmx.h
> > > @@ -538,6 +538,7 @@ enum vmcs_field {
> > > #define VMX_EPT_IPAT_BIT (1ull << 6)
> > > #define VMX_EPT_ACCESS_BIT (1ull << 8)
> > > #define VMX_EPT_DIRTY_BIT (1ull << 9)
> > > +#define VMX_EPT_USER_EXECUTABLE_MASK (1ull << 10)
> > > #define VMX_EPT_SUPPRESS_VE_BIT (1ull << 63)
> > > #define VMX_EPT_RWX_MASK (VMX_EPT_READABLE_MASK | \
> > > VMX_EPT_WRITABLE_MASK | \
> >
> > Should we include VMX_EPT_USER_EXECUTABLE_MASK to VMX_EPT_RWX_MASK?
>
> No, because it is used for many cases to refer to bits 0-2, for example:
>
> #define EPT_VIOLATION_RWX_TO_PROT(__epte)
> (((__epte) & VMX_EPT_RWX_MASK) << 3)
>
> Bit 10 is handled separately because it's not contiguous and has a
> different mapping to the exit qualification (to bit 6 instead of bit 13).
OK. It's a bit unfortunate but we can always explicitly get
EPT_VIOLATION_PROT_USER_EXEC from the VMX_EPT_USER_EXECUTABLE_MASK.
>
> (However, there is a bug later in the series where shadow_acc_track_mask
> needs to have VMX_EPT_USER_EXECUTABLE_MASK in it).
Right we need to track the XU bit too.
>
> >
> > [...]
> >
> > > @@ -496,7 +507,8 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits)
> > > shadow_accessed_mask = VMX_EPT_ACCESS_BIT;
> > > shadow_dirty_mask = VMX_EPT_DIRTY_BIT;
> > > shadow_nx_mask = 0ull;
> > > - shadow_x_mask = VMX_EPT_EXECUTABLE_MASK;
> > > + shadow_xs_mask = VMX_EPT_EXECUTABLE_MASK;
> > > + shadow_xu_mask = VMX_EPT_EXECUTABLE_MASK;
> >
> > Shouldn't 'shadow_xu_mask' be VMX_EPT_USER_EXECUTABLE_MASK?
>
> Not yet, because shadow_xu_mask is used to set executable permissions as
> well. I suppose you could make it 0 when MBEC is disabled instead of
> VMX_EPT_EXECUTABLE_MASK, but it can only be VMX_EPT_USER_EXECUTABLE_MASK
> when MBEC is enabled.
I see. It's changed to the right value in a later patch which actually
turns on MBEC.
>
> >
> >
> > Btw, with MBEC it's a bit weird to me that we continue to just use
> > 110 (R=0,W=1,X=1) to trigger EPT misconfig for MMIO caching:
> >
> > /*
> > * EPT Misconfigurations are generated if the value of bits 2:0
> > * of an EPT paging-structure entry is 110b (write/execute).
> > */
> > kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE,
> > VMX_EPT_RWX_MASK | VMX_EPT_SUPPRESS_VE_BIT,
> > 0);
> >
> > Per SDM, R=0 and W=1 is always guaranteed to trigger EPT misconfig (see
> > 30.3.3.1 EPT Misconfigurations). Maybe we can just use that for MMIO
> > caching?
> >
> > We can then remove both X and XU bit from mmio_mask too.
>
> Maybe but is it worth it? (Based on this we could keep bit 10 in
> MMIO_SPTE_GEN_LOW_END, after all, because W=1 R=0 would give a
> misconfiguration independent of the value of XU; but again I'm not sure
> it's worth it).
It looks promising to me since we can have a slightly clearer code (IMHO)
and one more bit for MMIO gen. But no strong opinion :-)
next prev parent reply other threads:[~2026-03-25 4:28 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-21 0:09 [RFC PATCH 00/22] KVM: combined patchset for MBEC/GMET support Paolo Bonzini
2026-03-21 0:09 ` [PATCH 01/22] KVM: TDX/VMX: rework EPT_VIOLATION_EXEC_FOR_RING3_LIN into PROT_MASK Paolo Bonzini
2026-03-23 14:49 ` Jon Kohler
2026-03-25 4:29 ` Huang, Kai
2026-03-21 0:09 ` [PATCH 02/22] KVM: x86/mmu: remove SPTE_PERM_MASK Paolo Bonzini
2026-03-25 4:29 ` Huang, Kai
2026-03-21 0:09 ` [PATCH 03/22] KVM: x86/mmu: adjust MMIO generation bit allocation and allowed mask Paolo Bonzini
2026-03-24 3:48 ` Huang, Kai
2026-03-24 9:11 ` Paolo Bonzini
2026-03-21 0:09 ` [PATCH 04/22] KVM: x86/mmu: shuffle high bits of SPTEs in preparation for MBEC Paolo Bonzini
2026-03-25 4:35 ` Huang, Kai
2026-03-21 0:09 ` [PATCH 05/22] KVM: x86/mmu: remove SPTE_EPT_* Paolo Bonzini
2026-03-25 4:36 ` Huang, Kai
2026-03-21 0:09 ` [PATCH 06/22] KVM: x86/mmu: merge make_spte_{non,}executable Paolo Bonzini
2026-03-23 14:49 ` Jon Kohler
2026-03-21 0:09 ` [PATCH 07/22] KVM: x86/mmu: rename and clarify BYTE_MASK Paolo Bonzini
2026-03-21 0:09 ` [PATCH 08/22] KVM: x86/mmu: introduce ACC_READ_MASK Paolo Bonzini
2026-03-23 14:49 ` Jon Kohler
2026-03-23 14:49 ` Jon Kohler
2026-03-21 0:09 ` [PATCH 09/22] KVM: x86/mmu: separate more EPT/non-EPT permission_fault() Paolo Bonzini
2026-03-21 0:09 ` [PATCH 10/22] KVM: x86/mmu: split XS/XU bits for MBEC Paolo Bonzini
2026-03-24 10:45 ` Huang, Kai
2026-03-24 11:24 ` Paolo Bonzini
2026-03-25 4:28 ` Huang, Kai [this message]
2026-03-21 0:09 ` [PATCH 11/22] KVM: x86/mmu: move cr4_smep to base role Paolo Bonzini
2026-03-21 0:09 ` [PATCH 12/22] KVM: VMX: enable use of MBEC Paolo Bonzini
2026-03-23 14:49 ` Jon Kohler
2026-03-21 0:09 ` [PATCH 13/22] KVM: x86/mmu: add support for nested MBEC Paolo Bonzini
2026-03-23 14:49 ` Jon Kohler
2026-03-21 0:09 ` [PATCH 14/22] KVM: nVMX: advertise MBEC to nested guests Paolo Bonzini
2026-03-23 14:49 ` Jon Kohler
2026-03-21 0:09 ` [PATCH 15/22] KVM: nVMX: allow MBEC with EVMCS Paolo Bonzini
2026-03-21 0:09 ` [PATCH 16/22] KVM: x86/tdp_mmu: propagate access mask from kvm_mmu_page to PTE Paolo Bonzini
2026-03-21 0:09 ` [PATCH 17/22] KVM: x86/mmu: introduce cpu_role bit for availability of PFEC.I/D Paolo Bonzini
2026-03-21 0:09 ` [PATCH 18/22] KVM: SVM: add GMET bit definitions Paolo Bonzini
2026-03-21 11:58 ` Borislav Petkov
2026-03-21 13:51 ` Paolo Bonzini
2026-03-21 15:42 ` Borislav Petkov
2026-03-23 7:53 ` Paolo Bonzini
2026-03-23 12:17 ` Borislav Petkov
2026-03-23 12:22 ` Paolo Bonzini
2026-03-23 12:26 ` Borislav Petkov
2026-03-23 12:19 ` Borislav Petkov
2026-03-23 12:26 ` Borislav Petkov
2026-03-21 0:09 ` [PATCH 19/22] KVM: x86/mmu: add support for NPT GMET Paolo Bonzini
2026-03-21 0:09 ` [PATCH 20/22] KVM: SVM: enable GMET and set it in MMU role Paolo Bonzini
2026-03-25 9:25 ` Nikunj A. Dadhania
2026-03-25 9:29 ` Paolo Bonzini
2026-03-25 9:39 ` Nikunj A. Dadhania
2026-03-25 10:08 ` Paolo Bonzini
2026-03-21 0:09 ` [PATCH 21/22] KVM: SVM: work around errata 1218 Paolo Bonzini
2026-03-21 0:09 ` [PATCH 22/22] KVM: nSVM: enable GMET for guests Paolo Bonzini
2026-03-24 19:57 ` Jon Kohler
2026-03-25 5:22 ` Nikunj A. Dadhania
2026-03-25 12:55 ` Paolo Bonzini
2026-03-21 13:54 ` [RFC PATCH 00/22] KVM: combined patchset for MBEC/GMET support Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac26eeac658af6d9bf87c93cd09c3d0dabbb41f1.camel@intel.com \
--to=kai.huang@intel.com \
--cc=amit.shah@amd.com \
--cc=jon@nutanix.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox