Patchwork [v2,1/2] KVM: nVMX: Do not inherit quadrant and invalid for the root shadow EPT

login
register
mail settings
Submitter Christopherson, Sean J
Date March 13, 2019, 11:37 p.m.
Message ID <20190313233746.19270-2-sean.j.christopherson@intel.com>
Download mbox | patch
Permalink /patch/748479/
State New
Headers show

Comments

Christopherson, Sean J - March 13, 2019, 11:37 p.m.
Explicitly zero out quadrant and invalid instead of inheriting them from
the root_mmu.  Functionally, this patch is a nop as we (should) never
set quadrant for a direct mapped (EPT) root_mmu and nested EPT is only
allowed if EPT is used for L1, and the root_mmu will never be invalid at
this point.

Explicitly setting flags sets the stage for repurposing the legacy
paging bits in role, e.g. nxe, cr0_wp, and sm{a,e}p_andnot_wp, at which
point 'smm' would be the only flag to be inherited from root_mmu.

Tested-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/kvm/mmu.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
Vitaly Kuznetsov - March 14, 2019, 10:20 a.m.
Sean Christopherson <sean.j.christopherson@intel.com> writes:

> Explicitly zero out quadrant and invalid instead of inheriting them from
> the root_mmu.  Functionally, this patch is a nop as we (should) never
> set quadrant for a direct mapped (EPT) root_mmu and nested EPT is only
> allowed if EPT is used for L1, and the root_mmu will never be invalid at
> this point.
>
> Explicitly setting flags sets the stage for repurposing the legacy
> paging bits in role, e.g. nxe, cr0_wp, and sm{a,e}p_andnot_wp, at which
> point 'smm' would be the only flag to be inherited from root_mmu.
>
> Tested-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>

Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>

> ---
>  arch/x86/kvm/mmu.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index e55cebbe7918..71098f2ae870 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -4917,11 +4917,15 @@ static union kvm_mmu_role
>  kvm_calc_shadow_ept_root_page_role(struct kvm_vcpu *vcpu, bool accessed_dirty,
>  				   bool execonly)
>  {
> -	union kvm_mmu_role role;
> +	union kvm_mmu_role role = {0};
> +	union kvm_mmu_page_role root_base = vcpu->arch.root_mmu.mmu_role.base;
>  
> -	/* Base role is inherited from root_mmu */
> -	role.base.word = vcpu->arch.root_mmu.mmu_role.base.word;
> -	role.ext = kvm_calc_mmu_role_ext(vcpu);
> +	/* Legacy paging and SMM flags are inherited from root_mmu */
> +	role.base.smm = root_base.smm;
> +	role.base.nxe = root_base.nxe;
> +	role.base.cr0_wp = root_base.cr0_wp;
> +	role.base.smep_andnot_wp = root_base.smep_andnot_wp;
> +	role.base.smap_andnot_wp = root_base.smap_andnot_wp;
>  
>  	role.base.level = PT64_ROOT_4LEVEL;
>  	role.base.direct = false;
> @@ -4929,6 +4933,7 @@ kvm_calc_shadow_ept_root_page_role(struct kvm_vcpu *vcpu, bool accessed_dirty,
>  	role.base.guest_mode = true;
>  	role.base.access = ACC_ALL;
>  
> +	role.ext = kvm_calc_mmu_role_ext(vcpu);
>  	role.ext.execonly = execonly;
>  
>  	return role;

Patch

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index e55cebbe7918..71098f2ae870 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -4917,11 +4917,15 @@  static union kvm_mmu_role
 kvm_calc_shadow_ept_root_page_role(struct kvm_vcpu *vcpu, bool accessed_dirty,
 				   bool execonly)
 {
-	union kvm_mmu_role role;
+	union kvm_mmu_role role = {0};
+	union kvm_mmu_page_role root_base = vcpu->arch.root_mmu.mmu_role.base;
 
-	/* Base role is inherited from root_mmu */
-	role.base.word = vcpu->arch.root_mmu.mmu_role.base.word;
-	role.ext = kvm_calc_mmu_role_ext(vcpu);
+	/* Legacy paging and SMM flags are inherited from root_mmu */
+	role.base.smm = root_base.smm;
+	role.base.nxe = root_base.nxe;
+	role.base.cr0_wp = root_base.cr0_wp;
+	role.base.smep_andnot_wp = root_base.smep_andnot_wp;
+	role.base.smap_andnot_wp = root_base.smap_andnot_wp;
 
 	role.base.level = PT64_ROOT_4LEVEL;
 	role.base.direct = false;
@@ -4929,6 +4933,7 @@  kvm_calc_shadow_ept_root_page_role(struct kvm_vcpu *vcpu, bool accessed_dirty,
 	role.base.guest_mode = true;
 	role.base.access = ACC_ALL;
 
+	role.ext = kvm_calc_mmu_role_ext(vcpu);
 	role.ext.execonly = execonly;
 
 	return role;