Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933341AbdCaQYj (ORCPT ); Fri, 31 Mar 2017 12:24:39 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35534 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933106AbdCaQYi (ORCPT ); Fri, 31 Mar 2017 12:24:38 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 1EEEE85376 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=rkrcmar@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 1EEEE85376 Date: Fri, 31 Mar 2017 18:24:32 +0200 From: Radim =?utf-8?B?S3LEjW3DocWZ?= To: Paolo Bonzini Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, david@redhat.com Subject: Re: [PATCH 4/6] kvm: nVMX: support EPT accessed/dirty bits Message-ID: <20170331162431.GF6019@potion> References: <1490867732-16743-1-git-send-email-pbonzini@redhat.com> <1490867732-16743-5-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1490867732-16743-5-git-send-email-pbonzini@redhat.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 31 Mar 2017 16:24:37 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2446 Lines: 56 2017-03-30 11:55+0200, Paolo Bonzini: > Now use bit 6 of EPTP to optionally enable A/D bits for EPTP. Another > thing to change is that, when EPT accessed and dirty bits are not in use, > VMX treats accesses to guest paging structures as data reads. When they > are in use (bit 6 of EPTP is set), they are treated as writes and the > corresponding EPT dirty bit is set. The MMU didn't know this detail, > so this patch adds it. > > We also have to fix up the exit qualification. It may be wrong because > KVM sets bit 6 but the guest might not. > > L1 emulates EPT A/D bits using write permissions, so in principle it may > be possible for EPT A/D bits to be used by L1 even though not available > in hardware. The problem is that guest page-table walks will be treated > as reads rather than writes, so they would not cause an EPT violation. > > Signed-off-by: Paolo Bonzini > --- > diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h > @@ -319,6 +310,14 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker, > ASSERT(!(is_long_mode(vcpu) && !is_pae(vcpu))); > > accessed_dirty = have_ad ? PT_GUEST_ACCESSED_MASK : 0; > + > + /* > + * FIXME: on Intel processors, loads of the PDPTE registers for PAE paging > + * by the MOV to CR instruction are treated as reads and do not cause the > + * processor to set the dirty flag in tany EPT paging-structure entry. ^ typo > + */ > + nested_access = (have_ad ? PFERR_WRITE_MASK : 0) | PFERR_USER_MASK; > + This special case should be fairly safe if I understand the consequences correctly, Reviewed-by: Radim Krčmář > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > @@ -6211,6 +6213,18 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu) > + if (is_guest_mode(vcpu) > + && !(exit_qualification & EPT_VIOLATION_GVA_TRANSLATED)) { > + /* > + * Fix up exit_qualification according to whether guest > + * page table accesses are reads or writes. > + */ > + u64 eptp = nested_ept_get_cr3(vcpu); > + exit_qualification &= ~EPT_VIOLATION_ACC_WRITE; > + if (eptp & VMX_EPT_AD_ENABLE_BIT) > + exit_qualification |= EPT_VIOLATION_ACC_WRITE; I think this would be better without unconditional clearing if (!(eptp & VMX_EPT_AD_ENABLE_BIT)) exit_qualification &= ~EPT_VIOLATION_ACC_WRITE;