Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp103839ybp; Thu, 10 Oct 2019 14:44:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqyKPi39Jp8LlennyZgQ3cOwIZvsoZpKcL1KeG0tQ190YxFaX8FDQHjoAM96xiqBeM3u+1jK X-Received: by 2002:aa7:d045:: with SMTP id n5mr10339876edo.24.1570743877797; Thu, 10 Oct 2019 14:44:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570743877; cv=none; d=google.com; s=arc-20160816; b=ppcemJ7T9obU29mnIXcFMzU+hhPyAjNbJ7jJx78vySmfE/x1WV2PpFMxsFp7IpB9pw rhCcn6tL0sHhl1V2/7/b1CCLaNQGTLPiHY2SVRPcicuKXQlb5XucsR6H+mhMAdSx8GIv SjjHFz8zr/KSgXNer72hCZl4v7Sr9+QCYEULZ37aUmfuRqimFKdXOSGCTDJgzcJpLzpA hBJnpwvEgGrc2iBMOypJxYX8KG8TuhprNVu4g3vRYjKQnUjqcYMsPIOHzm53fzu/OZrw 3WLAnWiXvMRK1zBnnQRWSkWvBXxUkgohqQ0sqlkSBq3HvN28pbHDioHIFrCVPw4EXlKh mU7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=cgBbezehA3ikP9oZRce9D/NdIFW9A/2nwCHvWz1qbio=; b=Rqa6VQxZDvvEzrkidgRcCx9U5Oz7yRmDA8IMURBw0r5qt7dkw6xsNNgNLHvbB7WEmX prUEpQhu2oUIvkIT4rVLZGkSAvrqi0jVU8nEBt6nrqFlmyj2JfCcMEw7G2XQbGChKBCf yN2OVpL7+8TuSD4Yxtcb/27XnkThI4iNeEXW1HyU5tvnFmhXNAigtK9smurSqwzeV3cH rXyMLl9V/8aUcPBZBBuQa95P63PA/1EQxlxNLMYTvMjyuM6PKDlxSY8ADzAJWtSnIxV0 tPJ8DfeO+5x/PFqLQ1glaVNdxC1qm+5PRmoy8LDYsbDz/R0jl16n9Sa64NvXr1hZNVcL FXcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PXWibDix; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id sd13si3839086ejb.256.2019.10.10.14.44.13; Thu, 10 Oct 2019 14:44:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PXWibDix; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727419AbfJJVnD (ORCPT + 99 others); Thu, 10 Oct 2019 17:43:03 -0400 Received: from mail-io1-f67.google.com ([209.85.166.67]:34568 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726983AbfJJVnD (ORCPT ); Thu, 10 Oct 2019 17:43:03 -0400 Received: by mail-io1-f67.google.com with SMTP id q1so17190096ion.1 for ; Thu, 10 Oct 2019 14:43:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=cgBbezehA3ikP9oZRce9D/NdIFW9A/2nwCHvWz1qbio=; b=PXWibDixpgKJCby0TQFLHsZui075Akm20g2TmZP0MeUZu3m3TF2pxyJ6S0YjeAMB9k BNLlTLTKCcnK4fLg9rTzwLxxAE8f37HmurDGiwgHD846Eire0Z+6V97ptIkKb/Pw4WZQ JMSVx2LWoEFLhcZvxaggKnTPoNhmm0x/mCblauI4fbockAsXT2GtwizjO/RPdB2iPzPS KoZHu81rUu/NoB97BqerCDfp1ZwOIMHhsBzYxM9zAkAV+QumBorRWlW1Ui1MYMHgBs/t nAw0lKVjeuQqcj4TsSy+XCp6RuzzXuEk81yruvFRraHNrYc2NHN3gVLwcB8XqkwJAEMe fjVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cgBbezehA3ikP9oZRce9D/NdIFW9A/2nwCHvWz1qbio=; b=p1BK5R1AqmG9W3pe1lsYvg2JrvVPn7ei7TrQ9DvNtky8AlzXiLVkPH0Hm4Mebv+cm+ aU+RahSCQrY2haD7PLdbb4pEEVv4jKtb5+ZGixbXy2XYpFe4hQvcZpi4xdgm8J2acWYC XlaIqvv4JnTBcq/fBF7DbAOnxR9iaFIQYMi6B7sbxXOuZVLrXqCve7REXh/OcERgbHJd bpr5Hffq5aKEIqdyiAKYQ67gisPQ7mq+01GYECvglOLiO+rUm05ohkLCH1bSnIrzWXur p4aMlZsMLM2BEzJ1aMmZjyEF555Pur+ALlnnQPmOg9Z/VdKABWem+IjcaqHX8Mnd1lqp ZHYQ== X-Gm-Message-State: APjAAAVVsCTn5su9ZFcIO0qZ5Qb4ybrcverDBC3IAp87kDufhA8MOzi4 gRh1Zt47DslCdo0UWkXU8AQZNm99t/xEeE7BhqI6eg== X-Received: by 2002:a5d:9057:: with SMTP id v23mr1741177ioq.119.1570743782188; Thu, 10 Oct 2019 14:43:02 -0700 (PDT) MIME-Version: 1.0 References: <20190917085304.16987-1-weijiang.yang@intel.com> In-Reply-To: <20190917085304.16987-1-weijiang.yang@intel.com> From: Jim Mattson Date: Thu, 10 Oct 2019 14:42:51 -0700 Message-ID: Subject: Re: [PATCH v5 0/9] Enable Sub-page Write Protection Support To: Yang Weijiang Cc: kvm list , LKML , Paolo Bonzini , Sean Christopherson , "Michael S. Tsirkin" , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , yu.c.zhang@intel.com, alazar@bitdefender.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 17, 2019 at 1:52 AM Yang Weijiang wrote: > > EPT-Based Sub-Page write Protection(SPP)is a HW capability which allows > Virtual Machine Monitor(VMM) to specify write-permission for guest > physical memory at a sub-page(128 byte) granularity. When this > capability is enabled, the CPU enforces write-access check for sub-pages > within a 4KB page. > > The feature is targeted to provide fine-grained memory protection for > usages such as device virtualization, memory check-point and VM > introspection etc. > > SPP is active when the "sub-page write protection" (bit 23) is 1 in > Secondary VM-Execution Controls. The feature is backed with a Sub-Page > Permission Table(SPPT), SPPT is referenced via a 64-bit control field > called Sub-Page Permission Table Pointer (SPPTP) which contains a > 4K-aligned physical address. > > To enable SPP for certain physical page, the gfn should be first mapped > to a 4KB entry, then set bit 61 of the corresponding EPT leaf entry. > While HW walks EPT, if bit 61 is set, it traverses SPPT with the guset > physical address to find out the sub-page permissions at the leaf entry. > If the corresponding bit is set, write to sub-page is permitted, > otherwise, SPP induced EPT violation is generated. How do you handle sub-page permissions for instructions emulated by kvm?