Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3629866iob; Tue, 17 May 2022 04:20:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxyVzb/peoqk1NXg5yrggABSDQ6wmoVf1KFkIMzy2mrfQi9/v8zTG/gY2B59oT7JfDyzuhW X-Received: by 2002:a05:6a00:2403:b0:4fd:e84a:4563 with SMTP id z3-20020a056a00240300b004fde84a4563mr22302998pfh.60.1652786445831; Tue, 17 May 2022 04:20:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652786445; cv=none; d=google.com; s=arc-20160816; b=jLrA3Rq8JwOfGaLD0fGOFaH8y+qgqHt4tQyiBZa/jcOSzMue/o9WRT75le+pC5rvvQ jTkqVM8Uv35T9hdjp97m5Al+hU5qX6nypSILjAK3D200/f1PShXp5dpkwvUoABSUcfC/ QnaVUXu7JqLKlG+QpsdO8jRf8/QUZCxl2zNcFS/NPaAFmti3UZmU5tiCyznW7yGuHNwQ DyPopsa6UeV6HXcG6uJBS43uuO2yeN4E4pK5BFEYi8I0AyrACCV8E3p5kvUzyIJexM8m jGI07oHxJNE1lks2XONBhAo400N6UxyqmlARaK1AIOOX/kUgHLJ85ibtqLIBUlxovsnc zvtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=03UU3dtb/aAVI5OTh+Y/mwCGeJsGO4jPPM5PKj+jLd0=; b=FIRF8AhVuqW12UW8UbnT15rxjBSMnCWd1FAnxdl0ThCfL0r521U35Zky7Aio+a+W2S zawvbSh6KU3ZluagJUoHqpfvEt6IZYZy2G47GYi6Zx6L65Gv/oYXWVyUqEmlrEjifBal llcB7kjYRlHznr4OZqtN4mptFV2tvYP6fNIZuzQmOFCCSSU2aFqRmRqm6UVV89sAwYIM 13CfJCqtH92qK/RLB/hJpBDz8LSfw0+UrjcBsJXoKTo8+fdnhEGWY9Cq8yhhlC/6prfK Gxj1OgY9uOv4s/DRN6VbfY+KE1IaRyAQMfS27I87YiWPfmwnZQYPhf3iEyC+63+p/okK Ld+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rb8Bqc1I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o2-20020a170903300200b0015ed1a33028si6201592pla.495.2022.05.17.04.20.32; Tue, 17 May 2022 04:20:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rb8Bqc1I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349655AbiEPWWs (ORCPT + 99 others); Mon, 16 May 2022 18:22:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33222 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231352AbiEPWWp (ORCPT ); Mon, 16 May 2022 18:22:45 -0400 Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1ADE1A39E for ; Mon, 16 May 2022 15:22:44 -0700 (PDT) Received: by mail-lf1-x129.google.com with SMTP id c24so18747681lfv.11 for ; Mon, 16 May 2022 15:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=03UU3dtb/aAVI5OTh+Y/mwCGeJsGO4jPPM5PKj+jLd0=; b=rb8Bqc1IyRn8dSyx6QQ9Osrf/hemhX6w8rbznkJTIRfCLQ2uh8G4YEHlHYc0JO8W32 +WwfRWVHjgmxz0RzD8E1l5Fd7ZTjIZb91osaefyGs8L8B5+ZlW0tE6X2H3RKnGW+zifk Ji5Yv2gf07NHQPltz0+JhWdd8c25LWuR7avEuGHZEiL8DnOPaVGbKkpEWr5NVs/ZNIJ/ hJ6qi2TZvAxReUe2f9e+kk0uNubUswgxa0p5M93KTIBMZXB/ca9JTOqakFt5ob57Wz12 HboGS2/hxnTS3eq8D9O7ZEqlKhPalwZjpIraQ6Tesy7Fvfpzhim83cE1EkpQP+clSyJd 6KxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=03UU3dtb/aAVI5OTh+Y/mwCGeJsGO4jPPM5PKj+jLd0=; b=byME8o6dL8SFdC5mzyq0moy8fZXGZjQOjMHVO0JoLK3Pw/tI8+R9WLZqD6aAy5Iyku nkxtH1NZXVeR+ZXACReVcNqHJTCLwdRpvfYaXmcLY+Rm9jCxouRANcBgrSnoUTmjPTwX PjDOn3aO0hozhu5SRzA9/5EdU1DrSZGv3NfsE03Y/OPPEpt2CZxKFiOdPX/GwMJfePYs YjJ0sdkHik1DZNE+UhmUVFBYMJkIZM8veA5zDxu1T8HZz41Oa3jlGPq7Lpg1UTQsS3Fb ayaH6oAMcwGPDWxV+z8KKmeLwJYN0i+8iZw6iRjkfYbfRmP9AV0U6dgYWpCrV3CB24eg eFJw== X-Gm-Message-State: AOAM532krsljKTIZfBqmO7BYITp6HQI/7WSdHZ1ueMyViefzsls81X+x rsexXMZ/LDRXA8lO6OQnQCmwkN0FGlaS/pj1kk6A6w== X-Received: by 2002:a19:8c1a:0:b0:472:315:48db with SMTP id o26-20020a198c1a000000b00472031548dbmr14366639lfd.235.1652739762737; Mon, 16 May 2022 15:22:42 -0700 (PDT) MIME-Version: 1.0 References: <20220513195000.99371-1-seanjc@google.com> <20220513195000.99371-2-seanjc@google.com> In-Reply-To: From: David Matlack Date: Mon, 16 May 2022 15:22:16 -0700 Message-ID: Subject: Re: [PATCH 1/2] KVM: x86/mmu: Drop RWX=0 SPTEs during ept_sync_page() To: Sean Christopherson Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm list , LKML , Ben Gardon Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 13, 2022 at 5:56 PM Sean Christopherson wrote: > > On Fri, May 13, 2022, David Matlack wrote: > > On Fri, May 13, 2022 at 12:50 PM Sean Christopherson wrote: > > > > > > Drop SPTEs whose new protections will yield a RWX=0 SPTE, i.e. a SPTE > > > that is marked shadow-present but is not-present in the page tables. If > > > EPT with execute-only support is in use by L1, KVM can create a RWX=0 > > > SPTE can be created for an EPTE if the upper level combined permissions > > > are R (or RW) and the leaf EPTE is changed from R (or RW) to X. > > > > For some reason I found this sentence hard to read. > > Heh, probably because "KVM can create a RWX=0 SPTE can be created" is nonsensical. > I botched a late edit to the changelog... > > > What about this: > > > > When shadowing EPT and NX HugePages is enabled, if the guest changes > > This doesn' thave anything to do with NX HugePages, it's an execute-only specific > bug where L1 can create a gPTE that is !READABLE but is considered PRESENT because > it is EXECUTABLE. If the upper level protections are R or RW, the resulting > protections for the entire translation are RWX=0. All of sync_page()'s existing > checks filter out only !PRESENT gPTE, because without execute-only, all upper > levels are guaranteed to be at least READABLE. I see what you mean, thanks. And I also recall now you mentioned (off-list) that the NX HugePage scenario isn't possible because KVM does not let huge pages go unsync.