• Sean Christopherson's avatar
    KVM: x86/mmu: Properly account NX huge page workaround for nonpaging MMUs · b5b0977f
    Sean Christopherson authored
    Account and track NX huge pages for nonpaging MMUs so that a future
    enhancement to precisely check if a shadow page can't be replaced by a NX
    huge page doesn't get false positives.  Without correct tracking, KVM can
    get stuck in a loop if an instruction is fetching and writing data on the
    same huge page, e.g. KVM installs a small executable page on the fetch
    fault, replaces it with an NX huge page on the write fault, and faults
    again on the fetch.
    
    Alternatively, and perhaps ideally, KVM would simply not enforce the
    workaround for nonpaging MMUs.  The guest has no page tables to abuse
    and KVM is guaranteed to switch to a different MMU on CR0.PG being
    toggled so there's no security or performance concerns.  However, getting
    make_spte() to play nice now and in the future is unnecessarily complex.
    
    In the current code base, make_spte() can enforce the mitigation if TDP
    is enabled or the MMU is indirect, but make_spte() may not always have a
    vCPU/MMU to work with, e.g. if KVM were to support in-line huge page
    promotion when disabling dirty logging.
    
    Without a vCPU/MMU, KVM could either pass in the correct information
    and/or derive it from the shadow page, but the former is ugly and the
    latter subtly non-trivial due to the possibility of direct shadow pages
    in indirect MMUs.  Given that using shadow paging with an unpaged guest
    is far from top priority _and_ has been subjected to the workaround since
    its inception, keep it simple and just fix the accounting glitch.
    Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
    Reviewed-by: default avatarDavid Matlack <dmatlack@google.com>
    Reviewed-by: default avatarMingwei Zhang <mizhang@google.com>
    Message-Id: <20221019165618.927057-4-seanjc@google.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    b5b0977f
spte.c 15.6 KB