• Bandan Das's avatar
    kvm: mmu: track read permission explicitly for shadow EPT page tables · d95c5568
    Bandan Das authored
    To support execute only mappings on behalf of L1 hypervisors,
    reuse ACC_USER_MASK to signify if the L1 hypervisor has the R bit
    set.
    
    For the nested EPT case, we assumed that the U bit was always set
    since there was no equivalent in EPT page tables.  Strictly
    speaking, this was not necessary because handle_ept_violation
    never set PFERR_USER_MASK in the error code (uf=0 in the
    parlance of update_permission_bitmask).  We now have to set
    both U and UF correctly, respectively in FNAME(gpte_access)
    and in handle_ept_violation.
    
    Also in handle_ept_violation bit 3 of the exit qualification is
    not enough to detect a present PTE; all three bits 3-5 have to
    be checked.
    Signed-off-by: default avatarBandan Das <bsd@redhat.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    d95c5568
vmx.c 319 KB