Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a357bd22 authored by Avi Kivity's avatar Avi Kivity
Browse files

KVM: MMU: Add validate_direct_spte() helper 



Add a helper to verify that a direct shadow page is valid wrt the required
access permissions; drop the page if it is not valid.

Reviewed-by: default avatarXiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
parent a3aa51cf

arch/x86/kvm/mmu.c

+23 −0
Original line number Original line Diff line number Diff line
@@ -1500,6 +1500,29 @@ static void drop_large_spte(struct kvm_vcpu *vcpu, u64 *sptep) 
	}

	}

}

}





static void validate_direct_spte(struct kvm_vcpu *vcpu, u64 *sptep,

				   unsigned direct_access)

{

	if (is_shadow_present_pte(*sptep) && !is_large_pte(*sptep)) {

		struct kvm_mmu_page *child;



		/*

		 * For the direct sp, if the guest pte's dirty bit

		 * changed form clean to dirty, it will corrupt the

		 * sp's access: allow writable in the read-only sp,

		 * so we should update the spte at this point to get

		 * a new sp with the correct access.

		 */

		child = page_header(*sptep & PT64_BASE_ADDR_MASK);

		if (child->role.access == direct_access)

			return;



		mmu_page_remove_parent_pte(child, sptep);

		__set_spte(sptep, shadow_trap_nonpresent_pte);

		kvm_flush_remote_tlbs(vcpu->kvm);

	}

}



static void kvm_mmu_page_unlink_children(struct kvm *kvm,

static void kvm_mmu_page_unlink_children(struct kvm *kvm,

					 struct kvm_mmu_page *sp)

					 struct kvm_mmu_page *sp)

{

{

arch/x86/kvm/paging_tmpl.h

+6 −21
Original line number Original line Diff line number Diff line
@@ -338,30 +338,15 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr, 
			break;

			break;

		}

		}





		if (is_shadow_present_pte(*sptep) && !is_large_pte(*sptep)) {

		if (is_shadow_present_pte(*sptep) && !is_large_pte(*sptep)

			struct kvm_mmu_page *child;

		    && level == gw->level)

			validate_direct_spte(vcpu, sptep, direct_access);





			if (level != gw->level)

		drop_large_spte(vcpu, sptep);

				continue;





			/*

		if (is_shadow_present_pte(*sptep))

			 * For the direct sp, if the guest pte's dirty bit

			 * changed form clean to dirty, it will corrupt the

			 * sp's access: allow writable in the read-only sp,

			 * so we should update the spte at this point to get

			 * a new sp with the correct access.

			 */

			child = page_header(*sptep & PT64_BASE_ADDR_MASK);

			if (child->role.access == direct_access)

			continue;

			continue;





			mmu_page_remove_parent_pte(child, sptep);

			__set_spte(sptep, shadow_trap_nonpresent_pte);

			kvm_flush_remote_tlbs(vcpu->kvm);

		}



		drop_large_spte(vcpu, sptep);



		if (level <= gw->level) {

		if (level <= gw->level) {

			direct = 1;

			direct = 1;

			access = direct_access;

			access = direct_access;