Re: [PATCH 0/2] KVM: x86/mmu: nEPT X-only unsync bug fix

From: Paolo Bonzini
Date: Fri May 20 2022 - 09:32:46 EST

Next message: AngeloGioacchino Del Regno: "[PATCH 0/4] MediaTek Helio X10 MT6795 - MT6331/6332 Regulators"
Previous message: Rolf Eike Beer: "[PATCH] net: tulip: fix build with CONFIG_GSC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Queued, thanks. Here is the new message for patch 1:

All of sync_page()'s existing checks filter out only !PRESENT gPTE,
because without execute-only, all upper levels are guaranteed to be at
least READABLE. However, if EPT with execute-only support is in use by
L1, KVM can create an SPTE that is shadow-present but guest-inaccessible
(RWX=0) if the upper level combined permissions are R (or RW) and
the leaf EPTE is changed from R (or RW) to X. Because the EPTE is
considered present when viewed in isolation, and no reserved bits are set,
FNAME(prefetch_invalid_gpte) will consider the GPTE valid, and cause a
not-present SPTE to be created.

The SPTE is "correct": the guest translation is inaccessible because
the combined protections of all levels yield RWX=0, and KVM will just
redirect any vmexits to the guest. If EPT A/D bits are disabled, KVM
can mistake the SPTE for an access-tracked SPTE, but again such confusion
isn't fatal, as the "saved" protections are also RWX=0. However,
creating a useless SPTE in general means that KVM messed up something,
even if this particular goof didn't manifest as a functional bug.
So, drop SPTEs whose new protections will yield a RWX=0 SPTE, and
add a WARN in make_spte() to detect creation of SPTEs that will
result in RWX=0 protections.

Paolo

Next message: AngeloGioacchino Del Regno: "[PATCH 0/4] MediaTek Helio X10 MT6795 - MT6331/6332 Regulators"
Previous message: Rolf Eike Beer: "[PATCH] net: tulip: fix build with CONFIG_GSC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]