On 06/03/2016 21:36, Paolo Bonzini wrote:
>
>
> On 06/03/2016 09:00, Xiao Guangrong wrote:
>>>
>>> if (vcpu_match_mmio_gva(vcpu, gva)
>>> && !permission_fault(vcpu, vcpu->arch.walk_mmu,
>>> - vcpu->arch.access, access)) {
>>> + vcpu->arch.access, 0, access)) {
>>
>> No. The pkey is not always 0.
>>
>> We should cache PKEY for the mmio access and use it here to check if the
>> right is adequate.
>
> This is just an optimization I think, so it can have false negatives (it
> won't have many in practice because MMIO accesses are usually done in
> supervisor mode). The actual check is done when
> vcpu->arch.walk_mmu->gva_to_gpa is called.
Duh, sorry, false _positives_ are okay (i.e. you can say something
faults even if it actually doesn't).
One thing you could do is:
- do not pass pte_pkeys to permission_fault, instead read PKRU in
walk_addr_generic and pass "(pkru >> (pte_pkeys * PKRU_ATTRS)) & 3" to
permission_fault.
- here, pass ~0. So if CR0.PKE=0 or U=0 caching works properly, but if
CR0.PKE=1 and U=1 it is disabled gracefully and gva_to_gpa does the page
walk correctly.
Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
