On 10/03/2016 09:36, Xiao Guangrong wrote: > > > On 03/08/2016 07:44 PM, Paolo Bonzini wrote: >> KVM handles supervisor writes of a pte.u=0/pte.w=0/CR0.WP=0 page by >> setting U=0 and W=1 in the shadow PTE. This will cause a user write >> to fault and a supervisor write to succeed (which is correct because >> CR0.WP=0). A user read instead will flip U=0 to 1 and W=1 back to 0. >> This enables user reads; it also disables supervisor writes, the next >> of which will then flip the bits again. >> >> When SMEP is in effect, however, pte.u=0 will enable kernel execution >> of this page. To avoid this, KVM also sets pte.nx=1. The reserved bit >> catches this because it only looks at the guest's EFER.NX bit. Teach it >> that smep_andnot_wp will also use the NX bit of SPTEs. >> >> Cc: stable@xxxxxxxxxxxxxxx >> Cc: Xiao Guangrong <guangrong.xiao@xxxxxxxxxx> > > As a redhat guy i am so proud. :) > >> Fixes: c258b62b264fdc469b6d3610a907708068145e3b > > Thanks for you fixing it, Paolo! > > Reviewed-by: Xiao Guangrong <guangrong.xiao@xxxxxxxxxxxxxxx> > >> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> >> --- >> arch/x86/kvm/mmu.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c >> index 95a955de5964..0cd4ee01de94 100644 >> --- a/arch/x86/kvm/mmu.c >> +++ b/arch/x86/kvm/mmu.c >> @@ -3721,13 +3721,15 @@ static void reset_rsvds_bits_mask_ept(struct >> kvm_vcpu *vcpu, >> void >> reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu >> *context) >> { >> + int uses_nx = context->nx || context->base_role.smep_andnot_wp; > > It would be better if it is 'bool' Ok, will do. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html