[PATCH v2 0/5] Add support for EPT execute only for nested hypervisors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

v1 of this series posted at https://lkml.org/lkml/2016/6/28/7

Changes since v1:
 - 1/5 : modify is_shadow_present_pte to check against 0xffffffff
   Reasoning provided in commit message.
 - 2/5 : Removed 2/5 from v1 since kvm doesn't use execute only.
   3/5 from v1 is now 2/5. Introduce shadow_present_mask that
   signifies whether ept execute only is supported. Add/remove some
   comments as suggested in v1.
 - 3/5 : 4/5 from v1 is now 3/5.
 - 4/5 : update_permission_bitmask now sets u=1 only if host doesn't
   support ept execute only.
 - 5/5 : No change
 
These patches are based on reviews to my RFC
http://www.spinics.net/lists/kvm/msg134440.html

Changes since RFC:
 - Remove shadow_xonly_valid, it's not needed
 - Remove checks from is_shadow_present_pte()
 - In reset_tdp_shadow_zero_bits_mask, pass correct execonly to __reset_rsvds_bits_mask_ept
 - Reuse shadow_user_mask in set_spte()
 - Remove is_present_gpte() and inline the operation at the two call sites

I spoke to Paolo about this a while back and thought to post this as
RFC while I am thinking of adding some unit tests.

Background: ESX refuses to run as L1 if support for EPT execute only isn't
found. I am not really sure if it uses it for anything since just advertising
the bits seems to work but adding the necessary plumbing seemed like a good idea.

Xiao, I took the liberty of adding you based on "git blame" :)

Thanks in advance.

Bandan Das (5):
  mmu: extend the is_present check to 32 bits
  mmu: don't set the present bit unconditionally
  mmu: remove is_present_gpte()
  mmu: change unconditional setting of the u bit in fault bitmap
  vmx: advertise support for ept execute only

 arch/x86/include/asm/kvm_host.h |  2 +-
 arch/x86/kvm/mmu.c              | 26 ++++++++++++++++++--------
 arch/x86/kvm/mmu.h              |  5 -----
 arch/x86/kvm/paging_tmpl.h      | 10 ++++++++--
 arch/x86/kvm/vmx.c              | 10 ++++++++--
 arch/x86/kvm/x86.c              |  6 +++---
 6 files changed, 38 insertions(+), 21 deletions(-)

-- 
2.5.5

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux