On 19/08/2016 16:59, Jim Mattson wrote:
> On Fri, Aug 19, 2016 at 3:21 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
>> Would this fix a failure in kvm-unit-tests x86/vmx.c, too?
>
> Possibly. Which failure?
This one (didn't have access to the machine with eptad this morning):
Test suite: EPT framework
FAIL: EPT violation - paging structure
It can currently be worked around with eptad=0. See 28.2.3.2 and 28.4
in the SDM, the latter saying: "When accessed and dirty flags for EPT
are enabled, processor accesses to guest paging-structure entries are
treated as writes (see Section 28.2.3.2)" while the test expects that
guest paging-structure entries can be marked read-only in EPT page tables.
There is another which is unrelated and caused by APICv:
FAIL: EPT - MMIO access
>>
>>> Of course, this means that L0 will lose the ability to do
>>> accessed/dirty page tracking of L2 using the shadow EPT tables for L2.
>>
>> Indeed, and that's the reason why I never got the courage to look into a
>> fix for that vmx.c failure... But maybe it would be enough to ensure
>> the A/D bits are set when FNAME(sync_page) calls set_spte (accessed is
>> set if speculative==false; for dirty you'd have to invent a new argument
>> or something like that).
>
> Dirty should probably be set any time that the shadow EPT entry has
> write permission. Then, we would only want to set write permission in
> the shadow EPT entry if the L0 and L1 EPT entries are writable *and*
> the current access is a write.
That basically means behaving as if shadow_accessed_mask ==
shadow_dirty_mask == 0. I guess one could call kvm_mmu_set_mask_ptes in
nested_ept_{,un}init_mmu_context.
Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
