Hi,
Recently, I'm reading kvm code, trying to understand how does kvm mmu
virtualization work on x86. I found that a read can cause dirty logging in EPT
mode (and also in SPT nonpaging mode), which is confusing.
In `set_spte`, where we prepare a new spte entry, we have this:
> if (pte_access & ACC_WRITE_MASK) {
> kvm_vcpu_mark_page_dirty(vcpu, gfn);
> spte |= spte_shadow_dirty_mask(spte);
> }
And in `__direct_map`, we have this:
> emulate = mmu_set_spte(vcpu, iterator.sptep, ACC_ALL,
> write, level, gfn, pfn, prefault,
> map_writable);
If Guest issue a read to a page, and the corresponding spte is not present,
`__direct_map` will be called to build the spte (and maybe parent sps as well)
in EPT mode and SPT nonpaging mode. Since we pass ACC_ALL to `set_spte` in this
case, even a read fault will cause the page to be marked dirty in dirty bitmap,
and it will also set the D bit in spte.
I think this is a false positive, and will make dirty logging inaccurate. I
wonder if this is intentionally designed so, for example because the inaccurate
case is just a little portion of all logged dirty writes.
Thanks.
--
Zhuocheng Ding
