On Sat, Jul 09, 2022 at 11:20:34AM +0700, Bagas Sanjaya wrote: > The state machine of EPT entry > ------------------------------ > -(private EPT entry, shared EPT entry) = > - (non-present, non-present): private mapping is allowed > - (present, non-present): private mapping is mapped > - (non-present | SPTE_SHARED_MASK, non-present | SPTE_SHARED_MASK): > - shared mapping is allowed > - (non-present | SPTE_SHARED_MASK, present | SPTE_SHARED_MASK): > - shared mapping is mapped > - (present | SPTE_SHARED_MASK, any) invalid combination > +* (private EPT entry, shared EPT entry) > > -* map_gpa(private GPA): Mark the region that private GPA is allowed(NEW) > - private EPT entry: clear SPTE_SHARED_MASK > - present: nop > - non-present: nop > - non-present | SPTE_SHARED_MASK -> non-present (clear SPTE_SHARED_MASK) > + * (non-present, non-present): > + private mapping is allowed > + * (present, non-present): > + private mapping is mapped > + * (non-present | SPTE_SHARED_MASK, non-present | SPTE_SHARED_MASK): > + shared mapping is allowed > + * (non-present | SPTE_SHARED_MASK, present | SPTE_SHARED_MASK): > + shared mapping is mapped > + * (present | SPTE_SHARED_MASK, any): > + invalid combination > > - shared EPT entry: zap the entry, clear SPTE_SHARED_MASK > - present: invalid > - non-present -> non-present: nop > - present | SPTE_SHARED_MASK -> non-present > - non-present | SPTE_SHARED_MASK -> non-present > +* map_gpa (private GPA): Mark the region that private GPA is allowed(NEW) > > -* map_gpa(shared GPA): Mark the region that shared GPA is allowed(NEW) > - private EPT entry: zap and set SPTE_SHARED_MASK > - present -> non-present | SPTE_SHARED_MASK > - non-present -> non-present | SPTE_SHARED_MASK > - non-present | SPTE_SHARED_MASK: nop > + * private EPT entry: clear SPTE_SHARED_MASK > > - shared EPT entry: set SPTE_SHARED_MASK > - present: invalid > - non-present -> non-present | SPTE_SHARED_MASK > - present | SPTE_SHARED_MASK -> present | SPTE_SHARED_MASK: nop > - non-present | SPTE_SHARED_MASK -> non-present | SPTE_SHARED_MASK: nop > + * present: nop > + * non-present: nop > + * non-present | SPTE_SHARED_MASK -> non-present (clear SPTE_SHARED_MASK) > > -* map(private GPA) > - private EPT entry > - present: nop > - non-present -> present > - non-present | SPTE_SHARED_MASK: nop. looping on EPT violation(NEW) > + * shared EPT entry: zap the entry, clear SPTE_SHARED_MASK > > - shared EPT entry: nop > + * present: invalid > + * non-present -> non-present: nop > + * present | SPTE_SHARED_MASK -> non-present > + * non-present | SPTE_SHARED_MASK -> non-present > > -* map(shared GPA) > - private EPT entry: nop > +* map_gpa (shared GPA): Mark the region that shared GPA is allowed(NEW) > > - shared EPT entry > - present: invalid > - present | SPTE_SHARED_MASK: nop > - non-present | SPTE_SHARED_MASK -> present | SPTE_SHARED_MASK > - non-present: nop. looping on EPT violation(NEW) > + * private EPT entry: zap and set SPTE_SHARED_MASK > > -* zap(private GPA) > - private EPT entry: zap the entry with keeping SPTE_SHARED_MASK > - present -> non-present > - present | SPTE_SHARED_MASK: invalid > - non-present: nop as is_shadow_present_pte() is checked > - non-present | SPTE_SHARED_MASK: nop as is_shadow_present_pte() is > - checked > + * present -> non-present | SPTE_SHARED_MASK > + * non-present -> non-present | SPTE_SHARED_MASK > + * non-present | SPTE_SHARED_MASK: nop > > - shared EPT entry: nop > + * shared EPT entry: set SPTE_SHARED_MASK > > -* zap(shared GPA) > - private EPT entry: nop > + * present: invalid > + * non-present -> non-present | SPTE_SHARED_MASK > + * present | SPTE_SHARED_MASK -> present | SPTE_SHARED_MASK: nop > + * non-present | SPTE_SHARED_MASK -> non-present | SPTE_SHARED_MASK: nop > > - shared EPT entry: zap > - any -> non-present > - present: invalid > - present | SPTE_SHARED_MASK -> non-present | SPTE_SHARED_MASK > - non-present: nop as is_shadow_present_pte() is checked > - non-present | SPTE_SHARED_MASK: nop as is_shadow_present_pte() is > - checked > +* map (private GPA) > + > + * private EPT entry > + > + * present: nop > + * non-present -> present > + * non-present | SPTE_SHARED_MASK: nop. looping on EPT violation(NEW) > + > + * shared EPT entry: nop > + > +* map (shared GPA) > + > + * private EPT entry: nop > + > + * shared EPT entry: > + > + * present: invalid > + * present | SPTE_SHARED_MASK: nop > + * non-present | SPTE_SHARED_MASK -> present | SPTE_SHARED_MASK > + * non-present: nop. looping on EPT violation(NEW) > + > +* zap (private GPA) > + > + * private EPT entry: zap the entry with keeping SPTE_SHARED_MASK > + > + * present -> non-present > + * present | SPTE_SHARED_MASK: invalid > + * non-present: nop as is_shadow_present_pte() is checked > + * non-present | SPTE_SHARED_MASK: nop as is_shadow_present_pte() is > + checked > + > + * shared EPT entry: nop > + > +* zap (shared GPA) > + > + * private EPT entry: nop > + > + * shared EPT entry: zap > + > + * any -> non-present > + * present: invalid > + * present | SPTE_SHARED_MASK -> non-present | SPTE_SHARED_MASK > + * non-present: nop as is_shadow_present_pte() is checked > + * non-present | SPTE_SHARED_MASK: nop as is_shadow_present_pte() is > + checked IMO, the state machine lists above should have used tables instead. -- An old man doll... just what I always wanted! - Clara
