Avi Kivity wrote: > If cr0.wp=0, we have to allow the guest kernel access to a page with pte.w=0. > We do that by setting spte.w=1, since the host cr0.wp must remain set so the > host can write protect pages. Once we allow write access, we must remove > user access otherwise we mistakenly allow the user to write the page. > Yeah, it's really a nice way :-) Reviewed-by: Xiao Guangrong <xiaoguangrong@xxxxxxxxxxxxxx> > Signed-off-by: Avi Kivity <avi@xxxxxxxxxx> > --- > arch/x86/kvm/mmu.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c > index 39dd8d3..56f8c3c 100644 > --- a/arch/x86/kvm/mmu.c > +++ b/arch/x86/kvm/mmu.c > @@ -1894,6 +1894,9 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, > > spte |= PT_WRITABLE_MASK; > > + if (!tdp_enabled && !(pte_access & ACC_WRITE_MASK)) > + spte &= ~PT_USER_MASK; > + > /* > * Optimization: for pte sync, if spte was writable the hash > * lookup is unnecessary (and expensive). Write protection -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
