On Fri, Jun 11, 2010 at 07:30:50PM +0800, Lai Jiangshan wrote:
> When ept enabled, current code set shadow_base_present_pte
> including the write bit, thus all pte entries have
> writabe bit, and it means guest os can always
> write to any mapped page (even VMM maps RO pages for
> the guest.)
>
> We always use get_user_pages(write=1), so this bad code does not
> cause any bad result currently.
>
> But it is really bad, so fix it, and we will use RO pages future.
>
> We will set writabe bit when it is really writable (determined by
> the parameters of the set_spte())
>
> Signed-off-by: Lai Jiangshan <laijs@xxxxxxxxxxxxxx>
> ---
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index fdb18cf..c7565ea 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -4365,8 +4365,7 @@ static int __init vmx_init(void)
>
> if (enable_ept) {
> bypass_guest_pf = 0;
> - kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
> - VMX_EPT_WRITABLE_MASK);
> + kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK);
> kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull,
> VMX_EPT_EXECUTABLE_MASK);
> kvm_enable_tdp();
You can remove the call to kvm_mmu_set_base_ptes entirely, because
VMX_EPT_READABLE_MASK == PT_PRESENT_MASK.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
