On 06/29/2010 10:45 AM, Xiao Guangrong wrote:
- there was once talk that instead of folding pt_access and pte_access
together into the leaf sp->role.access, each sp level would have its own
access permissions. In this case we don't even have to get a new direct
sp, only change the PT_DIRECTORY_LEVEL spte to add write permissions
(all direct sp's would be writeable and permissions would be controlled
at their parent_pte level). Of course that's a much bigger change than
this bug fix.
Yeah, i have considered this way, but it will change the shadow page's mapping
way: it control the access at the upper level, but in the current code, we allow
the upper level have the ALL_ACCESS and control the access right at the last level.
It will break many things, such as write-protected...
spte's access bits have dual purpose, both to map guest protection and
for host protection (like for shadowed pages, or ksm pages). So the
last level sptes still need to consider host write protection.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
