Avi Kivity wrote: > On 06/29/2010 10:45 AM, Xiao Guangrong wrote: >> >>> - there was once talk that instead of folding pt_access and pte_access >>> together into the leaf sp->role.access, each sp level would have its own >>> access permissions. In this case we don't even have to get a new direct >>> sp, only change the PT_DIRECTORY_LEVEL spte to add write permissions >>> (all direct sp's would be writeable and permissions would be controlled >>> at their parent_pte level). Of course that's a much bigger change than >>> this bug fix. >>> >>> >> Yeah, i have considered this way, but it will change the shadow page's >> mapping >> way: it control the access at the upper level, but in the current >> code, we allow >> the upper level have the ALL_ACCESS and control the access right at >> the last level. >> It will break many things, such as write-protected... >> > > spte's access bits have dual purpose, both to map guest protection and > for host protection (like for shadowed pages, or ksm pages). So the > last level sptes still need to consider host write protection. > Yeah, i see your mean, thanks, :-) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
