KVM: x86/mmu: Add explicit access mask for MMIO SPTEs (4af77151) · Commits · 戴 / test

arch/x86/kvm/mmu.c

+9 −6

Original line number	Diff line number	Diff line
		@@ -214,6 +214,7 @@ static u64 __read_mostly shadow_accessed_mask;
		static u64 __read_mostly shadow_dirty_mask;
		static u64 __read_mostly shadow_mmio_mask;
		static u64 __read_mostly shadow_mmio_value;
		static u64 __read_mostly shadow_mmio_access_mask;
		static u64 __read_mostly shadow_present_mask;
		static u64 __read_mostly shadow_me_mask;

		@@ -299,11 +300,13 @@ static void kvm_flush_remote_tlbs_with_address(struct kvm *kvm,
		kvm_flush_remote_tlbs_with_range(kvm, &range);
		}

		void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value)
		void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value, u64 access_mask)
		{
		BUG_ON((u64)(unsigned)access_mask != access_mask);
		BUG_ON((mmio_mask & mmio_value) != mmio_value);
		shadow_mmio_value = mmio_value \| SPTE_SPECIAL_MASK;
		shadow_mmio_mask = mmio_mask \| SPTE_SPECIAL_MASK;
		shadow_mmio_access_mask = access_mask;
		}
		EXPORT_SYMBOL_GPL(kvm_mmu_set_mmio_spte_mask);

		@@ -389,7 +392,7 @@ static void mark_mmio_spte(struct kvm_vcpu vcpu, u64 sptep, u64 gfn,
		u64 mask = generation_mmio_spte_mask(gen);
		u64 gpa = gfn << PAGE_SHIFT;

		access &= ACC_WRITE_MASK \| ACC_USER_MASK;
		access &= shadow_mmio_access_mask;
		mask \|= shadow_mmio_value \| access;
		mask \|= gpa \| shadow_nonpresent_or_rsvd_mask;
		mask \|= (gpa & shadow_nonpresent_or_rsvd_mask)
		@@ -418,8 +421,7 @@ static gfn_t get_mmio_spte_gfn(u64 spte)

		static unsigned get_mmio_spte_access(u64 spte)
		{
		u64 mask = generation_mmio_spte_mask(MMIO_SPTE_GEN_MASK) \| shadow_mmio_mask;
		return (spte & ~mask) & ~PAGE_MASK;
		return spte & shadow_mmio_access_mask;
		}

		static bool set_mmio_spte(struct kvm_vcpu vcpu, u64 sptep, gfn_t gfn,
		@@ -3290,7 +3292,8 @@ static bool handle_abnormal_pfn(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn,
		}

		if (unlikely(is_noslot_pfn(pfn)))
		vcpu_cache_mmio_info(vcpu, gva, gfn, access);
		vcpu_cache_mmio_info(vcpu, gva, gfn,
		access & shadow_mmio_access_mask);

		return false;
		}
		@@ -5997,7 +6000,7 @@ static void kvm_set_mmio_spte_mask(void)
		if (IS_ENABLED(CONFIG_X86_64) && shadow_phys_bits == 52)
		mask &= ~1ull;

		kvm_mmu_set_mmio_spte_mask(mask, mask);
		kvm_mmu_set_mmio_spte_mask(mask, mask, ACC_WRITE_MASK \| ACC_USER_MASK);
		}

		int kvm_mmu_module_init(void)

arch/x86/kvm/mmu.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -51,7 +51,7 @@ static inline u64 rsvd_bits(int s, int e)
		return ((1ULL << (e - s + 1)) - 1) << s;
		}

		void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value);
		void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value, u64 access_mask);

		void
		reset_shadow_zero_bits_mask(struct kvm_vcpu vcpu, struct kvm_mmu context);

arch/x86/kvm/vmx/vmx.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -4036,7 +4036,7 @@ static void ept_set_mmio_spte_mask(void)
		* of an EPT paging-structure entry is 110b (write/execute).
		*/
		kvm_mmu_set_mmio_spte_mask(VMX_EPT_RWX_MASK,
		VMX_EPT_MISCONFIG_WX_VALUE);
		VMX_EPT_MISCONFIG_WX_VALUE, 0);
		}

		#define VMX_XSS_EXIT_BITMAP 0

Admin message