diff options
author | Avi Kivity <avi@redhat.com> | 2010-05-12 04:48:18 -0400 |
---|---|---|
committer | Avi Kivity <avi@redhat.com> | 2010-05-19 04:41:09 -0400 |
commit | 3dbe141595faa48a067add3e47bba3205b79d33c (patch) | |
tree | a7d37004d0021298ed305810543ae6a3a4ed79e2 /Documentation/kvm | |
parent | a3d204e28579427609c3d15d2310127ebaa47d94 (diff) |
KVM: MMU: Segregate shadow pages with different cr0.wp
When cr0.wp=0, we may shadow a gpte having u/s=1 and r/w=0 with an spte
having u/s=0 and r/w=1. This allows excessive access if the guest sets
cr0.wp=1 and accesses through this spte.
Fix by making cr0.wp part of the base role; we'll have different sptes for
the two cases and the problem disappears.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Diffstat (limited to 'Documentation/kvm')
-rw-r--r-- | Documentation/kvm/mmu.txt | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Documentation/kvm/mmu.txt b/Documentation/kvm/mmu.txt index 0cc28fb84f4f..aaed6ab9d7ab 100644 --- a/Documentation/kvm/mmu.txt +++ b/Documentation/kvm/mmu.txt | |||
@@ -163,6 +163,8 @@ Shadow pages contain the following information: | |||
163 | 32-bit or 64-bit gptes are in use). | 163 | 32-bit or 64-bit gptes are in use). |
164 | role.cr4_nxe: | 164 | role.cr4_nxe: |
165 | Contains the value of efer.nxe for which the page is valid. | 165 | Contains the value of efer.nxe for which the page is valid. |
166 | role.cr0_wp: | ||
167 | Contains the value of cr0.wp for which the page is valid. | ||
166 | gfn: | 168 | gfn: |
167 | Either the guest page table containing the translations shadowed by this | 169 | Either the guest page table containing the translations shadowed by this |
168 | page, or the base page frame for linear translations. See role.direct. | 170 | page, or the base page frame for linear translations. See role.direct. |