aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/kvm
diff options
context:
space:
mode:
authorAvi Kivity <avi@redhat.com>2010-05-12 04:48:18 -0400
committerAvi Kivity <avi@redhat.com>2010-05-19 04:41:09 -0400
commit3dbe141595faa48a067add3e47bba3205b79d33c (patch)
treea7d37004d0021298ed305810543ae6a3a4ed79e2 /Documentation/kvm
parenta3d204e28579427609c3d15d2310127ebaa47d94 (diff)
KVM: MMU: Segregate shadow pages with different cr0.wp
When cr0.wp=0, we may shadow a gpte having u/s=1 and r/w=0 with an spte having u/s=0 and r/w=1. This allows excessive access if the guest sets cr0.wp=1 and accesses through this spte. Fix by making cr0.wp part of the base role; we'll have different sptes for the two cases and the problem disappears. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Diffstat (limited to 'Documentation/kvm')
-rw-r--r--Documentation/kvm/mmu.txt2
1 files changed, 2 insertions, 0 deletions
diff --git a/Documentation/kvm/mmu.txt b/Documentation/kvm/mmu.txt
index 0cc28fb84f4f..aaed6ab9d7ab 100644
--- a/Documentation/kvm/mmu.txt
+++ b/Documentation/kvm/mmu.txt
@@ -163,6 +163,8 @@ Shadow pages contain the following information:
163 32-bit or 64-bit gptes are in use). 163 32-bit or 64-bit gptes are in use).
164 role.cr4_nxe: 164 role.cr4_nxe:
165 Contains the value of efer.nxe for which the page is valid. 165 Contains the value of efer.nxe for which the page is valid.
166 role.cr0_wp:
167 Contains the value of cr0.wp for which the page is valid.
166 gfn: 168 gfn:
167 Either the guest page table containing the translations shadowed by this 169 Either the guest page table containing the translations shadowed by this
168 page, or the base page frame for linear translations. See role.direct. 170 page, or the base page frame for linear translations. See role.direct.