diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-05-21 23:15:16 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-05-21 23:15:16 -0400 |
| commit | f0d8690ad443069b26df43a1be09c0f14a928eb9 (patch) | |
| tree | 74a19a907b64ad441e63373842d268efa6f99d72 /Documentation | |
| parent | 2f8126e3964261db3184d95bff1ae801e61239e9 (diff) | |
| parent | c447e76b4cabb49ddae8e49c5758f031f35d55fb (diff) | |
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"This includes a fix for two oopses, one on PPC and on x86.
The rest is fixes for bugs with newer Intel processors"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm/fpu: Enable eager restore kvm FPU for MPX
Revert "KVM: x86: drop fpu_activate hook"
kvm: fix crash in kvm_vcpu_reload_apic_access_page
KVM: MMU: fix SMAP virtualization
KVM: MMU: fix CR4.SMEP=1, CR0.WP=0 with shadow pages
KVM: MMU: fix smap permission check
KVM: PPC: Book3S HV: Fix list traversal in error case
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/virtual/kvm/mmu.txt | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt index 53838d9c6295..c59bd9bc41ef 100644 --- a/Documentation/virtual/kvm/mmu.txt +++ b/Documentation/virtual/kvm/mmu.txt | |||
| @@ -169,6 +169,10 @@ Shadow pages contain the following information: | |||
| 169 | Contains the value of cr4.smep && !cr0.wp for which the page is valid | 169 | Contains the value of cr4.smep && !cr0.wp for which the page is valid |
| 170 | (pages for which this is true are different from other pages; see the | 170 | (pages for which this is true are different from other pages; see the |
| 171 | treatment of cr0.wp=0 below). | 171 | treatment of cr0.wp=0 below). |
| 172 | role.smap_andnot_wp: | ||
| 173 | Contains the value of cr4.smap && !cr0.wp for which the page is valid | ||
| 174 | (pages for which this is true are different from other pages; see the | ||
| 175 | treatment of cr0.wp=0 below). | ||
| 172 | gfn: | 176 | gfn: |
| 173 | Either the guest page table containing the translations shadowed by this | 177 | Either the guest page table containing the translations shadowed by this |
| 174 | page, or the base page frame for linear translations. See role.direct. | 178 | page, or the base page frame for linear translations. See role.direct. |
| @@ -344,10 +348,16 @@ on fault type: | |||
| 344 | 348 | ||
| 345 | (user write faults generate a #PF) | 349 | (user write faults generate a #PF) |
| 346 | 350 | ||
| 347 | In the first case there is an additional complication if CR4.SMEP is | 351 | In the first case there are two additional complications: |
| 348 | enabled: since we've turned the page into a kernel page, the kernel may now | 352 | - if CR4.SMEP is enabled: since we've turned the page into a kernel page, |
| 349 | execute it. We handle this by also setting spte.nx. If we get a user | 353 | the kernel may now execute it. We handle this by also setting spte.nx. |
| 350 | fetch or read fault, we'll change spte.u=1 and spte.nx=gpte.nx back. | 354 | If we get a user fetch or read fault, we'll change spte.u=1 and |
| 355 | spte.nx=gpte.nx back. | ||
| 356 | - if CR4.SMAP is disabled: since the page has been changed to a kernel | ||
| 357 | page, it can not be reused when CR4.SMAP is enabled. We set | ||
| 358 | CR4.SMAP && !CR0.WP into shadow page's role to avoid this case. Note, | ||
| 359 | here we do not care the case that CR4.SMAP is enabled since KVM will | ||
| 360 | directly inject #PF to guest due to failed permission check. | ||
| 351 | 361 | ||
| 352 | To prevent an spte that was converted into a kernel page with cr0.wp=0 | 362 | To prevent an spte that was converted into a kernel page with cr0.wp=0 |
| 353 | from being written by the kernel after cr0.wp has changed to 1, we make | 363 | from being written by the kernel after cr0.wp has changed to 1, we make |