Skip to content

Commit 7fa5e29

Browse files
yamahatabonzini
yamahata
authored and
bonzini
committed
KVM: x86/mmu: Add Suppress VE bit to EPT shadow_mmio_mask/shadow_present_mask
To make use of the same value of shadow_mmio_mask and shadow_present_mask for TDX and VMX, add Suppress-VE bit to shadow_mmio_mask and shadow_present_mask so that they can be common for both VMX and TDX. TDX will require shadow_mmio_mask and shadow_present_mask to include VMX_SUPPRESS_VE for shared GPA so that EPT violation is triggered for shared GPA. For VMX, VMX_SUPPRESS_VE doesn't matter for MMIO because the spte value is defined so as to cause EPT misconfig. Signed-off-by: Isaku Yamahata <[email protected]> Message-Id: <97cc616b3563cd8277be91aaeb3e14bce23c3649.1705965635.git.isaku.yamahata@intel.com> Reviewed-by: Xiaoyao Li <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
1 parent 7f01cab commit 7fa5e29

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

arch/x86/include/asm/vmx.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -514,6 +514,7 @@ enum vmcs_field {
514514
#define VMX_EPT_IPAT_BIT (1ull << 6)
515515
#define VMX_EPT_ACCESS_BIT (1ull << 8)
516516
#define VMX_EPT_DIRTY_BIT (1ull << 9)
517+
#define VMX_EPT_SUPPRESS_VE_BIT (1ull << 63)
517518
#define VMX_EPT_RWX_MASK (VMX_EPT_READABLE_MASK | \
518519
VMX_EPT_WRITABLE_MASK | \
519520
VMX_EPT_EXECUTABLE_MASK)

arch/x86/kvm/mmu/spte.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -413,7 +413,9 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only)
413413
shadow_dirty_mask = has_ad_bits ? VMX_EPT_DIRTY_BIT : 0ull;
414414
shadow_nx_mask = 0ull;
415415
shadow_x_mask = VMX_EPT_EXECUTABLE_MASK;
416-
shadow_present_mask = has_exec_only ? 0ull : VMX_EPT_READABLE_MASK;
416+
/* VMX_EPT_SUPPRESS_VE_BIT is needed for W or X violation. */
417+
shadow_present_mask =
418+
(has_exec_only ? 0ull : VMX_EPT_READABLE_MASK) | VMX_EPT_SUPPRESS_VE_BIT;
417419
/*
418420
* EPT overrides the host MTRRs, and so KVM must program the desired
419421
* memtype directly into the SPTEs. Note, this mask is just the mask
@@ -430,7 +432,7 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only)
430432
* of an EPT paging-structure entry is 110b (write/execute).
431433
*/
432434
kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE,
433-
VMX_EPT_RWX_MASK, 0);
435+
VMX_EPT_RWX_MASK | VMX_EPT_SUPPRESS_VE_BIT, 0);
434436
}
435437
EXPORT_SYMBOL_GPL(kvm_mmu_set_ept_masks);
436438

0 commit comments

Comments
 (0)