From: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>

Date: Wed, 30 Jun 2010 08:02:45 +0000 (+0800)

Subject: KVM: MMU: fix conflict access permissions in direct sp

X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=6aa0b9dec5d6dde26ea17b0b5be8fccfe19df3c9

KVM: MMU: fix conflict access permissions in direct sp

In no-direct mapping, we mark sp is 'direct' when we mapping the

guest's larger page, but its access is encoded form upper page-struct

entire not include the last mapping, it will cause access conflict.

For example, have this mapping:

        [W]

      / PDE1 -> |---|

  P[W]          |   | LPA

      \ PDE2 -> |---|

        [R]

P have two children, PDE1 and PDE2, both PDE1 and PDE2 mapping the

same lage page(LPA). The P's access is WR, PDE1's access is WR,

PDE2's access is RO(just consider read-write permissions here)

When guest access PDE1, we will create a direct sp for LPA, the sp's

access is from P, is W, then we will mark the ptes is W in this sp.

Then, guest access PDE2, we will find LPA's shadow page, is the same as

PDE's, and mark the ptes is RO.

So, if guest access PDE1, the incorrect #PF is occured.

Fixed by encode the last mapping access into direct shadow page

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

Signed-off-by: Avi Kivity <avi@redhat.com>

---

diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h

index 89d66ca..2331bdc 100644

--- a/arch/x86/kvm/paging_tmpl.h

+++ b/arch/x86/kvm/paging_tmpl.h

@@ -342,6 +342,7 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,

 			/* advance table_gfn when emulating 1gb pages with 4k */

 			if (delta == 0)

 				table_gfn += PT_INDEX(addr, level);

+			access &= gw->pte_access;

 		} else {

 			direct = 0;

 			table_gfn = gw->table_gfn[level - 2];