Re: [PATCH 1/4] KVM: MMU: fix permission_fault()

From: Xiao Guangrong
Date: Tue Apr 05 2016 - 23:29:10 EST

Next message: Yongji Xie: "Re: [RFC v5 7/7] vfio-pci: Allow to mmap MSI-X table if interrupt remapping is supported"
Previous message: Yoshihiro Shimoda: "RE: [PATCH v6 12/12] usb: host: xhci-plat: Add otg device to platform data"
Next in thread: Paolo Bonzini: "Re: [PATCH 1/4] KVM: MMU: fix permission_fault()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/30/2016 02:39 PM, Xiao Guangrong wrote:

On 03/30/2016 02:36 PM, Paolo Bonzini wrote:

On 30/03/2016 03:56, Xiao Guangrong wrote:

x86/access.flat is currently using the "other" definition, i.e., PFEC.PK
is only set if W=1 or CR0.WP=0 && PFEC.U=0 or PFEC.W=0. Can you use it
(with ept=1 of course) to check what the processor is doing?

Sure.

And ept=1 is hard to trigger MMU issue, i am enabling PKEY on shadow
MMU, let's see what will happen. ;)

No, don't do that!

ept=1 lets you test what the processor does. It means you cannot test
permission_fault(), but what we want here is just reverse engineering
the microcode. ept=1 lets you do exactly that.

Yes, i got this point. Huaitong will do the test once the machine gets
free.

I tested it and it is failed:

test pte.p pte.user pde.p pde.user pde.a pde.pse pkru.wd pkey=1 user write efer.nx cr4.pke: FAIL: error code 27 expected 7
Dump mapping: address: 0x123400000000
------L4: 2ebe007
------L3: 2ebf007
------L2: 8000000020000a5

So PFEC.PKEY is set even if the ordinary check failed (caused by pde.rw = 0), the kvm code is
right. :)

Next message: Yongji Xie: "Re: [RFC v5 7/7] vfio-pci: Allow to mmap MSI-X table if interrupt remapping is supported"
Previous message: Yoshihiro Shimoda: "RE: [PATCH v6 12/12] usb: host: xhci-plat: Add otg device to platform data"
Next in thread: Paolo Bonzini: "Re: [PATCH 1/4] KVM: MMU: fix permission_fault()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]