From patchwork Thu Oct 19 08:14:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Zhang, Yi" X-Patchwork-Id: 10016243 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C93B66057C for ; Thu, 19 Oct 2017 09:24:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB275286C1 for ; Thu, 19 Oct 2017 09:24:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BFDEA287F4; Thu, 19 Oct 2017 09:24:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 671D528CA4 for ; Thu, 19 Oct 2017 09:24:42 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e571x-0001vr-14; Thu, 19 Oct 2017 09:22:21 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e55xa-0004mb-3Q for xen-devel@lists.xenproject.org; Thu, 19 Oct 2017 08:13:46 +0000 Received: from [193.109.254.147] by server-5.bemta-6.messagelabs.com id DC/8C-29911-9BE58E95; Thu, 19 Oct 2017 08:13:45 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmplkeJIrShJLcpLzFFi42Jpa+tI0d0R9yL SoGGuhcX3LZOZHBg9Dn+4whLAGMWamZeUX5HAmnFkZwNjQZt0xdwpu1gbGFtEuxg5OYQEKiVu XJ/MCGJLCPBKHFk2gxXC9pd4MeEYG0RNkcTamxOAariA7IWMEut2XQErYhPQlmi+8Z4FxBYRU JK4t2oyE0gRs0Avk8SCG1/BEsJAk+avamAHsVkEVCUur9gO1MzBwSuQIPH8rh/EMjmJm+c6mU FsTgE7ibvPtkAttpV49u0nywRGvgWMDKsY1YtTi8pSi3TN9JKKMtMzSnITM3N0DQ3M9HJTi4s T01NzEpOK9ZLzczcxAoOEAQh2MM474X+IUZKDSUmUVzbwRaQQX1J+SmVGYnFGfFFpTmrxIUYZ Dg4lCV6VWKCcYFFqempFWmYOMFxh0hIcPEoivJ4xQGne4oLE3OLMdIjUKUZdjo6bd/8wCbHk5 eelSonzVoHMEAApyijNgxsBi51LjLJSwryMQEcJ8RSkFuVmlqDKv2IU52BUEuZ1BJnCk5lXAr fpFdARTEBHsNuDHVGSiJCSamDkMdj1r+xVmvmj/f171zNMsnI+YBa6U0q8e8Gj5O5yzkvbteK m63c67skU2V0zV8M6l+HnQbn/uWniZqmS9Y4f37Yff2v6qsPrsYdE+bI73nNicy27Hi5mW+pw dcHBi8XzxYU29q9wbqxT+dkcMvPJmYXrf6qG1USynfCPNBVcHmfh3142IU+JpTgj0VCLuag4E QBWVYX8mAIAAA== X-Env-Sender: yi.z.zhang@linux.intel.com X-Msg-Ref: server-15.tower-27.messagelabs.com!1508400822!59524499!1 X-Originating-IP: [134.134.136.100] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 54674 invoked from network); 19 Oct 2017 08:13:44 -0000 Received: from mga07.intel.com (HELO mga07.intel.com) (134.134.136.100) by server-15.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Oct 2017 08:13:44 -0000 Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP; 19 Oct 2017 01:13:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,400,1503385200"; d="scan'208";a="164421413" Received: from linux.intel.com ([10.54.29.200]) by fmsmga005.fm.intel.com with ESMTP; 19 Oct 2017 01:13:42 -0700 Received: from dazhang1-ssd.sh.intel.com (unknown [10.239.48.55]) by linux.intel.com (Postfix) with ESMTP id AC55B580377; Thu, 19 Oct 2017 01:13:39 -0700 (PDT) From: Zhang Yi To: xen-devel@lists.xenproject.org Date: Thu, 19 Oct 2017 16:14:18 +0800 Message-Id: <213b64b2d879dc0588dbfb1ab3c55f2f172102be.1508397860.git.yi.z.zhang@linux.intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: X-Mailman-Approved-At: Thu, 19 Oct 2017 09:22:18 +0000 Cc: kevin.tian@intel.com, tamas@tklengyel.com, wei.liu2@citrix.com, jun.nakajima@intel.com, rcojocaru@bitdefender.com, george.dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, Zhang Yi Z , jbeulich@suse.com Subject: [Xen-devel] [PATCH RFC 11/14] xen: vmx: Added handle of SPP write protection fault X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Zhang Yi Z While hardware walking the SPP page table, If the sub-page region write permission bit is set, the write is allowed, else the write is disallowed and results in an EPT violation. we need peek this case in EPT violation handler. Signed-off-by: Zhang Yi Z --- xen/arch/x86/hvm/hvm.c | 5 +++++ xen/arch/x86/hvm/vmx/vmx.c | 3 +++ xen/arch/x86/mm/p2m-ept.c | 2 ++ xen/include/asm-x86/hvm/hvm.h | 2 ++ xen/include/xen/mem_access.h | 1 + 5 files changed, 13 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index afc4620..a7ced32 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1777,6 +1777,11 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla, case p2m_access_rwx: violation = 0; break; + case p2m_access_spp: + printk("SPP: spp write protect: acc mode:%d\n", npfec.write_access); + violation = npfec.write_access; + rc = HVM_SPP_WRITE_PROTECTED; + goto out_put_gfn; } if ( violation ) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index a4c24bb..0481ffd 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3295,6 +3295,9 @@ static void ept_handle_violation(ept_qual_t q, paddr_t gpa) nestedhvm_paging_mode_hap(current ) ) __vmwrite(EPT_POINTER, get_shadow_eptp(current)); return; + case HVM_SPP_WRITE_PROTECTED: + update_guest_eip(); + return; case -1: // This vioaltion should be injected to L1 VMM vcpu_nestedhvm(current).nv_vmexit_pending = 1; return; diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index c9dc29c..065beb9 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -214,6 +214,7 @@ static void ept_p2m_type_to_flags(struct p2m_domain *p2m, ept_entry_t *entry, entry->x = 0; break; case p2m_access_rwx: + case p2m_access_spp: break; } @@ -756,6 +757,7 @@ ept_spp_update_wp(struct p2m_domain *p2m, unsigned long gfn) new_entry = atomic_read_ept_entry(ept_entry); new_entry.spp = 1; new_entry.w = 0; + new_entry.access = p2m_access_spp; write_atomic(&(ept_entry->epte), new_entry.epte); ept_sync_domain(p2m); diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index b687e03..30c6775 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -80,6 +80,8 @@ enum hvm_intblk { #define HVM_EVENT_VECTOR_UNSET (-1) #define HVM_EVENT_VECTOR_UPDATING (-2) +#define HVM_SPP_WRITE_PROTECTED 2 + /* * The hardware virtual machine (HVM) interface abstracts away from the * x86/x86_64 CPU virtualization assist specifics. Currently this interface diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h index 28eb70c..b5811dd 100644 --- a/xen/include/xen/mem_access.h +++ b/xen/include/xen/mem_access.h @@ -54,6 +54,7 @@ typedef enum { p2m_access_n2rwx = 9, /* Special: page goes from N to RWX on access, * * generates an event but does not pause the * vcpu */ + p2m_access_spp = 0x0d, /* NOTE: Assumed to be only 4 bits right now on x86. */ } p2m_access_t;