nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

kvm: mmu: Don't expose private memslots to L2

Browse source 
These private pages have special purposes in the virtualization of L1,
but not in the virtualization of L2. In particular, L1's APIC access
page should never be entered into L2's page tables, because this
causes a great deal of confusion when the APIC virtualization hardware
is being used to accelerate L2's accesses to its own APIC.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Jim Mattson 2018-05-09 17:02:05 -04:00 committed by Paolo Bonzini
parent 1313cc2bd8
commit 3a2936dedd
1 changed files with 8 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

8
arch/x86/kvm/mmu.c
View file

@ -3807,6 +3807,14 @@ static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
struct kvm_memory_slot *slot; struct kvm_memory_slot *slot;
bool async; bool async;
/*
* Don't expose private memslots to L2.
*/
if (is_guest_mode(vcpu) && !kvm_is_visible_gfn(vcpu->kvm, gfn)) {
*pfn = KVM_PFN_NOSLOT;
return false;
}
slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn); slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
async = false; async = false;
*pfn = __gfn_to_pfn_memslot(slot, gfn, false, &async, write, writable); *pfn = __gfn_to_pfn_memslot(slot, gfn, false, &async, write, writable);