KVM: x86/mmu: Move is_writable_pte() to spte.h
Move is_writable_pte() close to the other functions that check writability information about SPTEs. While here opportunistically replace the open-coded bit arithmetic in check_spte_writable_invariants() with a call to is_writable_pte(). No functional change intended. Suggested-by: Sean Christopherson <seanjc@google.com> Signed-off-by: David Matlack <dmatlack@google.com> Message-Id: <20220125230518.1697048-4-dmatlack@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
David Matlack
Paolo Bonzini
parent
115111efd9
commit
006100212d
@ -202,44 +202,6 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
|
||||
return vcpu->arch.mmu->page_fault(vcpu, &fault);
|
||||
}
|
||||
|
||||
/*
|
||||
* Currently, we have two sorts of write-protection, a) the first one
|
||||
* write-protects guest page to sync the guest modification, b) another one is
|
||||
* used to sync dirty bitmap when we do KVM_GET_DIRTY_LOG. The differences
|
||||
* between these two sorts are:
|
||||
* 1) the first case clears MMU-writable bit.
|
||||
* 2) the first case requires flushing tlb immediately avoiding corrupting
|
||||
* shadow page table between all vcpus so it should be in the protection of
|
||||
* mmu-lock. And the another case does not need to flush tlb until returning
|
||||
* the dirty bitmap to userspace since it only write-protects the page
|
||||
* logged in the bitmap, that means the page in the dirty bitmap is not
|
||||
* missed, so it can flush tlb out of mmu-lock.
|
||||
*
|
||||
* So, there is the problem: the first case can meet the corrupted tlb caused
|
||||
* by another case which write-protects pages but without flush tlb
|
||||
* immediately. In order to making the first case be aware this problem we let
|
||||
* it flush tlb if we try to write-protect a spte whose MMU-writable bit
|
||||
* is set, it works since another case never touches MMU-writable bit.
|
||||
*
|
||||
* Anyway, whenever a spte is updated (only permission and status bits are
|
||||
* changed) we need to check whether the spte with MMU-writable becomes
|
||||
* readonly, if that happens, we need to flush tlb. Fortunately,
|
||||
* mmu_spte_update() has already handled it perfectly.
|
||||
*
|
||||
* The rules to use MMU-writable and PT_WRITABLE_MASK:
|
||||
* - if we want to see if it has writable tlb entry or if the spte can be
|
||||
* writable on the mmu mapping, check MMU-writable, this is the most
|
||||
* case, otherwise
|
||||
* - if we fix page fault on the spte or do write-protection by dirty logging,
|
||||
* check PT_WRITABLE_MASK.
|
||||
*
|
||||
* TODO: introduce APIs to split these two cases.
|
||||
*/
|
||||
static inline bool is_writable_pte(unsigned long pte)
|
||||
{
|
||||
return pte & PT_WRITABLE_MASK;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if a given access (described through the I/D, W/R and U/S bits of a
|
||||
* page fault error code pfec) causes a permission fault with the given PTE
|
||||
|
||||
@ -339,6 +339,44 @@ static __always_inline bool is_rsvd_spte(struct rsvd_bits_validate *rsvd_check,
|
||||
__is_rsvd_bits_set(rsvd_check, spte, level);
|
||||
}
|
||||
|
||||
/*
|
||||
* Currently, we have two sorts of write-protection, a) the first one
|
||||
* write-protects guest page to sync the guest modification, b) another one is
|
||||
* used to sync dirty bitmap when we do KVM_GET_DIRTY_LOG. The differences
|
||||
* between these two sorts are:
|
||||
* 1) the first case clears MMU-writable bit.
|
||||
* 2) the first case requires flushing tlb immediately avoiding corrupting
|
||||
* shadow page table between all vcpus so it should be in the protection of
|
||||
* mmu-lock. And the another case does not need to flush tlb until returning
|
||||
* the dirty bitmap to userspace since it only write-protects the page
|
||||
* logged in the bitmap, that means the page in the dirty bitmap is not
|
||||
* missed, so it can flush tlb out of mmu-lock.
|
||||
*
|
||||
* So, there is the problem: the first case can meet the corrupted tlb caused
|
||||
* by another case which write-protects pages but without flush tlb
|
||||
* immediately. In order to making the first case be aware this problem we let
|
||||
* it flush tlb if we try to write-protect a spte whose MMU-writable bit
|
||||
* is set, it works since another case never touches MMU-writable bit.
|
||||
*
|
||||
* Anyway, whenever a spte is updated (only permission and status bits are
|
||||
* changed) we need to check whether the spte with MMU-writable becomes
|
||||
* readonly, if that happens, we need to flush tlb. Fortunately,
|
||||
* mmu_spte_update() has already handled it perfectly.
|
||||
*
|
||||
* The rules to use MMU-writable and PT_WRITABLE_MASK:
|
||||
* - if we want to see if it has writable tlb entry or if the spte can be
|
||||
* writable on the mmu mapping, check MMU-writable, this is the most
|
||||
* case, otherwise
|
||||
* - if we fix page fault on the spte or do write-protection by dirty logging,
|
||||
* check PT_WRITABLE_MASK.
|
||||
*
|
||||
* TODO: introduce APIs to split these two cases.
|
||||
*/
|
||||
static inline bool is_writable_pte(unsigned long pte)
|
||||
{
|
||||
return pte & PT_WRITABLE_MASK;
|
||||
}
|
||||
|
||||
/* Note: spte must be a shadow-present leaf SPTE. */
|
||||
static inline void check_spte_writable_invariants(u64 spte)
|
||||
{
|
||||
@ -347,7 +385,7 @@ static inline void check_spte_writable_invariants(u64 spte)
|
||||
"kvm: MMU-writable SPTE is not Host-writable: %llx",
|
||||
spte);
|
||||
else
|
||||
WARN_ONCE(spte & PT_WRITABLE_MASK,
|
||||
WARN_ONCE(is_writable_pte(spte),
|
||||
"kvm: Writable SPTE is not MMU-writable: %llx", spte);
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user