search for: direct_map

...--git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 24843cf49579..1bdca40fa831 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -5364,8 +5364,12 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, enum emulation_result er; bool direct = vcpu->arch.mmu->direct_map; - /* With shadow page tables, fault_address contains a GVA or nGPA. */ - if (vcpu->arch.mmu->direct_map) { + /* + * With shadow page tables, fault_address contains a GVA or nGPA. + * On a fetch fault, fault_address contains the instruction pointer. + */ + if (vcpu->arch.mmu->dire...

...t; index 24843cf49579..1bdca40fa831 100644 >> --- a/arch/x86/kvm/mmu.c >> +++ b/arch/x86/kvm/mmu.c >> @@ -5364,8 +5364,12 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, >> enum emulation_result er; >> bool direct = vcpu->arch.mmu->direct_map; >> >> - /* With shadow page tables, fault_address contains a GVA or nGPA. */ >> - if (vcpu->arch.mmu->direct_map) { >> + /* >> + * With shadow page tables, fault_address contains a GVA or nGPA. >> + * On a fetch fault, fault_address contains the instr...

...kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 5f0ddc6b67de..d28b7425c4f1 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5636,8 +5636,13 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, int r, emulation_type = 0; bool direct = vcpu->arch.mmu->direct_map; - /* With shadow page tables, fault_address contains a GVA or nGPA. */ - if (vcpu->arch.mmu->direct_map) { + /* + * With shadow page tables, fault_address contains a GVA or nGPA. + * On a fetch fault, fault_address contains the instruction pointer. + */ + if (vcpu->arch.mmu->dire...

..._tracked_gfn(vcpu, gpa_to_gfn(gpa))) > + kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); > > /* > * If the access faults on its page table, it can not > @@ -6374,6 +6376,9 @@ static bool retry_instruction(struct x86_emulate_ctxt *ctxt, > if (!vcpu->arch.mmu->direct_map) > gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2, NULL); > > + if (kvmi_tracked_gfn(vcpu, gpa_to_gfn(gpa))) > + return false; > + > kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); > > return true;

...gpa_to_gfn(gpa)); + if (!kvmi_tracked_gfn(vcpu, gpa_to_gfn(gpa))) + kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); /* * If the access faults on its page table, it can not @@ -6374,6 +6376,9 @@ static bool retry_instruction(struct x86_emulate_ctxt *ctxt, if (!vcpu->arch.mmu->direct_map) gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2, NULL); + if (kvmi_tracked_gfn(vcpu, gpa_to_gfn(gpa))) + return false; + kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); return true;

.....ffcf09e9bf78 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6987,7 +6987,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, ctxt->exception.address = cr2_or_gpa; /* With shadow page tables, cr2 contains a GVA or nGPA. */ - if (vcpu->arch.mmu->direct_map) { + if (emulation_type & EMULTYPE_GPA_AVAILABLE_PF) { ctxt->gpa_available = true; ctxt->gpa_val = cr2_or_gpa; }

...a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3760,8 +3760,11 @@ void kvm_mmu_free_roots(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, if (free_active_root) { if (mmu->shadow_root_level >= PT64_ROOT_4LEVEL && (mmu->root_level >= PT64_ROOT_4LEVEL || mmu->direct_map)) { - mmu_free_root_page(vcpu->kvm, &mmu->root_hpa, - &invalid_list); + for (i = 0; i < KVM_MAX_EPT_VIEWS; i++) + mmu_free_root_page(vcpu->kvm, + mmu->root_hpa_altviews + i, + &invalid_list); + mmu->root_hpa = INVALID_PAGE; } else {...

...virtual address kvm: page track: add support for preread, prewrite and preexec kvm: x86: wire in the preread/prewrite/preexec page trackers kvm: x86: add kvm_mmu_nested_pagefault() kvm: introspection: use page track kvm: x86: consult the page tracking from kvm_mmu_get_page() and __direct_map() kvm: introspection: add KVMI_CONTROL_EVENTS kvm: x86: add kvm_spt_fault() kvm: introspection: add KVMI_EVENT_PF kvm: introspection: add KVMI_GET_PAGE_ACCESS kvm: introspection: add KVMI_SET_PAGE_ACCESS kvm: introspection: add KVMI_READ_PHYSICAL and KVMI_WRITE_PHYSICAL kvm: introspec...

...virtual address kvm: page track: add support for preread, prewrite and preexec kvm: x86: wire in the preread/prewrite/preexec page trackers kvm: x86: add kvm_mmu_nested_pagefault() kvm: introspection: use page track kvm: x86: consult the page tracking from kvm_mmu_get_page() and __direct_map() kvm: introspection: add KVMI_CONTROL_EVENTS kvm: x86: add kvm_spt_fault() kvm: introspection: add KVMI_EVENT_PF kvm: introspection: add KVMI_GET_PAGE_ACCESS kvm: introspection: add KVMI_SET_PAGE_ACCESS kvm: introspection: add KVMI_READ_PHYSICAL and KVMI_WRITE_PHYSICAL kvm: introspec...

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

This patch series is based on the VM introspection patches (https://lore.kernel.org/kvm/20200721210922.7646-1-alazar at bitdefender.com/), extending the introspection API with EPT Views and Virtualization Exceptions (#VE) support. The purpose of this series is to get an initial feedback and to see if we are on the right track, especially because the changes made to add the EPT views are not small

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place