diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2026-04-08 11:41:58 -0400 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2026-05-10 14:52:55 +0200 |
| commit | a8827c19614629ee51f2355ceeea36b96d77eb60 (patch) | |
| tree | c0d92aaf54ba28e96bac62bb09ef0c8eaa6707ae /scripts/git.orderFile | |
| parent | 949aa12e030eac4424f4832eb93e96c20719ae7b (diff) | |
KVM: x86/mmu: introduce ACC_READ_MASK
Read permissions so far were only needed for EPT, which does not need
ACC_USER_MASK. Therefore, for EPT page tables ACC_USER_MASK was repurposed
as a read permission bit.
In order to implement nested MBEC, EPT will genuinely have four kinds of
accesses, and there will be no room for such hacks; bite the bullet at
last, enlarging ACC_ALL to four bits and permissions[] to 2^4 bits (u16).
The new code does not enforce that the XWR bits on non-execonly processors
have their R bit set, even when running nested: none of the shadow_*_mask
values have bit 0 set, and make_spte() genuinely relies on ACC_READ_MASK
being requested! This works because, if execonly is not supported by the
processor, shadow EPT will generate an EPT misconfig vmexit if the XWR
bits represent a non-readable page, and therefore the pte_access argument
to make_spte() will also always have ACC_READ_MASK set.
Tested-by: David Riley <d.riley@proxmox.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'scripts/git.orderFile')
0 files changed, 0 insertions, 0 deletions
