git.hungrycats.org Git - linux/commit

author	Sean Christopherson <seanjc@google.com>
	Thu, 10 Oct 2024 18:23:06 +0000 (11:23 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 5 Dec 2024 12:54:09 +0000 (13:54 +0100)
commit	dfd5c2f161cddf898057425f195ccf2920f72e4e
tree	c6452122c57d86f85650befcc30c55e19481692b	tree \| snapshot
parent	1a77ffcf84e0d1190821cc20ed26ee92bc0c916a	commit \| diff

KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE

commit 2867eb782cf7f64c2ac427596133b6f9c3f64b7a upstream.

Apply make_spte()'s optimization to skip trying to unsync shadow pages if
and only if the old SPTE was a leaf SPTE, as non-leaf SPTEs in direct MMUs
are always writable, i.e. could trigger a false positive and incorrectly
lead to KVM creating a SPTE without write-protecting or marking shadow
pages unsync.

This bug only affects the TDP MMU, as the shadow MMU only overwrites a
shadow-present SPTE when synchronizing SPTEs (and only 4KiB SPTEs can be
unsync). Specifically, mmu_set_spte() drops any non-leaf SPTEs *before*
calling make_spte(), whereas the TDP MMU can do a direct replacement of a
page table with the leaf SPTE.

Opportunistically update the comment to explain why skipping the unsync
stuff is safe, as opposed to simply saying "it's someone else's problem".

Cc: stable@vger.kernel.org
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20241010182427.1434605-5-seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>