[RFC PATCH v1 21/34] KVM: VMX: Define EPT suppress #VE bit (bit 63 in EPT... | virtualization

[RFC PATCH v1 00/34] VM introspection - EPT Views and Virtualization Exceptions · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 03/34] KVM: x86: add kvm_get_ept_view() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 01/34] KVM: x86: export .get_vmfunc_status() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 07/34] KVM: x86: mmu: increase mmu_memory_cache size · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 09/34] KVM: x86: add .control_ept_view() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 10/34] KVM: x86: page track: allow page tracking for different EPT views · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 21/34] KVM: VMX: Define EPT suppress #VE bit (bit 63 in EPT leaf entries) · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 26/34] KVM: x86: add .set_ve_info() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 31/34] KVM: introspection: add #VE host capability checker · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 28/34] KVM: x86: page_track: add support for suppress #VE bit · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 32/34] KVM: introspection: add KVMI_VCPU_SET_VE_INFO/KVMI_VCPU_DISABLE_VE · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 24/34] KVM: vmx: trigger vm-exits for mmio sptes by default when #VE is enabled · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 16/34] KVM: introspection: add KVMI_VCPU_CONTROL_EPT_VIEW · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 33/34] KVM: introspection: mask out non-rwx flags when reading/writing from/to the internal database · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 34/34] KVM: introspection: add KVMI_VM_SET_PAGE_SVE · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 29/34] KVM: vmx: make use of EPTP_INDEX in vmx_handle_exit() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 30/34] KVM: vmx: make use of EPTP_INDEX in vmx_set_ept_view() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 22/34] KVM: VMX: Suppress EPT violation #VE by default (when enabled) · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 27/34] KVM: x86: add .disable_ve() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 17/34] KVM: introspection: extend the access rights database with EPT view info · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 23/34] KVM: x86: mmu: fix: update present_mask in spte_read_protect() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 20/34] KVM: x86: vmx: add support for virtualization exceptions · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 25/34] KVM: x86: svm: set .clear_page() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 05/34] KVM: x86: mmu: add EPT view parameter to kvm_mmu_get_page() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 19/34] KVM: introspection: clean non-default EPTs on unhook · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 15/34] KVM: introspection: add KVMI_VCPU_SET_EPT_VIEW · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 12/34] KVM: introspection: extend struct kvmi_features with the EPT views status support · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 14/34] KVM: introspection: add 'view' field to struct kvmi_event_arch · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 18/34] KVM: introspection: extend KVMI_VM_SET_PAGE_ACCESS with EPT view info · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 06/34] KVM: x86: mmu: add support for EPT switching · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 11/34] KVM: x86: mmu: allow zapping shadow pages for specific EPT views · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 13/34] KVM: introspection: add KVMI_VCPU_GET_EPT_VIEW · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 08/34] KVM: x86: add .set_ept_view() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 02/34] KVM: x86: export .get_eptp_switching_status() · Adalbert Lazăr <hidden> · 2020-07-22
[RFC PATCH v1 04/34] KVM: x86: mmu: reindent to avoid lines longer than 80 chars · Adalbert Lazăr <hidden> · 2020-07-22

STALE2163d

[RFC PATCH v1 21/34] KVM: VMX: Define EPT suppress #VE bit (bit 63 in EPT leaf entries)

From: Adalbert Lazăr <hidden>
Date: 2020-07-22 16:01:42
Also in: kvm
Subsystem: kernel virtual machine for x86 (kvm/x86), the rest, x86 architecture (32-bit and 64-bit) · Maintainers: Sean Christopherson, Paolo Bonzini, Linus Torvalds, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen

From: Sean Christopherson <redacted>

VMX provides a capability that allows EPT violations to be reflected
into the guest as Virtualization Exceptions (#VE).  The primary use case
of EPT violation #VEs is to improve the performance of virtualization-
based security solutions, e.g. eliminate a VM-Exit -> VM-Exit roundtrip
when utilizing EPT to protect priveleged data structures or code.

The "Suppress #VE" bit allows a VMM to opt-out of EPT violation #VEs on
a per page basis, e.g. when a page is marked not-present due to lazy
installation or is write-protected for dirty page logging.

The "Suppress #VE" bit is ignored:

  - By hardware that does not support EPT violation #VEs
  - When the EPT violation #VE VMCS control is disabled
  - On non-leaf EPT entries

Signed-off-by: Sean Christopherson <redacted>
Signed-off-by: Adalbert Lazăr <redacted>
---
 arch/x86/include/asm/vmx.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 177500e9e68c..8082158e3e96 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h

@@ -498,6 +498,7 @@ enum vmcs_field {
 #define VMX_EPT_IPAT_BIT    			(1ull << 6)
 #define VMX_EPT_ACCESS_BIT			(1ull << 8)
 #define VMX_EPT_DIRTY_BIT			(1ull << 9)
+#define VMX_EPT_SUPPRESS_VE_BIT			(1ull << 63)
 #define VMX_EPT_RWX_MASK                        (VMX_EPT_READABLE_MASK |       \
 						 VMX_EPT_WRITABLE_MASK |       \
 						 VMX_EPT_EXECUTABLE_MASK)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help