From 2be83e13b70aba781a2c2549cf2cfb80ae6366bd Mon Sep 17 00:00:00 2001 From: Sean Christopherson Date: Thu, 18 Jan 2018 13:03:04 -0800 Subject: [PATCH 1/2] KVM: VMX: Define EPT suppress #VE bit (bit 63 in EPT leaf entries) VMX provides a capability that allows EPT violations to be reflected into the guest as Virtualization Exceptions (#VE). The primary use case of EPT violation #VEs is to improve the performance of virtualization- based security solutions, e.g. eliminate a VM-Exit -> VM-Exit roundtrip when utilizing EPT to protect priveleged data structures or code. The "Suppress #VE" bit allows a VMM to opt-out of EPT violation #VEs on a per page basis, e.g. when a page is marked not-present due to lazy installation or is write-protected for dirty page logging. The "Suppress #VE" bit is ignored: - By hardware that does not support EPT violation #VEs - When the EPT violation #VE VMCS control is disabled - On non-leaf EPT entries Signed-off-by: Sean Christopherson --- arch/x86/include/asm/vmx.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 4e4133e86484..af52d6aa134a 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -501,6 +501,7 @@ enum vmcs_field { #define VMX_EPT_IPAT_BIT (1ull << 6) #define VMX_EPT_ACCESS_BIT (1ull << 8) #define VMX_EPT_DIRTY_BIT (1ull << 9) +#define VMX_EPT_SUPPRESS_VE_BIT (1ull << 63) #define VMX_EPT_RWX_MASK (VMX_EPT_READABLE_MASK | \ VMX_EPT_WRITABLE_MASK | \ VMX_EPT_EXECUTABLE_MASK) -- 2.21.0