From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v4 0/4] KVM: enable Intel SMAP for KVM
Date: Fri, 04 Apr 2014 09:27:31 +0200
Message-ID: <533E5EE3.4030708@redhat.com>
References: <1396345596-25682-1-git-send-email-feng.wu@intel.com> <533D904E.30801@redhat.com> <E959C4978C3B6342920538CF579893F001EA02BF@SHSMSX104.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
To: "Wu, Feng" <feng.wu@intel.com>,
	"gleb@redhat.com" <gleb@redhat.com>,
	"hpa@zytor.com" <hpa@zytor.com>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-wg0-f44.google.com ([74.125.82.44]:44158 "EHLO
	mail-wg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750755AbaDDH1h (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 4 Apr 2014 03:27:37 -0400
Received: by mail-wg0-f44.google.com with SMTP id m15so2969128wgh.15
        for <kvm@vger.kernel.org>; Fri, 04 Apr 2014 00:27:35 -0700 (PDT)
In-Reply-To: <E959C4978C3B6342920538CF579893F001EA02BF@SHSMSX104.ccr.corp.intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Il 04/04/2014 04:22, Wu, Feng ha scritto:
> Thank you for providing these test cases. I tested it in related hardware
> (both 32- and 64-bits) with both ept=1 and ept=0, they all pass.
>
> I also did some similar testing before posting the patch set. Since SMAP
> has been already supported in Linux kernel, in which, stac() and clac() are
> added in functions like copy_from_user(), copy_to_user(), etc.. From my
> previous test, Linux guest can run well on top of KVM with SMAP enabled.
> I think this covers the AC bit logic for testing. I also tested whether it can
> induce an SMAP violation when accessing user pages in kernel mode with
> AC bit cleared, I successfully got the SMAP violation fault in guest in that case.

Thanks, that is useful to know.  Knowing that you tried the failure path 
is good (next time point it out when submitting the patch).

I made unit tests because I'm not sure how much the new code is 
stimulated in normal runs of Linux with ept=1.  After the EPT tables are 
built on the first access, the processor will take care of doing SMAP 
checks.  With ept=0, more page faults should happen on the first access 
to a page.  Still, it seemed safer to have unit tests and have them try 
both without and with invlpg.

Even though the tests do not cover the CPL=3/implicit access case, the 
logic to compute PFERR_RSVD_MASK dynamically is already covered by AC=1. 
  So I'm quite happy with the coverage.  Series is

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>