[PATCH] KVM: nVMX: fix AD condition when handling EPT violation

[PATCH] KVM: nVMX: fix AD condition when handling EPT violation

[Radim Krčmář]

I have introduced this bug when applying and simplifying Paolo's patch
as we agreed on the list.  The original was "x &= ~y; if (z) x |= y;".

Here is the story of a bad workflow:

  A maintainer was already testing with the intended change, but it was
  applied only to a testing repo on a different machine.  When the time
  to push tested patches to kvm/next came, he realized that this change
  was missing and quickly added it to the maintenance repo, didn't test
  again (because the change is trivial, right), and pushed the world to
  fire.

Fixes: ae1e2d1082ae ("kvm: nVMX: support EPT accessed/dirty bits")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
---
 arch/x86/kvm/vmx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index cfdb0d9389d1..837f6dd1ae9c 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6221,7 +6221,7 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu)
 		 * page table accesses are reads or writes.
 		 */
 		u64 eptp = nested_ept_get_cr3(vcpu);
-		if (eptp & VMX_EPT_AD_ENABLE_BIT)
+		if (!(eptp & VMX_EPT_AD_ENABLE_BIT))
 			exit_qualification &= ~EPT_VIOLATION_ACC_WRITE;
 	}
 
-- 
2.12.0

Re: [PATCH] KVM: nVMX: fix AD condition when handling EPT violation

[Paolo Bonzini]

On 14/04/2017 00:39, Radim Krčmář wrote:
> I have introduced this bug when applying and simplifying Paolo's patch
> as we agreed on the list.  The original was "x &= ~y; if (z) x |= y;".
> 
> Here is the story of a bad workflow:
> 
>   A maintainer was already testing with the intended change, but it was
>   applied only to a testing repo on a different machine.  When the time
>   to push tested patches to kvm/next came, he realized that this change
>   was missing and quickly added it to the maintenance repo, didn't test
>   again (because the change is trivial, right), and pushed the world to
>   fire.
> 
> Fixes: ae1e2d1082ae ("kvm: nVMX: support EPT accessed/dirty bits")
> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
> ---
>  arch/x86/kvm/vmx.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index cfdb0d9389d1..837f6dd1ae9c 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -6221,7 +6221,7 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu)
>  		 * page table accesses are reads or writes.
>  		 */
>  		u64 eptp = nested_ept_get_cr3(vcpu);
> -		if (eptp & VMX_EPT_AD_ENABLE_BIT)
> +		if (!(eptp & VMX_EPT_AD_ENABLE_BIT))
>  			exit_qualification &= ~EPT_VIOLATION_ACC_WRITE;
>  	}
>  
> 

I have done this as well, so you're forgiven. :)

More important: did kvm-unit-test catch the bug?

Paolo

Re: [PATCH] KVM: nVMX: fix AD condition when handling EPT violation

[Radim Krčmář]

2017-04-14 13:10+0800, Paolo Bonzini:
> More important: did kvm-unit-test catch the bug?

It did;  the bright side. :)