git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Paolo Bonzini <pbonzini@redhat.com>
	Wed, 8 Apr 2026 15:42:03 +0000 (11:42 -0400)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Sun, 10 May 2026 12:52:57 +0000 (14:52 +0200)
commit	2e111d932d1d7d5bbe2ecb5f0557a81281527cb7
tree	c7f157c7bcb43f50fdcf047d34ebe07745a4144c	tree \| snapshot
parent	b95b398d2e6d13ed47d4ab25bce499c7240923a1	commit \| diff

KVM: x86/mmu: split XS/XU bits for EPT

When EPT is in use, replace ACC_USER_MASK with ACC_USER_EXEC_MASK,
so that supervisor and user-mode execution can be controlled
independently (ACC_USER_MASK would not allow a setting similar to
XU=0 XS=1 W=1 R=1).

Replace shadow_x_mask with shadow_xs_mask/shadow_xu_mask, to allow setting
XS and XU bits separately in EPT entries.

In fact, ACC_USER_EXEC_MASK is already set through ACC_ALL in the
kvm_mmu_page roles and propagates to the XU bit of sPTEs even if
MBEC is not (yet) enabled in the execution controls. This is fine,
because the XU bit is ignored by the processor, and even once KVM
supports MBEC this mode will remain for processors that lack the
feature.

Tested-by: David Riley <d.riley@proxmox.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/kvm/mmu.h		diff \| blob \| blame \| history
arch/x86/kvm/mmu/mmu.c		diff \| blob \| blame \| history
arch/x86/kvm/mmu/mmutrace.h		diff \| blob \| blame \| history
arch/x86/kvm/mmu/spte.c		diff \| blob \| blame \| history
arch/x86/kvm/mmu/spte.h		diff \| blob \| blame \| history