The backport was validated by running the kvm-unit-tests testcase [1] mentioned in the commit message.
Before the patch ---------------- root@intel-x86-64:~# modprobe kvm_intel ept=0 root@intel-x86-64:~# cat /sys/module/kvm_intel/parameters/ept N root@intel-x86-64:~# ./access BUILD_HEAD=ba3c9773 timeout -k 1s --foreground 3600 /usr/bin/qemu-system-x86_64 --no-reboot -nodefaults -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device pci-testdev -machine accel=kvm -kernel /tmp/tmp.V6ME9Ebamh -smp 1 -cpu max # -initrd /tmp/tmp.DycLfAySkL enabling apic starting test
run CR4.PKE not available, disabling PKE tests .......................................................................................... test pte.p pte.rw pte.user pte.a pte.d pde.p pde.rw pde.user pde.a pdpte.ro user write: FAIL: unexpected access Dump mapping: address: 0x1234c0200000 ------L4: 5d72027 ------L3: 5d71025 ------L2: 5d74027 ------L1: 2000067 check_effective_sp_permissions: write access at4 should fail
5898246 tests, 1 failures FAIL access
After the patch --------------- root@intel-x86-64:~# modprobe kvm_intel ept=0 root@intel-x86-64:~# cat /sys/module/kvm_intel/parameters/ept N root@intel-x86-64:~# ./access BUILD_HEAD=ba3c9773 timeout -k 1s --foreground 3600 /usr/bin/qemu-system-x86_64 --no-reboot -nodefaults -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device pci-testdev -machine accel=kvm -kernel /tmp/tmp.UmWsRrn6l0 -smp 1 -cpu max # -initrd /tmp/tmp.Up02J8RkHY enabling apic starting test
run CR4.PKE not available, disabling PKE tests .......................................................................................... 5898246 tests, 0 failures PASS access
[1] https://gitlab.com/kvm-unit-tests/kvm-unit-tests/-/commit/47fd6bc54674fb1d8a...
Lai Jiangshan (1): KVM: X86: MMU: Use the correct inherited permissions to get shadow page
Documentation/virt/kvm/mmu.txt | 4 ++-- arch/x86/kvm/paging_tmpl.h | 14 +++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-)