[PATCH 16/22] KVM: x86/tdp_mmu: propagate access mask from kvm_mmu_page to PTE

Next message: Paolo Bonzini: "[PATCH 19/22] KVM: x86/mmu: add support for NPT GMET"
Previous message: Paolo Bonzini: "[PATCH 14/22] KVM: nVMX: advertise MBEC to nested guests"
In reply to: Jon Kohler: "Re: [PATCH 14/22] KVM: nVMX: advertise MBEC to nested guests"
Next in thread: Paolo Bonzini: "[PATCH 19/22] KVM: x86/mmu: add support for NPT GMET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paolo Bonzini

Date: Fri Mar 20 2026 - 20:16:37 EST

Until now, all SPTEs have had all kinds of access allowed; however,
for GMET to be enabled all the pages have to have ACC_USER_MASK
disabled. By marking them as supervisor pages, the processor
allows execution from either user or supervisor mode (unlike
for normal paging, NPT ignores the U bit for reads and writes).
That will mean that the root page's role has ACC_USER_MASK
cleared and that has to be propagated down through the TDP MMU
pages.

Do that in tdp_mmu_map_handle_target_level.

Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
---
arch/x86/kvm/mmu/tdp_mmu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
index 7f3d7229b2c1..f0e7528435cf 100644
--- a/arch/x86/kvm/mmu/tdp_mmu.c
+++ b/arch/x86/kvm/mmu/tdp_mmu.c
@@ -1161,9 +1161,9 @@ static int tdp_mmu_map_handle_target_level(struct kvm_vcpu *vcpu,
}

if (unlikely(!fault->slot))
- new_spte = make_mmio_spte(vcpu, iter->gfn, ACC_ALL);
+ new_spte = make_mmio_spte(vcpu, iter->gfn, sp->role.access);
else
- wrprot = make_spte(vcpu, sp, fault->slot, ACC_ALL, iter->gfn,
+ wrprot = make_spte(vcpu, sp, fault->slot, sp->role.access, iter->gfn,
fault->pfn, iter->old_spte, fault->prefetch,
false, fault->map_writable, &new_spte);

--
2.52.0