patch vmm(4) - vmm(4): wire faulted in pages might have gone too far.

Hi

I believe the change [1] vmm(4): wire faulted in pages, might have been
a bit heavy handed a broken the use of VMM_IOC_MPROTECT_EPT ioctl.

[1] https://marc.info/?l=openbsd-cvs&m=161144130825752

please see the patch below which restores this functionality

Cheers
Adam


diff 917cc7a95e2615798ffadc2455c3a44858a11e95 /home/adams/devl/openbsd/src
blob - d2b4c387464638441fc98898e77dd01cb9bc3250
file + sys/arch/amd64/amd64/vmm.c
--- sys/arch/amd64/amd64/vmm.c
+++ sys/arch/amd64/amd64/vmm.c
@@ -5509,8 +5509,19 @@ svm_handle_np_fault(struct vcpu *vcpu)
 int
 vmx_fault_page(struct vcpu *vcpu, paddr_t gpa)
 {
- int ret;
+ int fault_type, ret;
 
+ fault_type = vmx_get_guest_faulttype();
+ if (fault_type == -1) {
+ printf("%s: invalid fault type\n", __func__);
+ return (EINVAL);
+ }
+
+ if (fault_type == VM_FAULT_PROTECT) {
+ vcpu->vc_exit.vee.vee_fault_type = VEE_FAULT_PROTECT;
+ return (EAGAIN);
+ }
+
  ret = uvm_fault(vcpu->vc_parent->vm_map, gpa, VM_FAULT_WIRE,
     PROT_READ | PROT_WRITE | PROT_EXEC);
 

Adam Steen writes:

Committed (ok via mlarkin@)...and thanks, again, Adam!

I chose to keep the logic of the diff as-is after speaking with mlarkin@
and reviewing my proposed refactor. (The refactor seemed like a better
fit for a future diff.) The only tweak I made was updating the
function's comment block.

-dv