Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e57d4a35 authored by Yang, Wei Y's avatar Yang, Wei Y Committed by Avi Kivity
Browse files

KVM: Add instruction fetch checking when walking guest page table 



This patch adds instruction fetch checking when walking guest page table,
to implement SMEP when emulating instead of executing natively.

Signed-off-by: default avatarYang, Wei <wei.y.yang@intel.com>
Signed-off-by: default avatarShan, Haitao <haitao.shan@intel.com>
Signed-off-by: default avatarLi, Xin <xin.li@intel.com>
Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
parent 611c120f

arch/x86/kvm/paging_tmpl.h

+8 −1
Original line number Diff line number Diff line
@@ -246,6 +246,12 @@ walk: 
			gfn_t gfn;

			u32 ac;



			/* check if the kernel is fetching from user page */

			if (unlikely(pte_access & PT_USER_MASK) &&

			    kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))

				if (fetch_fault && !user_fault)

					eperm = true;



			gfn = gpte_to_gfn_lvl(pte, lvl);

			gfn += (addr & PT_LVL_OFFSET_MASK(lvl)) >> PAGE_SHIFT;
@@ -305,7 +311,8 @@ error: 


	walker->fault.error_code |= write_fault | user_fault;



	if (fetch_fault && mmu->nx)

	if (fetch_fault && (mmu->nx ||

			    kvm_read_cr4_bits(vcpu, X86_CR4_SMEP)))

		walker->fault.error_code |= PFERR_FETCH_MASK;

	if (rsvd_fault)

		walker->fault.error_code |= PFERR_RSVD_MASK;