Skip to content

Commit

Permalink
KVM: Add instruction fetch checking when walking guest page table
Browse files Browse the repository at this point in the history
This patch adds instruction fetch checking when walking guest page table,
to implement SMEP when emulating instead of executing natively.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Shan, Haitao <haitao.shan@intel.com>
Signed-off-by: Li, Xin <xin.li@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
  • Loading branch information
Yang, Wei Y authored and Avi Kivity committed Jul 12, 2011
1 parent 611c120 commit e57d4a3
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion arch/x86/kvm/paging_tmpl.h
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,12 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker,
gfn_t gfn;
u32 ac;

/* check if the kernel is fetching from user page */
if (unlikely(pte_access & PT_USER_MASK) &&
kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))
if (fetch_fault && !user_fault)
eperm = true;

gfn = gpte_to_gfn_lvl(pte, lvl);
gfn += (addr & PT_LVL_OFFSET_MASK(lvl)) >> PAGE_SHIFT;

Expand Down Expand Up @@ -305,7 +311,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker,

walker->fault.error_code |= write_fault | user_fault;

if (fetch_fault && mmu->nx)
if (fetch_fault && (mmu->nx ||
kvm_read_cr4_bits(vcpu, X86_CR4_SMEP)))
walker->fault.error_code |= PFERR_FETCH_MASK;
if (rsvd_fault)
walker->fault.error_code |= PFERR_RSVD_MASK;
Expand Down

0 comments on commit e57d4a3

Please sign in to comment.