diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2014-05-27 13:24:54 +0200 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2014-06-05 16:10:35 +0200 |
commit | b09481de91cce94342bac3327bb7633c39ff8bf6 (patch) | |
tree | 6ad29f9c18cab7c5845257b9042a16974efda249 /target-i386 | |
parent | de431a655a7560d834e1187d6b30cb6b1946e90c (diff) | |
download | qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.zip qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.tar.gz qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.tar.bz2 |
target-i386: fix protection bits in the TLB for SMEP
User pages must be marked as non-executable when running under SMEP;
otherwise, fetching the page first and then calling it will fail.
With this patch, all SMEP testcases in kvm-unit-tests now pass.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'target-i386')
-rw-r--r-- | target-i386/helper.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/target-i386/helper.c b/target-i386/helper.c index 2b917ad..04beaeb 100644 --- a/target-i386/helper.c +++ b/target-i386/helper.c @@ -749,8 +749,10 @@ do_check_protect_pse36: /* the page can be put in the TLB */ prot = PAGE_READ; - if (!(ptep & PG_NX_MASK)) + if (!(ptep & PG_NX_MASK) && + !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK))) { prot |= PAGE_EXEC; + } if (pte & PG_DIRTY_MASK) { /* only set write access if already dirty... otherwise wait for dirty access */ |