From b09481de91cce94342bac3327bb7633c39ff8bf6 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 27 May 2014 13:24:54 +0200 Subject: target-i386: fix protection bits in the TLB for SMEP User pages must be marked as non-executable when running under SMEP; otherwise, fetching the page first and then calling it will fail. With this patch, all SMEP testcases in kvm-unit-tests now pass. Signed-off-by: Paolo Bonzini --- target-i386/helper.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/target-i386/helper.c b/target-i386/helper.c index 2b917ad..04beaeb 100644 --- a/target-i386/helper.c +++ b/target-i386/helper.c @@ -749,8 +749,10 @@ do_check_protect_pse36: /* the page can be put in the TLB */ prot = PAGE_READ; - if (!(ptep & PG_NX_MASK)) + if (!(ptep & PG_NX_MASK) && + !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK))) { prot |= PAGE_EXEC; + } if (pte & PG_DIRTY_MASK) { /* only set write access if already dirty... otherwise wait for dirty access */ -- cgit v1.1