diff options
author | Paolo Bonzini | 2014-05-27 13:24:54 +0200 |
---|---|---|
committer | Paolo Bonzini | 2014-06-05 16:10:35 +0200 |
commit | b09481de91cce94342bac3327bb7633c39ff8bf6 (patch) | |
tree | 6ad29f9c18cab7c5845257b9042a16974efda249 | |
parent | target-i386: support long addresses for 4MB pages (PSE-36) (diff) | |
download | qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.tar.gz qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.tar.xz qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.zip |
target-i386: fix protection bits in the TLB for SMEP
User pages must be marked as non-executable when running under SMEP;
otherwise, fetching the page first and then calling it will fail.
With this patch, all SMEP testcases in kvm-unit-tests now pass.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r-- | target-i386/helper.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/target-i386/helper.c b/target-i386/helper.c index 2b917ad28d..04beaebc98 100644 --- a/target-i386/helper.c +++ b/target-i386/helper.c @@ -749,8 +749,10 @@ do_check_protect_pse36: /* the page can be put in the TLB */ prot = PAGE_READ; - if (!(ptep & PG_NX_MASK)) + if (!(ptep & PG_NX_MASK) && + !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK))) { prot |= PAGE_EXEC; + } if (pte & PG_DIRTY_MASK) { /* only set write access if already dirty... otherwise wait for dirty access */ |