diff options
| author | Xiao Guangrong | 2015-05-11 16:55:21 +0200 |
|---|---|---|
| committer | Paolo Bonzini | 2015-05-11 17:17:50 +0200 |
| commit | 0be0226f07d14b153a5eedf2bb86e1eb7dcefab5 (patch) | |
| tree | a69e9c24597cd620922617e6315ba07b7bd63ca3 /arch/x86/kvm/x86.c | |
| parent | KVM: MMU: fix CR4.SMEP=1, CR0.WP=0 with shadow pages (diff) | |
| download | kernel-qcow2-linux-0be0226f07d14b153a5eedf2bb86e1eb7dcefab5.tar.gz kernel-qcow2-linux-0be0226f07d14b153a5eedf2bb86e1eb7dcefab5.tar.xz kernel-qcow2-linux-0be0226f07d14b153a5eedf2bb86e1eb7dcefab5.zip | |
KVM: MMU: fix SMAP virtualization
KVM may turn a user page to a kernel page when kernel writes a readonly
user page if CR0.WP = 1. This shadow page entry will be reused after
SMAP is enabled so that kernel is allowed to access this user page
Fix it by setting SMAP && !CR0.WP into shadow page's role and reset mmu
once CR4.SMAP is updated
Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'arch/x86/kvm/x86.c')
| -rw-r--r-- | arch/x86/kvm/x86.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c73efcd03e29..986b3f5d0523 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -702,8 +702,9 @@ EXPORT_SYMBOL_GPL(kvm_set_xcr); int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { unsigned long old_cr4 = kvm_read_cr4(vcpu); - unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | - X86_CR4_PAE | X86_CR4_SMEP; + unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE | + X86_CR4_SMEP | X86_CR4_SMAP; + if (cr4 & CR4_RESERVED_BITS) return 1; @@ -744,9 +745,6 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE))) kvm_mmu_reset_context(vcpu); - if ((cr4 ^ old_cr4) & X86_CR4_SMAP) - update_permission_bitmask(vcpu, vcpu->arch.walk_mmu, false); - if ((cr4 ^ old_cr4) & X86_CR4_OSXSAVE) kvm_update_cpuid(vcpu); |