Commit e57d4a35 authored by Yang, Wei Y's avatar Yang, Wei Y Committed by Avi Kivity

KVM: Add instruction fetch checking when walking guest page table

This patch adds instruction fetch checking when walking guest page table,
to implement SMEP when emulating instead of executing natively.
Signed-off-by: default avatarYang, Wei <wei.y.yang@intel.com>
Signed-off-by: default avatarShan, Haitao <haitao.shan@intel.com>
Signed-off-by: default avatarLi, Xin <xin.li@intel.com>
Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
parent 611c120f
...@@ -246,6 +246,12 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker, ...@@ -246,6 +246,12 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker,
gfn_t gfn; gfn_t gfn;
u32 ac; u32 ac;
/* check if the kernel is fetching from user page */
if (unlikely(pte_access & PT_USER_MASK) &&
kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))
if (fetch_fault && !user_fault)
eperm = true;
gfn = gpte_to_gfn_lvl(pte, lvl); gfn = gpte_to_gfn_lvl(pte, lvl);
gfn += (addr & PT_LVL_OFFSET_MASK(lvl)) >> PAGE_SHIFT; gfn += (addr & PT_LVL_OFFSET_MASK(lvl)) >> PAGE_SHIFT;
...@@ -305,7 +311,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker, ...@@ -305,7 +311,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker,
walker->fault.error_code |= write_fault | user_fault; walker->fault.error_code |= write_fault | user_fault;
if (fetch_fault && mmu->nx) if (fetch_fault && (mmu->nx ||
kvm_read_cr4_bits(vcpu, X86_CR4_SMEP)))
walker->fault.error_code |= PFERR_FETCH_MASK; walker->fault.error_code |= PFERR_FETCH_MASK;
if (rsvd_fault) if (rsvd_fault)
walker->fault.error_code |= PFERR_RSVD_MASK; walker->fault.error_code |= PFERR_RSVD_MASK;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment