Commit 2628ad5d authored by Radim Krčmář's avatar Radim Krčmář Committed by Luis Henriques

KVM: VMX: fix SMEP and SMAP without EPT

commit 656ec4a4 upstream.

The comment in code had it mostly right, but we enable paging for
emulated real mode regardless of EPT.

Without EPT (which implies emulated real mode), secondary VCPUs won't
start unless we disable SM[AE]P when the guest doesn't use paging.
Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent 811f0bd9
...@@ -3523,20 +3523,21 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) ...@@ -3523,20 +3523,21 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
if (!is_paging(vcpu)) { if (!is_paging(vcpu)) {
hw_cr4 &= ~X86_CR4_PAE; hw_cr4 &= ~X86_CR4_PAE;
hw_cr4 |= X86_CR4_PSE; hw_cr4 |= X86_CR4_PSE;
/*
* SMEP/SMAP is disabled if CPU is in non-paging mode
* in hardware. However KVM always uses paging mode to
* emulate guest non-paging mode with TDP.
* To emulate this behavior, SMEP/SMAP needs to be
* manually disabled when guest switches to non-paging
* mode.
*/
hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
} else if (!(cr4 & X86_CR4_PAE)) { } else if (!(cr4 & X86_CR4_PAE)) {
hw_cr4 &= ~X86_CR4_PAE; hw_cr4 &= ~X86_CR4_PAE;
} }
} }
if (!enable_unrestricted_guest && !is_paging(vcpu))
/*
* SMEP/SMAP is disabled if CPU is in non-paging mode in
* hardware. However KVM always uses paging mode without
* unrestricted guest.
* To emulate this behavior, SMEP/SMAP needs to be manually
* disabled when guest switches to non-paging mode.
*/
hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
vmcs_writel(CR4_READ_SHADOW, cr4); vmcs_writel(CR4_READ_SHADOW, cr4);
vmcs_writel(GUEST_CR4, hw_cr4); vmcs_writel(GUEST_CR4, hw_cr4);
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment