On 09/12/2012 10:29 PM, Avi Kivity wrote:
> + pte_access = pt_access & gpte_access(vcpu, pte);
> + eperm |= (mmu->permissions[access >> 1] >> pte_access) & 1;
>
> last_gpte = FNAME(is_last_gpte)(walker, vcpu, mmu, pte);
> - if (last_gpte) {
> - pte_access = pt_access & gpte_access(vcpu, pte);
> - /* check if the kernel is fetching from user page */
> - if (unlikely(pte_access & PT_USER_MASK) &&
> - kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))
> - if (fetch_fault && !user_fault)
> - eperm = true;
> - }
I see this in the SDM:
If CR4.SMEP = 1, instructions may be fetched from any linear
address with a valid translation for which the U/S flag (bit 2) is 0 in at
least one of the paging-structure entries controlling the translation.
This patch checks smep on every levels, breaks this rule.
(current code checks smep on the last level).
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
