Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU feature for QEMU-KVM.
Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP
prevents kernel from executing code in application. Updated Intel SDM describes
this CPU feature. The document will be published soon.
SMEP is identified by CPUID leaf 7 EBX[7], which is 0 before.
Get the right value by query KVM kernel module, so that guest can get SMEP
through CPUID.
Signed off by: Yang, Wei <wei.y.y...@intel.com>
diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 091d812..cd20dbf 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -1115,6 +1115,14 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,
uint32_t count,
*ecx = 0;
*edx = 0;
break;
+ case 7:
+ if (kvm_enabled()) {
+ *eax = kvm_arch_get_supported_cpuid(env, 0x7, count, R_EAX);
+ *ebx = kvm_arch_get_supported_cpuid(env, 0x7, count, R_EBX);
+ *ecx = kvm_arch_get_supported_cpuid(env, 0x7, count, R_ECX);
+ *edx = kvm_arch_get_supported_cpuid(env, 0x7, count, R_EDX);
+ }
+ break;
case 9:
/* Direct Cache Access Information Leaf */
*eax = 0; /* Bits 0-31 in DCA_CAP MSR */
qemu-kvm-smep.patch
Description: qemu-kvm-smep.patch
