diff options
| author | Stefan Bader <stefan.bader@canonical.com> | 2013-04-09 16:27:14 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2013-04-09 16:27:14 +0200 |
| commit | 2cf4461ac868ca82fd63b370afe9efe9a1291900 (patch) | |
| tree | a26b7b577b14a6314f3d9b163152635471509dcd | |
| parent | a625c40e553907d581aa9fbbab762b64841e2741 (diff) | |
| download | xen-2cf4461ac868ca82fd63b370afe9efe9a1291900.tar.gz xen-2cf4461ac868ca82fd63b370afe9efe9a1291900.tar.bz2 xen-2cf4461ac868ca82fd63b370afe9efe9a1291900.zip | |
VMX: Always disable SMEP when guest is in non-paging mode
commit e7dda8ec9fc9020e4f53345cdbb18a2e82e54a65
VMX: disable SMEP feature when guest is in non-paging mode
disabled the SMEP bit if a guest VCPU was using HAP and was not
in paging mode. However I could observe VCPUs getting stuck in
the trampoline after the following patch in the Linux kernel
changed the way CR4 gets set up:
x86, realmode: read cr4 and EFER from kernel for 64-bit trampoline
The change will set CR4 from already set flags which includes the
SMEP bit. On bare metal this does not matter as the CPU is in non-
paging mode at that time. But Xen seems to use the emulated non-
paging mode regardless of HAP (I verified that on the guests I was
seeing the issue, HAP was not used).
Therefor it seems right to unset the SMEP bit for a VCPU that is
not in paging-mode, regardless of its HAP usage.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Keir Fraser <keir@xen.org>
Acked-by: Dongxiao Xu <dongxiao.xu@intel.com>
master commit: 0d2e673a763bc7c2ddf97fed074eb691d325ecc5
master date: 2013-04-04 10:37:19 +0200
| -rw-r--r-- | xen/arch/x86/hvm/vmx/vmx.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index e720c148b2..425030b1e5 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1186,11 +1186,14 @@ static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr) { v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_PSE; v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_PAE; + } + if ( !hvm_paging_enabled(v) ) + { /* * SMEP is disabled if CPU is in non-paging mode in hardware. * However Xen always uses paging mode to emulate guest non-paging - * mode with HAP. To emulate this behavior, SMEP needs to be - * manually disabled when guest switches to non-paging mode. + * mode. To emulate this behavior, SMEP needs to be manually + * disabled when guest VCPU is in non-paging mode. */ v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_SMEP; } |