aboutsummaryrefslogtreecommitdiffstats
path: root/xen/include/asm-x86/domain.h
diff options
context:
space:
mode:
authorKeir Fraser <keir@xen.org>2011-06-03 21:39:00 +0100
committerKeir Fraser <keir@xen.org>2011-06-03 21:39:00 +0100
commita2e55460988adcd150c9d80b790f10a95a9203c7 (patch)
treeb25eb227735187b04a9567216b4ed28759372e1a /xen/include/asm-x86/domain.h
parent997f96a28b192da35e3ed494df7d2d56804c79d9 (diff)
downloadxen-a2e55460988adcd150c9d80b790f10a95a9203c7.tar.gz
xen-a2e55460988adcd150c9d80b790f10a95a9203c7.tar.bz2
xen-a2e55460988adcd150c9d80b790f10a95a9203c7.zip
x86: Enable Supervisor Mode Execution Protection (SMEP)
Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP prevents software operating with CPL < 3 (supervisor mode) from fetching instructions from any linear address with a valid translation for which the U/S flag (bit 2) is 1 in every paging-structure entry controlling the translation for the linear address. This patch enables SMEP in Xen to protect Xen hypervisor from executing pv guest instructions, whose translation paging-structure entries' U/S flags are all set. Signed-off-by: Yang Wei <wei.y.yang@intel.com> Signed-off-by: Shan Haitao <haitao.shan@intel.com> Signed-off-by: Li Xin <xin.li@intel.com> Signed-off-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/include/asm-x86/domain.h')
-rw-r--r--xen/include/asm-x86/domain.h14
1 files changed, 8 insertions, 6 deletions
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 0488e655bb..fe877d7588 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -527,12 +527,14 @@ unsigned long pv_guest_cr4_fixup(const struct vcpu *, unsigned long guest_cr4);
/* Convert between guest-visible and real CR4 values. */
#define pv_guest_cr4_to_real_cr4(v) \
(((v)->arch.pv_vcpu.ctrlreg[4] \
- | (mmu_cr4_features & (X86_CR4_PGE | X86_CR4_PSE)) \
- | ((v)->domain->arch.vtsc ? X86_CR4_TSD : 0) \
- | ((xsave_enabled(v))? X86_CR4_OSXSAVE : 0)) \
- & ~X86_CR4_DE)
-#define real_cr4_to_pv_guest_cr4(c) \
- ((c) & ~(X86_CR4_PGE | X86_CR4_PSE | X86_CR4_TSD | X86_CR4_OSXSAVE))
+ | (mmu_cr4_features \
+ & (X86_CR4_PGE | X86_CR4_PSE | X86_CR4_SMEP)) \
+ | ((v)->domain->arch.vtsc ? X86_CR4_TSD : 0) \
+ | ((xsave_enabled(v))? X86_CR4_OSXSAVE : 0)) \
+ & ~X86_CR4_DE)
+#define real_cr4_to_pv_guest_cr4(c) \
+ ((c) & ~(X86_CR4_PGE | X86_CR4_PSE | X86_CR4_TSD \
+ | X86_CR4_OSXSAVE | X86_CR4_SMEP))
void domain_cpuid(struct domain *d,
unsigned int input,
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 15:55:27 +0000