diff mbox

[1/2] KVM: MMU: fix SMAP virtualization

Message ID 1431356122-8500-1-git-send-email-guangrong.xiao@linux.intel.com (mailing list archive)
State New, archived
Headers show

Commit Message

Xiao Guangrong May 11, 2015, 2:55 p.m. UTC 
KVM may turn a user page to a kernel page when kernel writes a readonly
user page if CR0.WP = 1. This shadow page entry will be reused after
SMAP is enabled so that kernel is allowed to access this user page

Fix it by setting SMAP && !CR0.WP into shadow page's role and reset mmu
once CR4.SMAP is updated

Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
---
 arch/x86/include/asm/kvm_host.h |  1 +
 arch/x86/kvm/mmu.c              | 16 ++++++++++++----
 arch/x86/kvm/mmu.h              |  2 --
 arch/x86/kvm/x86.c              |  8 +++-----
 4 files changed, 16 insertions(+), 11 deletions(-)

Comments

Boris Ostrovsky May 22, 2015, 8:43 p.m. UTC | #1 
On 05/11/2015 10:55 AM, Xiao Guangrong wrote:
> KVM may turn a user page to a kernel page when kernel writes a readonly
> user page if CR0.WP = 1. This shadow page entry will be reused after
> SMAP is enabled so that kernel is allowed to access this user page
>
> Fix it by setting SMAP && !CR0.WP into shadow page's role and reset mmu
> once CR4.SMAP is updated
>
> Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
> ---


>
> @@ -4208,12 +4211,18 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
>   		       const u8 *new, int bytes)
>   {
>   	gfn_t gfn = gpa >> PAGE_SHIFT;
> -	union kvm_mmu_page_role mask = { .word = 0 };
>   	struct kvm_mmu_page *sp;
>   	LIST_HEAD(invalid_list);
>   	u64 entry, gentry, *spte;
>   	int npte;
>   	bool remote_flush, local_flush, zap_page;
> +	union kvm_mmu_page_role mask = (union kvm_mmu_page_role) {
> +		.cr0_wp = 1,
> +		.cr4_pae = 1,
> +		.nxe = 1,
> +		.smep_andnot_wp = 1,
> +		.smap_andnot_wp = 1,
> +	};
>
>


This breaks older compilers that can't initialize anon structures.

-boris
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Bandan Das May 22, 2015, 11:54 p.m. UTC | #2 
Boris Ostrovsky <boris.ostrovsky@oracle.com> writes:

> On 05/11/2015 10:55 AM, Xiao Guangrong wrote:
>> KVM may turn a user page to a kernel page when kernel writes a readonly
>> user page if CR0.WP = 1. This shadow page entry will be reused after
>> SMAP is enabled so that kernel is allowed to access this user page
>>
>> Fix it by setting SMAP && !CR0.WP into shadow page's role and reset mmu
>> once CR4.SMAP is updated
>>
>> Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
>> ---
>
>
>>
>> @@ -4208,12 +4211,18 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
>>   		       const u8 *new, int bytes)
>>   {
>>   	gfn_t gfn = gpa >> PAGE_SHIFT;
>> -	union kvm_mmu_page_role mask = { .word = 0 };
>>   	struct kvm_mmu_page *sp;
>>   	LIST_HEAD(invalid_list);
>>   	u64 entry, gentry, *spte;
>>   	int npte;
>>   	bool remote_flush, local_flush, zap_page;
>> +	union kvm_mmu_page_role mask = (union kvm_mmu_page_role) {
>> +		.cr0_wp = 1,
>> +		.cr4_pae = 1,
>> +		.nxe = 1,
>> +		.smep_andnot_wp = 1,
>> +		.smap_andnot_wp = 1,
>> +	};
>>
>>
>
>
> This breaks older compilers that can't initialize anon structures.

How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
3.2 is the minimum version required to compile the kernel as mentioned
in the README.

We could simply just name the structure, but I doubt this is the
only place in the kernel code where it's being used this way :)

Bandan

> -boris
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Boris Ostrovsky May 23, 2015, 12:42 a.m. UTC | #3 
On 05/22/2015 07:54 PM, Bandan Das wrote:
> Boris Ostrovsky <boris.ostrovsky@oracle.com> writes:
>
>> On 05/11/2015 10:55 AM, Xiao Guangrong wrote:
>>> KVM may turn a user page to a kernel page when kernel writes a readonly
>>> user page if CR0.WP = 1. This shadow page entry will be reused after
>>> SMAP is enabled so that kernel is allowed to access this user page
>>>
>>> Fix it by setting SMAP && !CR0.WP into shadow page's role and reset mmu
>>> once CR4.SMAP is updated
>>>
>>> Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
>>> ---
>>
>>
>>>
>>> @@ -4208,12 +4211,18 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
>>>    		       const u8 *new, int bytes)
>>>    {
>>>    	gfn_t gfn = gpa >> PAGE_SHIFT;
>>> -	union kvm_mmu_page_role mask = { .word = 0 };
>>>    	struct kvm_mmu_page *sp;
>>>    	LIST_HEAD(invalid_list);
>>>    	u64 entry, gentry, *spte;
>>>    	int npte;
>>>    	bool remote_flush, local_flush, zap_page;
>>> +	union kvm_mmu_page_role mask = (union kvm_mmu_page_role) {
>>> +		.cr0_wp = 1,
>>> +		.cr4_pae = 1,
>>> +		.nxe = 1,
>>> +		.smep_andnot_wp = 1,
>>> +		.smap_andnot_wp = 1,
>>> +	};
>>>
>>>
>>
>>
>> This breaks older compilers that can't initialize anon structures.
>
> How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
> 3.2 is the minimum version required to compile the kernel as mentioned
> in the README.
>
> We could simply just name the structure, but I doubt this is the
> only place in the kernel code where it's being used this way :)


You can use them but you can't use initializers. Unfortunately my build 
system (F13) conveniently went down but this is an example from an old 
email:

FC-64 <build@build-mk2:~/xtt-x86_64/bootstrap> cat anon.c
struct bar {
struct {
int i;
};
};

main()
{
struct bar a = {.i = 0};
}

FC-64 <build@build-mk2:~/xtt-x86_64/bootstrap> gcc --version|head -1
gcc (GCC) 4.4.4 20100503 (Red Hat 4.4.4-2)
FC-64 <build@build-mk2:~/xtt-x86_64/bootstrap> gcc anon.c
anon.c: In function ‘main’:
anon.c:9: error: unknown field ‘i’ specified in initializer
FC-64 <build@build-mk2:~/xtt-x86_64/bootstrap>


but

build@build-mk2 bootstrap]$ gcc --version|head -1
gcc (GCC) 4.6.3 20120306 (Red Hat 4.6.3-2)
[build@build-mk2 bootstrap]$ gcc anon.c
[build@build-mk2 bootstrap]$


-boris
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Edward Cree May 26, 2015, 2:45 p.m. UTC | #4 
>> This breaks older compilers that can't initialize anon structures.
>
> How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
> 3.2 is the minimum version required to compile the kernel as mentioned
> in the README.
>
> We could simply just name the structure, but I doubt this is the
> only place in the kernel code where it's being used this way :)

This appears to be GCC bug #10676, see <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676>
Says it was fixed in 4.6, but I believe the kernel supports GCCs much older
than that (back to 3.2).  I personally hit it on 4.4.7, the version shipped
with RHEL6.6.
So I think the kernel code has to change, probably by naming the structure.
The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Paolo Bonzini May 26, 2015, 2:48 p.m. UTC | #5 
On 26/05/2015 16:45, Edward Cree wrote:
>>> This breaks older compilers that can't initialize anon structures.
>> >
>> > How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
>> > 3.2 is the minimum version required to compile the kernel as mentioned
>> > in the README.
>> >
>> > We could simply just name the structure, but I doubt this is the
>> > only place in the kernel code where it's being used this way :)
> This appears to be GCC bug #10676, see <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676>
> Says it was fixed in 4.6, but I believe the kernel supports GCCs much older
> than that (back to 3.2).  I personally hit it on 4.4.7, the version shipped
> with RHEL6.6.

Yes, it will be fixed soon(ish).  Probably before you can get rid of the
obnoxious disclaimer... :)

Paolo

> The information contained in this message is confidential and is
> intended for the addressee(s) only. If you have received this message
> in error, please notify the sender immediately and delete the
> message. Unless you are an addressee (or authorized to receive for an
> addressee), you may not use, copy or disclose to anyone this message
> or any information contained in this message. The unauthorized use,
> disclosure, copying or alteration of this message is strictly
> prohibited.

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Xiao Guangrong May 27, 2015, 2:53 a.m. UTC | #6 
On 05/26/2015 10:48 PM, Paolo Bonzini wrote:
>
>
> On 26/05/2015 16:45, Edward Cree wrote:
>>>> This breaks older compilers that can't initialize anon structures.
>>>>
>>>> How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
>>>> 3.2 is the minimum version required to compile the kernel as mentioned
>>>> in the README.
>>>>
>>>> We could simply just name the structure, but I doubt this is the
>>>> only place in the kernel code where it's being used this way :)
>> This appears to be GCC bug #10676, see <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676>
>> Says it was fixed in 4.6, but I believe the kernel supports GCCs much older
>> than that (back to 3.2).  I personally hit it on 4.4.7, the version shipped
>> with RHEL6.6.
>
> Yes, it will be fixed soon(ish).  Probably before you can get rid of the
> obnoxious disclaimer... :)

It has been fixed by Andrew:

From: Andrew Morton <akpm@linux-foundation.org>
Subject: arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug

arch/x86/kvm/mmu.c: In function 'kvm_mmu_pte_write':
arch/x86/kvm/mmu.c:4256: error: unknown field 'cr0_wp' specified in initializer
arch/x86/kvm/mmu.c:4257: error: unknown field 'cr4_pae' specified in initializer
arch/x86/kvm/mmu.c:4257: warning: excess elements in union initializer
...

gcc-4.4.4 (at least) has issues when using anonymous unions in
initializers.

Fixes: edc90b7dc4ceef6 ("KVM: MMU: fix SMAP virtualization")
Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Should be found at -mm tree.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Vinson Lee June 9, 2015, 5:14 a.m. UTC | #7 
On Tue, May 26, 2015 at 7:53 PM, Xiao Guangrong
<guangrong.xiao@linux.intel.com> wrote:
>
>
> On 05/26/2015 10:48 PM, Paolo Bonzini wrote:
>>
>>
>>
>> On 26/05/2015 16:45, Edward Cree wrote:
>>>>>
>>>>> This breaks older compilers that can't initialize anon structures.
>>>>>
>>>>> How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
>>>>> 3.2 is the minimum version required to compile the kernel as mentioned
>>>>> in the README.
>>>>>
>>>>> We could simply just name the structure, but I doubt this is the
>>>>> only place in the kernel code where it's being used this way :)
>>>
>>> This appears to be GCC bug #10676, see
>>> <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676>
>>> Says it was fixed in 4.6, but I believe the kernel supports GCCs much
>>> older
>>> than that (back to 3.2).  I personally hit it on 4.4.7, the version
>>> shipped
>>> with RHEL6.6.
>>
>>
>> Yes, it will be fixed soon(ish).  Probably before you can get rid of the
>> obnoxious disclaimer... :)
>
>
> It has been fixed by Andrew:
>
> From: Andrew Morton <akpm@linux-foundation.org>
> Subject: arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug
>
> arch/x86/kvm/mmu.c: In function 'kvm_mmu_pte_write':
> arch/x86/kvm/mmu.c:4256: error: unknown field 'cr0_wp' specified in
> initializer
> arch/x86/kvm/mmu.c:4257: error: unknown field 'cr4_pae' specified in
> initializer
> arch/x86/kvm/mmu.c:4257: warning: excess elements in union initializer
> ...
>
> gcc-4.4.4 (at least) has issues when using anonymous unions in
> initializers.
>
> Fixes: edc90b7dc4ceef6 ("KVM: MMU: fix SMAP virtualization")
> Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
>
> Should be found at -mm tree.
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Hi.

Please backport "arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug" to
stable trees that have backported "KVM: MMU: fix SMAP virtualization".

Currently, the Linux 4.0.5 build is broken with GCC 4.4.

"KVM: MMU: fix SMAP virtualization" is currently queued for 3.16.y-ckt
and 3.18.y.

Cheers,
Vinson
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Davidlohr Bueso June 10, 2015, 6:02 p.m. UTC | #8 
On Wed, 2015-05-27 at 10:53 +0800, Xiao Guangrong wrote:
> 
> On 05/26/2015 10:48 PM, Paolo Bonzini wrote:
> >
> >
> > On 26/05/2015 16:45, Edward Cree wrote:
> >>>> This breaks older compilers that can't initialize anon structures.
> >>>>
> >>>> How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
> >>>> 3.2 is the minimum version required to compile the kernel as mentioned
> >>>> in the README.
> >>>>
> >>>> We could simply just name the structure, but I doubt this is the
> >>>> only place in the kernel code where it's being used this way :)
> >> This appears to be GCC bug #10676, see <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676>
> >> Says it was fixed in 4.6, but I believe the kernel supports GCCs much older
> >> than that (back to 3.2).  I personally hit it on 4.4.7, the version shipped
> >> with RHEL6.6.
> >
> > Yes, it will be fixed soon(ish).  Probably before you can get rid of the
> > obnoxious disclaimer... :)
> 
> It has been fixed by Andrew:
> 
> From: Andrew Morton <akpm@linux-foundation.org>
> Subject: arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug

Folks, this fix is missing in both -tip and Linus' (4.1-rc7) tree. At
least I'm running into it.

Thanks,
Davidlohr

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Andrew Morton June 10, 2015, 6:08 p.m. UTC | #9 
On Wed, 10 Jun 2015 11:02:46 -0700 Davidlohr Bueso <dave@stgolabs.net> wrote:

> On Wed, 2015-05-27 at 10:53 +0800, Xiao Guangrong wrote:
> > 
> > On 05/26/2015 10:48 PM, Paolo Bonzini wrote:
> > >
> > >
> > > On 26/05/2015 16:45, Edward Cree wrote:
> > >>>> This breaks older compilers that can't initialize anon structures.
> > >>>>
> > >>>> How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
> > >>>> 3.2 is the minimum version required to compile the kernel as mentioned
> > >>>> in the README.
> > >>>>
> > >>>> We could simply just name the structure, but I doubt this is the
> > >>>> only place in the kernel code where it's being used this way :)
> > >> This appears to be GCC bug #10676, see <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676>
> > >> Says it was fixed in 4.6, but I believe the kernel supports GCCs much older
> > >> than that (back to 3.2).  I personally hit it on 4.4.7, the version shipped
> > >> with RHEL6.6.
> > >
> > > Yes, it will be fixed soon(ish).  Probably before you can get rid of the
> > > obnoxious disclaimer... :)
> > 
> > It has been fixed by Andrew:
> > 
> > From: Andrew Morton <akpm@linux-foundation.org>
> > Subject: arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug
> 
> Folks, this fix is missing in both -tip and Linus' (4.1-rc7) tree. At
> least I'm running into it.

hm, yes, it's in linux-next so I dropped my copy.

I'll send it in to Linus today.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Luis Henriques June 12, 2015, 12:11 p.m. UTC | #10 
On Mon, Jun 08, 2015 at 10:14:49PM -0700, Vinson Lee wrote:
> On Tue, May 26, 2015 at 7:53 PM, Xiao Guangrong
> <guangrong.xiao@linux.intel.com> wrote:
> >
> >
> > On 05/26/2015 10:48 PM, Paolo Bonzini wrote:
> >>
> >>
> >>
> >> On 26/05/2015 16:45, Edward Cree wrote:
> >>>>>
> >>>>> This breaks older compilers that can't initialize anon structures.
> >>>>>
> >>>>> How old ? Even gcc 3.1 says you can use unnamed struct/union fields and
> >>>>> 3.2 is the minimum version required to compile the kernel as mentioned
> >>>>> in the README.
> >>>>>
> >>>>> We could simply just name the structure, but I doubt this is the
> >>>>> only place in the kernel code where it's being used this way :)
> >>>
> >>> This appears to be GCC bug #10676, see
> >>> <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676>
> >>> Says it was fixed in 4.6, but I believe the kernel supports GCCs much
> >>> older
> >>> than that (back to 3.2).  I personally hit it on 4.4.7, the version
> >>> shipped
> >>> with RHEL6.6.
> >>
> >>
> >> Yes, it will be fixed soon(ish).  Probably before you can get rid of the
> >> obnoxious disclaimer... :)
> >
> >
> > It has been fixed by Andrew:
> >
> > From: Andrew Morton <akpm@linux-foundation.org>
> > Subject: arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug
> >
> > arch/x86/kvm/mmu.c: In function 'kvm_mmu_pte_write':
> > arch/x86/kvm/mmu.c:4256: error: unknown field 'cr0_wp' specified in
> > initializer
> > arch/x86/kvm/mmu.c:4257: error: unknown field 'cr4_pae' specified in
> > initializer
> > arch/x86/kvm/mmu.c:4257: warning: excess elements in union initializer
> > ...
> >
> > gcc-4.4.4 (at least) has issues when using anonymous unions in
> > initializers.
> >
> > Fixes: edc90b7dc4ceef6 ("KVM: MMU: fix SMAP virtualization")
> > Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
> > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> >
> > Should be found at -mm tree.
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/
> 
> Hi.
> 
> Please backport "arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug" to
> stable trees that have backported "KVM: MMU: fix SMAP virtualization".
> 
> Currently, the Linux 4.0.5 build is broken with GCC 4.4.
> 
> "KVM: MMU: fix SMAP virtualization" is currently queued for 3.16.y-ckt
> and 3.18.y.
> 
> Cheers,
> Vinson
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

I believe you're referring to the following commit:

commit 5ec45a192fe6e287f0fc06d5ca4f3bd446d94803
Author: Andrew Morton <akpm@linux-foundation.org>
Date:   Wed Jun 10 11:15:02 2015 -0700

    arch/x86/kvm/mmu.c: work around gcc-4.4.4 bug

I am queuing it for the 3.16 kernel.  Thanks!

Cheers,
--
Luís
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 8b661d1..bbb8f4e 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -207,6 +207,7 @@  union kvm_mmu_page_role {
 		unsigned nxe:1;
 		unsigned cr0_wp:1;
 		unsigned smep_andnot_wp:1;
+		unsigned smap_andnot_wp:1;
 	};
 };
 
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 3711095..b78e83f 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -3737,8 +3737,8 @@  static void reset_rsvds_bits_mask_ept(struct kvm_vcpu *vcpu,
 	}
 }
 
-void update_permission_bitmask(struct kvm_vcpu *vcpu,
-		struct kvm_mmu *mmu, bool ept)
+static void update_permission_bitmask(struct kvm_vcpu *vcpu,
+				      struct kvm_mmu *mmu, bool ept)
 {
 	unsigned bit, byte, pfec;
 	u8 map;
@@ -3919,6 +3919,7 @@  static void init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
 void kvm_init_shadow_mmu(struct kvm_vcpu *vcpu)
 {
 	bool smep = kvm_read_cr4_bits(vcpu, X86_CR4_SMEP);
+	bool smap = kvm_read_cr4_bits(vcpu, X86_CR4_SMAP);
 	struct kvm_mmu *context = &vcpu->arch.mmu;
 
 	MMU_WARN_ON(VALID_PAGE(context->root_hpa));
@@ -3937,6 +3938,8 @@  void kvm_init_shadow_mmu(struct kvm_vcpu *vcpu)
 	context->base_role.cr0_wp  = is_write_protection(vcpu);
 	context->base_role.smep_andnot_wp
 		= smep && !is_write_protection(vcpu);
+	context->base_role.smap_andnot_wp
+		= smap && !is_write_protection(vcpu);
 }
 EXPORT_SYMBOL_GPL(kvm_init_shadow_mmu);
 
@@ -4208,12 +4211,18 @@  void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
 		       const u8 *new, int bytes)
 {
 	gfn_t gfn = gpa >> PAGE_SHIFT;
-	union kvm_mmu_page_role mask = { .word = 0 };
 	struct kvm_mmu_page *sp;
 	LIST_HEAD(invalid_list);
 	u64 entry, gentry, *spte;
 	int npte;
 	bool remote_flush, local_flush, zap_page;
+	union kvm_mmu_page_role mask = (union kvm_mmu_page_role) {
+		.cr0_wp = 1,
+		.cr4_pae = 1,
+		.nxe = 1,
+		.smep_andnot_wp = 1,
+		.smap_andnot_wp = 1,
+	};
 
 	/*
 	 * If we don't have indirect shadow pages, it means no page is
@@ -4239,7 +4248,6 @@  void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
 	++vcpu->kvm->stat.mmu_pte_write;
 	kvm_mmu_audit(vcpu, AUDIT_PRE_PTE_WRITE);
 
-	mask.cr0_wp = mask.cr4_pae = mask.nxe = mask.smep_andnot_wp = 1;
 	for_each_gfn_indirect_valid_sp(vcpu->kvm, sp, gfn) {
 		if (detect_write_misaligned(sp, gpa, bytes) ||
 		      detect_write_flooding(sp)) {
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index 06eb2fc..0ada65e 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -71,8 +71,6 @@  enum {
 int handle_mmio_page_fault_common(struct kvm_vcpu *vcpu, u64 addr, bool direct);
 void kvm_init_shadow_mmu(struct kvm_vcpu *vcpu);
 void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, bool execonly);
-void update_permission_bitmask(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
-		bool ept);
 
 static inline unsigned int kvm_mmu_available_pages(struct kvm *kvm)
 {
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cdccbe1..cde5d61 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -702,8 +702,9 @@  EXPORT_SYMBOL_GPL(kvm_set_xcr);
 int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 {
 	unsigned long old_cr4 = kvm_read_cr4(vcpu);
-	unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE |
-				   X86_CR4_PAE | X86_CR4_SMEP;
+	unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE |
+				   X86_CR4_SMEP | X86_CR4_SMAP;
+
 	if (cr4 & CR4_RESERVED_BITS)
 		return 1;
 
@@ -744,9 +745,6 @@  int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 	    (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE)))
 		kvm_mmu_reset_context(vcpu);
 
-	if ((cr4 ^ old_cr4) & X86_CR4_SMAP)
-		update_permission_bitmask(vcpu, vcpu->arch.walk_mmu, false);
-
 	if ((cr4 ^ old_cr4) & X86_CR4_OSXSAVE)
 		kvm_update_cpuid(vcpu);