diff mbox

KVM: VMX: fix SMEP and SMAP without EPT

Message ID 1446499200-17836-1-git-send-email-rkrcmar@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Radim Krčmář Nov. 2, 2015, 9:20 p.m. UTC
The comment in code had it mostly right, but we enable paging for
emulated real mode regardless of EPT.

Without EPT (which implies emulated real mode), secondary VCPUs won't
start unless we disable SM[AE]P when the guest doesn't use paging.

Signed-off-by: Radim Kr?má? <rkrcmar@redhat.com>
---
 arch/x86/kvm/vmx.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

Comments

Paolo Bonzini Nov. 3, 2015, 9:45 a.m. UTC | #1
On 02/11/2015 22:20, Radim Kr?má? wrote:
> The comment in code had it mostly right, but we enable paging for
> emulated real mode regardless of EPT.
> 
> Without EPT (which implies emulated real mode), secondary VCPUs won't
> start unless we disable SM[AE]P when the guest doesn't use paging.
> 
> Signed-off-by: Radim Kr?má? <rkrcmar@redhat.com>
> ---
>  arch/x86/kvm/vmx.c | 19 ++++++++++---------
>  1 file changed, 10 insertions(+), 9 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index b680c2e0e8a3..ab598558a7a4 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3788,20 +3788,21 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
>  		if (!is_paging(vcpu)) {
>  			hw_cr4 &= ~X86_CR4_PAE;
>  			hw_cr4 |= X86_CR4_PSE;
> -			/*
> -			 * SMEP/SMAP is disabled if CPU is in non-paging mode
> -			 * in hardware. However KVM always uses paging mode to
> -			 * emulate guest non-paging mode with TDP.
> -			 * To emulate this behavior, SMEP/SMAP needs to be
> -			 * manually disabled when guest switches to non-paging
> -			 * mode.
> -			 */
> -			hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
>  		} else if (!(cr4 & X86_CR4_PAE)) {
>  			hw_cr4 &= ~X86_CR4_PAE;
>  		}
>  	}
>  
> +	if (!enable_unrestricted_guest && !is_paging(vcpu))
> +		/*
> +		 * SMEP/SMAP is disabled if CPU is in non-paging mode in
> +		 * hardware.  However KVM always uses paging mode without
> +		 * unrestricted guest.
> +		 * To emulate this behavior, SMEP/SMAP needs to be manually
> +		 * disabled when guest switches to non-paging mode.
> +		 */
> +		hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
> +
>  	vmcs_writel(CR4_READ_SHADOW, cr4);
>  	vmcs_writel(GUEST_CR4, hw_cr4);
>  	return 0;
> 

Applied with Cc: stable@vger.kernel.org.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index b680c2e0e8a3..ab598558a7a4 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3788,20 +3788,21 @@  static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 		if (!is_paging(vcpu)) {
 			hw_cr4 &= ~X86_CR4_PAE;
 			hw_cr4 |= X86_CR4_PSE;
-			/*
-			 * SMEP/SMAP is disabled if CPU is in non-paging mode
-			 * in hardware. However KVM always uses paging mode to
-			 * emulate guest non-paging mode with TDP.
-			 * To emulate this behavior, SMEP/SMAP needs to be
-			 * manually disabled when guest switches to non-paging
-			 * mode.
-			 */
-			hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
 		} else if (!(cr4 & X86_CR4_PAE)) {
 			hw_cr4 &= ~X86_CR4_PAE;
 		}
 	}
 
+	if (!enable_unrestricted_guest && !is_paging(vcpu))
+		/*
+		 * SMEP/SMAP is disabled if CPU is in non-paging mode in
+		 * hardware.  However KVM always uses paging mode without
+		 * unrestricted guest.
+		 * To emulate this behavior, SMEP/SMAP needs to be manually
+		 * disabled when guest switches to non-paging mode.
+		 */
+		hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
+
 	vmcs_writel(CR4_READ_SHADOW, cr4);
 	vmcs_writel(GUEST_CR4, hw_cr4);
 	return 0;