| Message ID | 1453883430-9098-2-git-send-email-huaitong.han@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
>>> On 27.01.16 at 09:30, <huaitong.han@intel.com> wrote: > Changes in v7: > no changes. > ---- > > This patch disables pkeys for guest in non-paging mode, However XEN always > uses > paging mode to emulate guest non-paging mode, To emulate this behavior, pkeys > needs to be manually disabled when guest switches to non-paging mode. > > Signed-off-by: Huaitong Han <huaitong.han@intel.com> > Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> > --- The "Changes in" belongs here, the way it's done now will require extra work while committing. Hence this needs to be resent in proper shape. Jan
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 04dde83..a0d51cb 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1368,12 +1368,13 @@ static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr) if ( !hvm_paging_enabled(v) ) { /* - * SMEP/SMAP is disabled if CPU is in non-paging mode in hardware. - * However Xen always uses paging mode to emulate guest non-paging - * mode. To emulate this behavior, SMEP/SMAP needs to be manually - * disabled when guest VCPU is in non-paging mode. + * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in + * hardware. However Xen always uses paging mode to emulate guest + * non-paging mode. To emulate this behavior, SMEP/SMAP/PKU needs + * to be manually disabled when guest VCPU is in non-paging mode. */ - v->arch.hvm_vcpu.hw_cr[4] &= ~(X86_CR4_SMEP | X86_CR4_SMAP); + v->arch.hvm_vcpu.hw_cr[4] &= + ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE); } __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); break;