From 476cf36ac0de41bd5070f902c430d5ce90c7f590 Mon Sep 17 00:00:00 2001
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date: Wed, 9 Sep 2015 17:08:56 +0200
Subject: [PATCH] x86/pvh: do not allow 32-bit PVH guests to clear CR4's PAE
 bit

.. since we only support 32-bit PV(H) guests in PAE mode.

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
 xen/arch/x86/hvm/hvm.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index a38c302aa7..c6d2e59169 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3522,11 +3522,19 @@ int hvm_set_cr4(unsigned long value, bool_t may_defer)
         goto gpf;
     }
 
-    if ( !(value & X86_CR4_PAE) && hvm_long_mode_enabled(v) )
+    if ( !(value & X86_CR4_PAE) )
     {
-        HVM_DBG_LOG(DBG_LEVEL_1, "Guest cleared CR4.PAE while "
-                    "EFER.LMA is set");
-        goto gpf;
+        if ( hvm_long_mode_enabled(v) )
+        {
+            HVM_DBG_LOG(DBG_LEVEL_1, "Guest cleared CR4.PAE while "
+                        "EFER.LMA is set");
+            goto gpf;
+        }
+        if ( is_pvh_vcpu(v) )
+        {
+            HVM_DBG_LOG(DBG_LEVEL_1, "32-bit PVH guest cleared CR4.PAE");
+            goto gpf;
+        }
     }
 
     old_cr = v->arch.hvm_vcpu.guest_cr[4];
-- 
2.30.2