commit
e7dda8ec9fc9020e4f53345cdbb18a2e82e54a65
VMX: disable SMEP feature when guest is in non-paging mode
disabled the SMEP bit if a guest VCPU was using HAP and was not
in paging mode. However I could observe VCPUs getting stuck in
the trampoline after the following patch in the Linux kernel
changed the way CR4 gets set up:
x86, realmode: read cr4 and EFER from kernel for 64-bit trampoline
The change will set CR4 from already set flags which includes the
SMEP bit. On bare metal this does not matter as the CPU is in non-
paging mode at that time. But Xen seems to use the emulated non-
paging mode regardless of HAP (I verified that on the guests I was
seeing the issue, HAP was not used).
Therefor it seems right to unset the SMEP bit for a VCPU that is
not in paging-mode, regardless of its HAP usage.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Keir Fraser <keir@xen.org>
Acked-by: Dongxiao Xu <dongxiao.xu@intel.com>
{
v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_PSE;
v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_PAE;
+ }
+ if ( !hvm_paging_enabled(v) )
+ {
/*
* SMEP is disabled if CPU is in non-paging mode in hardware.
* However Xen always uses paging mode to emulate guest non-paging
- * mode with HAP. To emulate this behavior, SMEP needs to be
- * manually disabled when guest switches to non-paging mode.
+ * mode. To emulate this behavior, SMEP needs to be manually
+ * disabled when guest VCPU is in non-paging mode.
*/
v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_SMEP;
}
projects / xen.git / commitdiff