target-i386: fix protection bits in the TLB for SMEP

User pages must be marked as non-executable when running under SMEP; otherwise, fetching the page first and then calling it will fail. With this patch, all SMEP testcases in kvm-unit-tests now pass. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Paolo Bonzini <pbonzini@redhat.com> 2014-05-27 13:24:54 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> 2014-06-05 16:10:35 +0200
commit: b09481de91cce94342bac3327bb7633c39ff8bf6 (patch)
tree: 6ad29f9c18cab7c5845257b9042a16974efda249 /target-i386
parent: de431a655a7560d834e1187d6b30cb6b1946e90c (diff)
download: qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 2b917ad28d..04beaebc98 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -749,8 +749,10 @@ do_check_protect_pse36:
 
     /* the page can be put in the TLB */
     prot = PAGE_READ;
-    if (!(ptep & PG_NX_MASK))
+    if (!(ptep & PG_NX_MASK) &&
+        !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK))) {
         prot |= PAGE_EXEC;
+    }
     if (pte & PG_DIRTY_MASK) {
         /* only set write access if already dirty... otherwise wait
            for dirty access */
author	Paolo Bonzini <pbonzini@redhat.com>	2014-05-27 13:24:54 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2014-06-05 16:10:35 +0200
commit	b09481de91cce94342bac3327bb7633c39ff8bf6 (patch)
tree	6ad29f9c18cab7c5845257b9042a16974efda249 /target-i386
parent	de431a655a7560d834e1187d6b30cb6b1946e90c (diff)
download	qemu-b09481de91cce94342bac3327bb7633c39ff8bf6.tar.gz