From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [Patch v4 4/4] Add instruction fetch checking when walking guest
 page table
Date: Sun, 29 May 2011 16:58:35 +0300
Message-ID: <4DE2510B.2090106@redhat.com>
References: <5D8008F58939784290FAB48F5497519844E9278013@shsmsx502.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>
To: "Yang, Wei Y" <wei.y.yang@intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:17166 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751220Ab1E2N6n (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 29 May 2011 09:58:43 -0400
In-Reply-To: <5D8008F58939784290FAB48F5497519844E9278013@shsmsx502.ccr.corp.intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 05/29/2011 02:42 PM, Yang, Wei Y wrote:
> This patch adds instruction fetch checking when walking guest page table.
>
>
>
> +			/* check if the kernel is fetching from user page */
> +			if (unlikely((pte_access&  PT_USER_MASK)&&
> +				     kvm_read_cr4_bits(vcpu, X86_CR4_SMEP)))
> +				if (fetch_fault&&  !user_fault)
> +					eperm = true;
> +

pte_access is a union of ACC_*_MASK values, so this should be 
ACC_USER_MASK (though the values are the same).

The difference is that bit 0 is execute permission, while in ptes bit 63 
is the no-execute permission.

-- 
error compiling committee.c: too many arguments to function