From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51848)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsYZe-0007zY-T5
	for qemu-devel@nongnu.org; Thu, 05 Jun 2014 10:23:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsYZV-0000FQ-Hp
	for qemu-devel@nongnu.org; Thu, 05 Jun 2014 10:23:22 -0400
Received: from mail-wi0-x233.google.com ([2a00:1450:400c:c05::233]:48137)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsYZV-0000FA-Bp
	for qemu-devel@nongnu.org; Thu, 05 Jun 2014 10:23:13 -0400
Received: by mail-wi0-f179.google.com with SMTP id bs8so3591438wib.12
	for <qemu-devel@nongnu.org>; Thu, 05 Jun 2014 07:23:11 -0700 (PDT)
Received: from playground.station (net-37-117-132-7.cust.vodafonedsl.it.
	[37.117.132.7])
	by mx.google.com with ESMTPSA id p9sm14884136eeg.32.2014.06.05.07.23.10
	for <qemu-devel@nongnu.org>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 05 Jun 2014 07:23:10 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu,  5 Jun 2014 16:22:22 +0200
Message-Id: <1401978143-11896-33-git-send-email-pbonzini@redhat.com>
In-Reply-To: <1401978143-11896-1-git-send-email-pbonzini@redhat.com>
References: <1401978143-11896-1-git-send-email-pbonzini@redhat.com>
Subject: [Qemu-devel] [PULL 32/33] target-i386: fix protection bits in the
	TLB for SMEP
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

User pages must be marked as non-executable when running under SMEP;
otherwise, fetching the page first and then calling it will fail.

With this patch, all SMEP testcases in kvm-unit-tests now pass.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/helper.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target-i386/helper.c b/target-i386/helper.c
index 2b917ad..04beaeb 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -749,8 +749,10 @@ do_check_protect_pse36:
 
     /* the page can be put in the TLB */
     prot = PAGE_READ;
-    if (!(ptep & PG_NX_MASK))
+    if (!(ptep & PG_NX_MASK) &&
+        !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK))) {
         prot |= PAGE_EXEC;
+    }
     if (pte & PG_DIRTY_MASK) {
         /* only set write access if already dirty... otherwise wait
            for dirty access */
-- 
1.8.3.1