| From ef318b9edf66a082f23d00d79b70c17b4c055a26 Mon Sep 17 00:00:00 2001 |
| From: Sean Christopherson <seanjc@google.com> |
| Date: Tue, 22 Jun 2021 10:56:49 -0700 |
| Subject: KVM: x86/mmu: Use MMU's role to detect CR4.SMEP value in nested NPT walk |
| |
| From: Sean Christopherson <seanjc@google.com> |
| |
| commit ef318b9edf66a082f23d00d79b70c17b4c055a26 upstream. |
| |
| Use the MMU's role to get its effective SMEP value when injecting a fault |
| into the guest. When walking L1's (nested) NPT while L2 is active, vCPU |
| state will reflect L2, whereas NPT uses the host's (L1 in this case) CR0, |
| CR4, EFER, etc... If L1 and L2 have different settings for SMEP and |
| L1 does not have EFER.NX=1, this can result in an incorrect PFEC.FETCH |
| when injecting #NPF. |
| |
| Fixes: e57d4a356ad3 ("KVM: Add instruction fetch checking when walking guest page table") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Sean Christopherson <seanjc@google.com> |
| Message-Id: <20210622175739.3610207-5-seanjc@google.com> |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/x86/kvm/mmu/paging_tmpl.h | 3 +-- |
| 1 file changed, 1 insertion(+), 2 deletions(-) |
| |
| --- a/arch/x86/kvm/mmu/paging_tmpl.h |
| +++ b/arch/x86/kvm/mmu/paging_tmpl.h |
| @@ -471,8 +471,7 @@ retry_walk: |
| |
| error: |
| errcode |= write_fault | user_fault; |
| - if (fetch_fault && (mmu->nx || |
| - kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))) |
| + if (fetch_fault && (mmu->nx || mmu->mmu_role.ext.cr4_smep)) |
| errcode |= PFERR_FETCH_MASK; |
| |
| walker->fault.vector = PF_VECTOR; |