mirror of https://gitee.com/openkylin/linux.git
KVM: MMU: Set nx bit correctly on shadow ptes
While the page table walker correctly generates a guest page fault if a guest tries to execute a non-executable page, the shadow code does not mark it non-executable. This means that if a guest accesses an nx page first with a read access, then subsequent code fetch accesses will succeed. Fix by setting the nx bit on shadow ptes. Signed-off-by: Avi Kivity <avi@qumranet.com>
This commit is contained in:
parent
fe135d2ceb
commit
8d87a03aea
|
@ -255,6 +255,8 @@ static void FNAME(set_pte)(struct kvm_vcpu *vcpu, pt_element_t gpte,
|
||||||
spte |= gpte & PT64_NX_MASK;
|
spte |= gpte & PT64_NX_MASK;
|
||||||
if (!dirty)
|
if (!dirty)
|
||||||
pte_access &= ~ACC_WRITE_MASK;
|
pte_access &= ~ACC_WRITE_MASK;
|
||||||
|
if (!(pte_access & ACC_EXEC_MASK))
|
||||||
|
spte |= PT64_NX_MASK;
|
||||||
|
|
||||||
page = gfn_to_page(vcpu->kvm, gfn);
|
page = gfn_to_page(vcpu->kvm, gfn);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue