x86/svm: Fix a livelock when trying to run shadowed unpaged guests

author Andrew Cooper <andrew.cooper3@citrix.com>

Tue, 24 Oct 2017 14:40:23 +0000 (16:40 +0200)

committer Jan Beulich <jbeulich@suse.com>

Tue, 24 Oct 2017 14:40:23 +0000 (16:40 +0200)
author Andrew Cooper <andrew.cooper3@citrix.com>
Tue, 24 Oct 2017 14:40:23 +0000 (16:40 +0200)
committer Jan Beulich <jbeulich@suse.com>
Tue, 24 Oct 2017 14:40:23 +0000 (16:40 +0200)
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c

index b0715e633ac05930c8e810ef5a1307d85d30dbae..59168387408fc14ff490580df22980d1a9385b69 100644 (file)
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -573,6 +573,24 @@ void svm_update_guest_cr(struct vcpu *v, unsigned int cr)
          if ( paging_mode_hap(v->domain) )
              value &= ~X86_CR4_PAE;
          value |= v->arch.hvm_vcpu.guest_cr[4];
+
+        if ( !hvm_paging_enabled(v) )
+        {
+            /*
+             * When the guest thinks paging is disabled, Xen may need to hide
+             * the effects of shadow paging, as hardware runs with the host
+             * paging settings, rather than the guests settings.
+             *
+             * Without CR0.PG, all memory accesses are user mode, so
+             * _PAGE_USER must be set in the shadow pagetables for guest
+             * userspace to function.  This in turn trips up guest supervisor
+             * mode if SMEP/SMAP are left active in context.  They wouldn't
+             * have any effect if paging was actually disabled, so hide them
+             * behind the back of the guest.
+             */
+            value &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
+        }
+
          vmcb_set_cr4(vmcb, value);
          break;
      default:
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 24 Oct 2017 14:40:23 +0000 (16:40 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Tue, 24 Oct 2017 14:40:23 +0000 (16:40 +0200)