When calling set_cr4_smep(1) to enable SMEP implementation will first
drop user access bit in ptl2 and then attempt to change actual cr4
value. In case emulated CPU does not support setting CR4.SMEP this will
generate a GP which we expect. However, in that case we should also
revert user access bit change. Othervise supervisor access sticks and
later faults the test binary.
Signed-off-by: Evgeny Yakovlev <wrfsh@xxxxxxxxxxxxxx>
---
x86/access.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/x86/access.c b/x86/access.c
index a0c19dc..ccdaefc 100644
--- a/x86/access.c
+++ b/x86/access.c
@@ -195,6 +195,7 @@ unsigned set_cr4_smep(int smep)
{
unsigned long cr4 = read_cr4();
unsigned long old_cr4 = cr4;
+ unsigned long ptl2_access;
extern u64 ptl2[];
unsigned r;
@@ -204,9 +205,15 @@ unsigned set_cr4_smep(int smep)
if (old_cr4 == cr4)
return 0;
+ ptl2_access = ptl2[2];
if (smep)
ptl2[2] &= ~PT_USER_MASK;
r = write_cr4_checking(cr4);
+ if (cr4 != read_cr4()) {
+ if (smep)
+ ptl2[2] = ptl2_access;
+ return r;
+ }
if (!smep)
ptl2[2] |= PT_USER_MASK;
return r;
--
2.7.4
