Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU
feature for QEMU-KVM.
Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP
prevents kernel from executing code in application. Updated Intel SDM describes
this CPU feature. The document will be published soon.
SMEP is identified by CPUID leaf 7 EBX[7], which is 0 before.
Get the right value by query KVM kernel module, so that guest can get SMEP through CPUID.
Signed-off-by: Yang Wei <wei.y.yang@xxxxxxxxx>
diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 091d812..2fff88b 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -1115,6 +1115,12 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
*ecx = 0;
*edx = 0;
break;
+ case 7:
+ *eax = kvm_arch_get_supported_cpuid(env, 0x7, count, R_EAX);
+ *ebx = kvm_arch_get_supported_cpuid(env, 0x7, count, R_EBX);
+ *ecx = kvm_arch_get_supported_cpuid(env, 0x7, count, R_ECX);
+ *edx = kvm_arch_get_supported_cpuid(env, 0x7, count, R_EDX);
+ break;
case 9:
/* Direct Cache Access Information Leaf */
*eax = 0; /* Bits 0-31 in DCA_CAP MSR */
Attachment:
qemu-kvm-smep.patch
Description: qemu-kvm-smep.patch
