KVM: x86/mmu: Use MMU's role to detect CR4.SMEP value in nested NPT walk

Use the MMU's role to get its effective SMEP value when injecting a fault into the guest. When walking L1's (nested) NPT while L2 is active, vCPU state will reflect L2, whereas NPT uses the host's (L1 in this case) CR0, CR4, EFER, etc... If L1 and L2 have different settings for SMEP and L1 does not have EFER.NX=1, this can result in an incorrect PFEC.FETCH when injecting #NPF. Fixes: e57d4a356ad3 ("KVM: Add instruction fetch checking when walking guest page table") Cc: [email protected] Signed-off-by: Sean Christopherson <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
author: Sean Christopherson <[email protected]> 2021-06-22 10:56:49 -0700
committer: Paolo Bonzini <[email protected]> 2021-06-24 18:00:35 -0400
commit: ef318b9edf66a082f23d00d79b70c17b4c055a26 (patch)
tree: bcd95c21c5c3f4659f40e777f3bce5ec611d6db0
parent: 0aa1837533e5f4be8cc21bbc06314c23ba2c5447 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h
index 823a5919f9fa..52fffd68b522 100644
--- a/arch/x86/kvm/mmu/paging_tmpl.h
+++ b/arch/x86/kvm/mmu/paging_tmpl.h
@@ -471,8 +471,7 @@ retry_walk:
 
 error:
 	errcode |= write_fault | user_fault;
-	if (fetch_fault && (mmu->nx ||
-			    kvm_read_cr4_bits(vcpu, X86_CR4_SMEP)))
+	if (fetch_fault && (mmu->nx || mmu->mmu_role.ext.cr4_smep))
 		errcode |= PFERR_FETCH_MASK;
 
 	walker->fault.vector = PF_VECTOR;
author	Sean Christopherson <[email protected]>	2021-06-22 10:56:49 -0700
committer	Paolo Bonzini <[email protected]>	2021-06-24 18:00:35 -0400
commit	ef318b9edf66a082f23d00d79b70c17b4c055a26 (patch)
tree	bcd95c21c5c3f4659f40e777f3bce5ec611d6db0
parent	0aa1837533e5f4be8cc21bbc06314c23ba2c5447 (diff)