KVM: MMU: Fix inherited permissions for emulated guest pte updates

[linux-2.6-omap-h63xx.git] / drivers / kvm / paging_tmpl.h

diff --git a/drivers/kvm/paging_tmpl.h b/drivers/kvm/paging_tmpl.h
index 7688cbf413c89cc17dddce2876ff1984abd0cd10..211fef83be5da898432d312c73ff34eff887ce0c 100644 (file)
--- a/drivers/kvm/paging_tmpl.h
+++ b/drivers/kvm/paging_tmpl.h
@@ -102,6 +102,18 @@ static bool FNAME(cmpxchg_gpte)(struct kvm *kvm,
        return (ret != orig_pte);
 }
 
+static unsigned FNAME(gpte_access)(struct kvm_vcpu *vcpu, pt_element_t gpte)
+{
+       unsigned access;
+
+       access = (gpte & (PT_WRITABLE_MASK | PT_USER_MASK)) | ACC_EXEC_MASK;
+#if PTTYPE == 64
+       if (is_nx(vcpu))
+               access &= ~(gpte >> PT64_NX_SHIFT);
+#endif
+       return access;
+}
+
 /*
  * Fetch a guest pte for a guest virtual address
  */
@@ -166,13 +178,7 @@ walk:
                        pte |= PT_ACCESSED_MASK;
                }
 
-               pte_access = pte & (PT_WRITABLE_MASK | PT_USER_MASK);
-               pte_access |= ACC_EXEC_MASK;
-#if PTTYPE == 64
-               if (is_nx(vcpu))
-                       pte_access &= ~(pte >> PT64_NX_SHIFT);
-#endif
-               pte_access &= pt_access;
+               pte_access = pt_access & FNAME(gpte_access)(vcpu, pte);
 
                if (walker->level == PT_PAGE_TABLE_LEVEL) {
                        walker->gfn = gpte_to_gfn(pte);
@@ -255,6 +261,8 @@ static void FNAME(set_pte)(struct kvm_vcpu *vcpu, pt_element_t gpte,
        spte |= gpte & PT64_NX_MASK;
        if (!dirty)
                pte_access &= ~ACC_WRITE_MASK;
+       if (!(pte_access & ACC_EXEC_MASK))
+               spte |= PT64_NX_MASK;
 
        page = gfn_to_page(vcpu->kvm, gfn);
 
@@ -319,6 +327,7 @@ static void FNAME(update_pte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *page,
                              int offset_in_pte)
 {
        pt_element_t gpte;
+       unsigned pte_access;
 
        gpte = *(const pt_element_t *)pte;
        if (~gpte & (PT_PRESENT_MASK | PT_ACCESSED_MASK)) {
@@ -329,7 +338,8 @@ static void FNAME(update_pte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *page,
        if (bytes < sizeof(pt_element_t))
                return;
        pgprintk("%s: gpte %llx spte %p\n", __FUNCTION__, (u64)gpte, spte);
-       FNAME(set_pte)(vcpu, gpte, spte, ACC_ALL, ACC_ALL,
+       pte_access = page->role.access & FNAME(gpte_access)(vcpu, gpte);
+       FNAME(set_pte)(vcpu, gpte, spte, page->role.access, pte_access,
                       0, 0, NULL, NULL, gpte_to_gfn(gpte));
 }