diff options
author | neel <neel@FreeBSD.org> | 2014-10-24 03:48:54 +0000 |
---|---|---|
committer | neel <neel@FreeBSD.org> | 2014-10-24 03:48:54 +0000 |
commit | 295105e2bda13454d71f48645d885eeaf140c28a (patch) | |
tree | 4cb134ca55880f9a01e33fea5aa92b7b00259b5c | |
parent | 8a1641d7862ee12fd3dd4c98e7057eacc0bfbdb6 (diff) | |
download | FreeBSD-src-295105e2bda13454d71f48645d885eeaf140c28a.zip FreeBSD-src-295105e2bda13454d71f48645d885eeaf140c28a.tar.gz |
MFC r273356:
Fix a race in pmap_emulate_accessed_dirty() that could trigger a EPT
misconfiguration VM-exit.
-rw-r--r-- | sys/amd64/amd64/pmap.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c index 5ee64da..f77edcb 100644 --- a/sys/amd64/amd64/pmap.c +++ b/sys/amd64/amd64/pmap.c @@ -6791,9 +6791,19 @@ retry: if (ftype == VM_PROT_WRITE) { if ((*pte & PG_RW) == 0) goto done; - *pte |= PG_M; + /* + * Set the modified and accessed bits simultaneously. + * + * Intel EPT PTEs that do software emulation of A/D bits map + * PG_A and PG_M to EPT_PG_READ and EPT_PG_WRITE respectively. + * An EPT misconfiguration is triggered if the PTE is writable + * but not readable (WR=10). This is avoided by setting PG_A + * and PG_M simultaneously. + */ + *pte |= PG_M | PG_A; + } else { + *pte |= PG_A; } - *pte |= PG_A; /* try to promote the mapping */ if (va < VM_MAXUSER_ADDRESS) |