Previously, execute would be disabled for all pages with SMEP enabled,
regardless of what mode the access took place in.
Signed-off-by: Ricky Zhou <ri...@rzhou.org>
---
target-i386/helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 11ca864..47b982b 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -750,7 +750,8 @@ do_check_protect_pse36:
/* the page can be put in the TLB */
prot = PAGE_READ;
if (!(ptep & PG_NX_MASK) &&
- !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK))) {
+ (mmu_idx == MMU_USER_IDX ||
+ !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK)))) {
prot |= PAGE_EXEC;
}
if (pte & PG_DIRTY_MASK) {
--
1.9.3
