From eaad03e47206882229d184c83488142cba243917 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 27 May 2014 13:03:17 +0200
Subject: [PATCH] target-i386: raise page fault for reserved bits in large
 pages

In large pages, bit 12 is for PAT, but bits starting at 13 are reserved.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/cpu.h    | 2 ++
 target-i386/helper.c | 1 +
 2 files changed, 3 insertions(+)

diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 8ceea8b..51959be 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -249,6 +249,7 @@
 #define PG_DIRTY_BIT    6
 #define PG_PSE_BIT      7
 #define PG_GLOBAL_BIT   8
+#define PG_PSE_PAT_BIT  12
 #define PG_NX_BIT       63
 
 #define PG_PRESENT_MASK  (1 << PG_PRESENT_BIT)
@@ -260,6 +261,7 @@
 #define PG_DIRTY_MASK    (1 << PG_DIRTY_BIT)
 #define PG_PSE_MASK      (1 << PG_PSE_BIT)
 #define PG_GLOBAL_MASK   (1 << PG_GLOBAL_BIT)
+#define PG_PSE_PAT_MASK  (1 << PG_PSE_PAT_BIT)
 #define PG_ADDRESS_MASK  0x000ffffffffff000LL
 #define PG_HI_RSVD_MASK  (PG_ADDRESS_MASK & ~PHYS_ADDR_MASK)
 #define PG_HI_USER_MASK  0x7ff0000000000000LL
diff --git a/target-i386/helper.c b/target-i386/helper.c
index a2e8bd1..94081e8 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -695,6 +695,7 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
     }
 
 do_check_protect:
+    rsvd_mask |= (page_size - 1) & PG_ADDRESS_MASK & ~PG_PSE_PAT_MASK;
     if (pte & rsvd_mask) {
         goto do_fault_rsvd;
     }
-- 
2.7.4