Enable EFER NX bit and OSXSAVE bit in cr4

EFER_NX allows the guest to disable execute perms
on its pages.

OSXSAVE allows guest user applications to execute xsave.

Change-Id: Icb9920564ae07184dc9aa07cad2c79825d2adbad
Signed-off-by: Zach Zimmerman <zpzimmerman@gmail.com>
[ Compilation bug, missing ) on assert() ]
Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>

kern/arch/x86/vmm/intel/vmx.c

diff --git a/kern/arch/x86/vmm/intel/vmx.c b/kern/arch/x86/vmm/intel/vmx.c
index ad61e41..771dbb0 100644
--- a/kern/arch/x86/vmm/intel/vmx.c
+++ b/kern/arch/x86/vmm/intel/vmx.c
@@ -827,18 +827,14 @@
 		X86_CR4_PGE | X86_CR4_OSFXSR;
 	uint32_t protected_mode = X86_CR0_PG | X86_CR0_PE;
 
-#if 0
-	do
-		we need it if (boot_cpu_has(X86_FEATURE_PCID))
-			cr4 |= X86_CR4_PCIDE;
-	if (boot_cpu_has(X86_FEATURE_OSXSAVE))
-		cr4 |= X86_CR4_OSXSAVE;
-#endif
-	/* we almost certainly have this */
-	/* we'll go sour if we don't. */
-	if (1)	//boot_cpu_has(X86_FEATURE_FSGSBASE))
-		cr4 |= X86_CR4_RDWRGSFS;
-
+	/*
+	 * Allow guest to use xsave and read/write fs/gs base.
+	 * We require these features to be present on the cpu.
+	 */
+	assert(cpu_has_feat(CPU_FEAT_X86_XSAVE));
+	assert(cpu_has_feat(CPU_FEAT_X86_FSGSBASE));
+	cr4 |= X86_CR4_RDWRGSFS;
+	cr4 |= X86_CR4_OSXSAVE;
 	/* configure control and data registers */
 	vmcs_writel(GUEST_CR0, protected_mode | X86_CR0_WP |
 				X86_CR0_MP | X86_CR0_ET | X86_CR0_NE);
@@ -852,7 +848,7 @@
 	 * CR4_GUEST_HOST_MASK? */
 	vmcs_writel(CR4_READ_SHADOW, 0);
 	vmcs_writel(GUEST_IA32_EFER, EFER_LME | EFER_LMA |
-				EFER_SCE /*| EFER_FFXSR */ );
+				EFER_SCE | EFER_NX /*| EFER_FFXSR */ );
 	vmcs_writel(GUEST_GDTR_BASE, 0);
 	vmcs_writel(GUEST_GDTR_LIMIT, 0);
 	vmcs_writel(GUEST_IDTR_BASE, 0);