On 05/22/2011 08:23 AM, Yang, Wei Y wrote:
This patch matches with "[PATCH v2] Enable CPU SMEP feature support for QEMU-KVM", no changes since v1.
Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU feature in KVM module.
Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP prevents kernel from executing code in application. Updated Intel SDM describes this CPU feature. The document will be published soon.
This patch is based on Fenghua's SMEP patch series, as referred by: https://lkml.org/lkml/2011/5/17/523
This patch enables guests' usage of SMEP.
Currently, we don't enable this feature for guests with shadow page tables.
Why not? I see nothing that conflicts with shadow.
Missing:
update kvm_set_cr4() to reject SMEP if it's disabled in cpuid
drop SMEP from cr4_guest_owned_bits if SMEP is disabled in cpuid
update walk_addr_generic() to fault if SMEP is enabled and fetching
from a user page
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
