> This patch matches with "[PATCH v2] Enable CPU SMEP feature support for QEMU-KVM", no changes since v1. > > Enable newly documented SMEP (Supervisor Mode Execution Protection) CPU feature in KVM module. > > Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP prevents kernel from executing code in application. Updated Intel SDM describes this CPU feature. The document will be published soon. > > This patch is based on Fenghua's SMEP patch series, as referred by: https://lkml.org/lkml/2011/5/17/523 > This patch enables guests' usage of SMEP. > Currently, we don't enable this feature for guests with shadow page tables. > Why not? I see nothing that conflicts with shadow. We don't need to enable it for shadow page table, because shadow has mask against guest/shadow PTE, which may cause problem. Let's keep shadow as it is because it's already very complex. Assume SMEP machines should have EPT. > Missing: > update kvm_set_cr4() to reject SMEP if it's disabled in cupid Yes, I will check it. > drop SMEP from cr4_guest_owned_bits if SMEP is disabled in cupid SMEP BIT is not included in KVM_CR4_GUEST_OWNED_BITS. > update walk_addr_generic() to fault if SMEP is enabled and fetching Comments above. > from a user page -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
