This patchset enables a new CPU feature SMEP (Supervisor Mode Execution Protection) in KVM. SMEP prevents kernel from executing code in application. Updated Intel SDM describes this CPU feature. The document will be published soon. This patchset is based on Fenghua's SMEP patch series, as referred by: https://lkml.org/lkml/2011/5/17/523 changes since v4: Update patch 1/4 comment Change PT_USER_MASK to ACC_USER_MASK changes since v3: Add SMEP bit in CR4_RESERVED_BITS while removing cr4_reserved_bits; Mask CPUID leaf 7 ebx against host capability word9 in do_cpuid_ent; Changes since v2: add instruction fetch checking when walking guest page table. --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/paging_tmpl.h | 9 ++++++++- arch/x86/kvm/x86.c | 22 +++++++++++++++++++--- 3 files changed, 28 insertions(+), 5 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html