* Yang, Wei Y <wei.y.yang@xxxxxxxxx> wrote: > This patch removes SMEP bit from CR4_RESERVED_BITS. I'm wondering, what is the best-practice way for tools/kvm/ to set SMEP for the guest kernel automatically, even if the guest kernel itsef has not requested SMEP? The portion i'm worried about are old KVM versions that have the SMEP bit in CR4_RESERVED_BITS and reject it. So we cannot just unilaterally add SMEP to every cr4 write of the guest. Is there a way to query whether the host KVM version supports SMEP setting in cr4? That way tools/kvm/ could add the SMEP bit if the host CPU has it in /proc/cpuinfo and if KVM supports it. ( With a --no-smep kind of command line option to opt out of this automatic protection, to test it, and for the unlikely case that SMEP causes problems. ) Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
