On 05/30/2011 12:08 PM, Tian, Kevin wrote:
> From: Avi Kivity
> Sent: Monday, May 30, 2011 4:52 PM
>
> On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> > This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
> > Protection) in KVM. SMEP prevents kernel from executing code in application.
> > Updated Intel SDM describes this CPU feature. The document will be
> > published soon.
> >
> > This patchset is based on Fenghua's SMEP patch series, as referred by:
> > https://lkml.org/lkml/2011/5/17/523
>
> Looks good. I'll post the cr0.wp=0 fixup soon.
>
what's your planned fix? through NX bit? :-)
Yes.
btw, why is current scheme used to emulate cr0.wp=0 case instead of simply
emulating it?
How would you simply emulate it?
We have to force cr0.wp=1, otherwise we cannot write-protect guest page
tables. Once we do that, we have to set U=1 to allow user reads or U=0
to allow kernel writes.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html