Re: [Patch v5 0/4] Enable SMEP feature support for kvm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/30/2011 12:08 PM, Tian, Kevin wrote:
>  From: Avi Kivity
>  Sent: Monday, May 30, 2011 4:52 PM
>
>  On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
>  >  This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
>  >  Protection) in KVM. SMEP prevents kernel from executing code in application.
>  >  Updated Intel SDM describes this CPU feature. The document will be
>  >  published soon.
>  >
>  >  This patchset is based on Fenghua's SMEP patch series, as referred by:
>  >  https://lkml.org/lkml/2011/5/17/523
>
>  Looks good.  I'll post the cr0.wp=0 fixup soon.
>

what's your planned fix? through NX bit? :-)

Yes.

btw, why is current scheme used to emulate cr0.wp=0 case instead of simply
emulating it?

How would you simply emulate it?

We have to force cr0.wp=1, otherwise we cannot write-protect guest page tables. Once we do that, we have to set U=1 to allow user reads or U=0 to allow kernel writes.

--
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux