> From: Avi Kivity [mailto:avi@xxxxxxxxxx] > Sent: Monday, May 30, 2011 5:14 PM > > On 05/30/2011 12:08 PM, Tian, Kevin wrote: > > > From: Avi Kivity > > > Sent: Monday, May 30, 2011 4:52 PM > > > > > > On 05/30/2011 06:01 AM, Yang, Wei Y wrote: > > > > This patchset enables a new CPU feature SMEP (Supervisor Mode > Execution > > > > Protection) in KVM. SMEP prevents kernel from executing code in > application. > > > > Updated Intel SDM describes this CPU feature. The document will be > > > > published soon. > > > > > > > > This patchset is based on Fenghua's SMEP patch series, as referred > by: > > > > https://lkml.org/lkml/2011/5/17/523 > > > > > > Looks good. I'll post the cr0.wp=0 fixup soon. > > > > > > > what's your planned fix? through NX bit? :-) > > Yes. > > > btw, why is current scheme used to emulate cr0.wp=0 case instead of simply > > emulating it? > > How would you simply emulate it? > > We have to force cr0.wp=1, otherwise we cannot write-protect guest page > tables. Once we do that, we have to set U=1 to allow user reads or U=0 > to allow kernel writes. > I mean using instruction emulation instead of changing permission to re-execute faulting instruction. Or is current KVM instruction emulator not complete enough to handle various memory access instructions (just designed for page table access and real mode instructions?)? Thanks Kevin -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
