RE: [Patch v5 1/4] Remove SMEP bit from CR4_RESERVED_BITS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Ingo Molnar
> Sent: Monday, May 30, 2011 3:41 PM
> 
> 
> * Yang, Wei Y <wei.y.yang@xxxxxxxxx> wrote:
> 
> > This patch removes SMEP bit from CR4_RESERVED_BITS.
> 
> I'm wondering, what is the best-practice way for tools/kvm/ to set
> SMEP for the guest kernel automatically, even if the guest kernel
> itsef has not requested SMEP?
> 

enabling SMEP w/o guest's knowledge can be problematic if the guest
is doing U/S 0->1 bit change w/o TLB invalidation, which is a required
action to ensure SMEP protection working correctly. Linux versions 
known so far don't have this behavior because TLB invalidation due to
P bit change covers U/S 0->1 change. But given that end users may
deploy various OS within the guest, to enable SMEP this way requires
solid understanding on internals of those OSes. Or else it's uncertain
whether SMEP protection fully works on such uncertain guests.

Thanks
Kevin
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux