From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH v2] Enable CPU SMEP feature for KVM Date: Tue, 24 May 2011 10:38:46 +0300 Message-ID: <4DDB6086.9050102@redhat.com> References: <5D8008F58939784290FAB48F54975198419FB02D2B@shsmsx502.ccr.corp.intel.com> <4DD8B233.7010604@redhat.com> <5D8008F58939784290FAB48F54975198419FB02D33@shsmsx502.ccr.corp.intel.com> <4DD8C518.7010606@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Yang, Wei Y" , "kvm@vger.kernel.org" , "Li, Xin" , "Tian, Kevin" , "Shan, Haitao" To: Haitao Shan Return-path: Received: from mx1.redhat.com ([209.132.183.28]:58131 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753906Ab1EXHix (ORCPT ); Tue, 24 May 2011 03:38:53 -0400 In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: On 05/24/2011 05:53 AM, Haitao Shan wrote: > > > I don't understand why. Can you elaborate? > > Shadow implements the U bit, which is all that is needed by SMEP > as far as I can tell. > > Basically, all SMEP-capable platform has EPT, which is on by default > in KVM. Thus, we naturally thought there was little value to add it to > SPT. We try to keep features orthogonal. That has value for testing, and results in clearer code. > Another thing that we are not so sure of is whether SPT has tricky > usages on U bit (for optimization or whatever). With SMEP, this trick > may be easily broken. In fact it does, we play with the U bit to emulate cr0.wp. I'll be happy to write the patch to handle this issue, since I'm familiar with the code. > Anyway, we are investigating enabling SMEP with SPT now. > Great, thanks. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain.