From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [Patch v5 0/4] Enable SMEP feature support for kvm Date: Mon, 30 May 2011 12:13:41 +0300 Message-ID: <4DE35FC5.5030804@redhat.com> References: <5D8008F58939784290FAB48F5497519844E92781DD@shsmsx502.ccr.corp.intel.com> <4DE35ACB.9000503@redhat.com> <625BA99ED14B2D499DC4E29D8138F1505CA61C0506@shsmsx502.ccr.corp.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Yang, Wei Y" , "kvm@vger.kernel.org" To: "Tian, Kevin" Return-path: Received: from mx1.redhat.com ([209.132.183.28]:31848 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751041Ab1E3JNp (ORCPT ); Mon, 30 May 2011 05:13:45 -0400 In-Reply-To: <625BA99ED14B2D499DC4E29D8138F1505CA61C0506@shsmsx502.ccr.corp.intel.com> Sender: kvm-owner@vger.kernel.org List-ID: On 05/30/2011 12:08 PM, Tian, Kevin wrote: > > From: Avi Kivity > > Sent: Monday, May 30, 2011 4:52 PM > > > > On 05/30/2011 06:01 AM, Yang, Wei Y wrote: > > > This patchset enables a new CPU feature SMEP (Supervisor Mode Execution > > > Protection) in KVM. SMEP prevents kernel from executing code in application. > > > Updated Intel SDM describes this CPU feature. The document will be > > > published soon. > > > > > > This patchset is based on Fenghua's SMEP patch series, as referred by: > > > https://lkml.org/lkml/2011/5/17/523 > > > > Looks good. I'll post the cr0.wp=0 fixup soon. > > > > what's your planned fix? through NX bit? :-) Yes. > btw, why is current scheme used to emulate cr0.wp=0 case instead of simply > emulating it? How would you simply emulate it? We have to force cr0.wp=1, otherwise we cannot write-protect guest page tables. Once we do that, we have to set U=1 to allow user reads or U=0 to allow kernel writes. -- error compiling committee.c: too many arguments to function