Re: [PATCH v2 0/4] Enable SMEP CPU Feature

From: Avi Kivity
Date: Tue May 17 2011 - 05:17:37 EST

Next message: Jiri Kosina: "Re: [Patch 1/1]: cris: typo in mach-fs Makefile"
Previous message: Avi Kivity: "Re: [PATCH v2 0/4] Enable SMEP CPU Feature"
In reply to: Ingo Molnar: "Re: [PATCH v2 0/4] Enable SMEP CPU Feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/17/2011 10:03 AM, Ingo Molnar wrote:

* Fenghua Yu<fenghua.yu@xxxxxxxxx> wrote:

> From: Fenghua Yu<fenghua.yu@xxxxxxxxx>
>
> Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP
> prevents kernel from executing code in application. Updated Intel SDM describes
> this CPU feature. The document will be published soon.
>
> Note: This patch set doesn't enable the SMEP feature in KVM. If it's needed,
> another patch will be pushed for enabling the feature in KVM.

We can do it separately from native kernel support, but i'm sure Avi would
agree that SMEP support in KVM would be nice!

Definitely.

(as long as it's configurable as
well, there might be guest OSs that break if SMEP is enabled, right?)

As mentioned earlier, the simple thing is to expose smep and let the guest enable it itself.

--
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "Re: [Patch 1/1]: cris: typo in mach-fs Makefile"
Previous message: Avi Kivity: "Re: [PATCH v2 0/4] Enable SMEP CPU Feature"
In reply to: Ingo Molnar: "Re: [PATCH v2 0/4] Enable SMEP CPU Feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]