WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [Patch] Disallow SMEP for PV guest

from [Keir Fraser] [Permanent Link][Original]
To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, "Yang, Wei Y" <wei.y.yang@xxxxxxxxx>
Subject: Re: [Xen-devel] [Patch] Disallow SMEP for PV guest
From: Keir Fraser <keir@xxxxxxx>
Date: Wed, 01 Jun 2011 16:28:07 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 01 Jun 2011 08:29:42 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:user-agent:date:subject:from:to:cc :message-id:thread-topic:thread-index:in-reply-to:mime-version :content-type:content-transfer-encoding; bh=tzNNOsAcPm9HDUdYYel/iogaoJn4cpDcZToVypLY72g=; b=Fa4gYyfU/QEJRwj16CBqC3UG1fy6rlNMiLMNMpPPXBEIH8Nz44V0XLn70EEBg6mo1d zNQlP/3ob4v0bbvbBxa6o/KEEkAIvcd25yOwjTkCf9uRAGxwWcETqg5po1ZVMqMR3RDK nGbsTb0jbUpXZdp8nGrSRiRTYUGvrGpbucXMw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:cc:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=Q1Yc1k8RARrsgGD3iTZQK9/99lDhwqYDswqN/lGySJo0FcOf6omb/KxQDeUGvURPOg akQIqE55Q4PUZCRY7nFzOJSxuYOMUmH0LjmaVWTGuQ06YwJgvSXTXTZMudUG0qY7FYG3 iHoWJWbtxTXPb0N+aFuOEG9RysMGqJPD2qgU4=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110601145517.GA8204@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwgcIGedqxeaad4ZkGim6FnTge50Q==
Thread-topic: [Xen-devel] [Patch] Disallow SMEP for PV guest
User-agent: Microsoft-Entourage/12.29.0.110113 
On 01/06/2011 15:55, "Konrad Rzeszutek Wilk" <konrad.wilk@xxxxxxxxxx> wrote:

> On Wed, Jun 01, 2011 at 10:31:12PM +0800, Yang, Wei Y wrote:
>> This patch disallows SMEP for PV guest.
> 
> What are the reasons for it? What do we gain from it?

Good question. It looks like it would be harmless to let it through (and the
guest can see the bit in CR4 is set, and it will be getting the SMEP
experience anyhow). And this patch does not stop the flag being passed to
dom0.

 -- Keir

>> 
>>  Signed-off-by: Yang, Wei <wei.y.yang@xxxxxxxxx>
>>  Signed-off-by: Shan, Haitao <haitao.shan@xxxxxxxxx>
>>  Signed-off-by: Li, Xin <xin.li@xxxxxxxxx>
>> 
>> ---
>>  xc_cpufeature.h |    3 +++
>>  xc_cpuid_x86.c  |    5 +++++
>>  2 files changed, 8 insertions(+)
>> 
>> diff -r 6f72160d2d55 tools/libxc/xc_cpufeature.h
>> --- a/tools/libxc/xc_cpufeature.h Wed Jun 01 19:57:32 2011 +0800
>> +++ b/tools/libxc/xc_cpufeature.h Wed Jun 01 22:21:33 2011 +0800
>> @@ -141,4 +141,7 @@
>>  #define X86_FEATURE_TBM         (6*32+21) /* trailing bit manipulations */
>>  #define X86_FEATURE_TOPOEXT     (6*32+22) /* topology extensions CPUID leafs
>> */
>>  
>> +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 7 */
>> +#define X86_FEATURE_SMEP       (7*32+ 7) /* Supervisor Mode Execution
>> Protection */
>> +
>>  #endif /* __LIBXC_CPUFEATURE_H */
>> diff -r 6f72160d2d55 tools/libxc/xc_cpuid_x86.c
>> --- a/tools/libxc/xc_cpuid_x86.c Wed Jun 01 19:57:32 2011 +0800
>> +++ b/tools/libxc/xc_cpuid_x86.c Wed Jun 01 22:21:33 2011 +0800
>> @@ -470,6 +470,11 @@
>>          xc_cpuid_config_xsave(xch, domid, xfeature_mask, input, regs);
>>          break;
>>  
>> +    case 7:
>> +        if ( input[1] == 0 )
>> +            clear_bit(X86_FEATURE_SMEP, regs[1]);
>> +        break;
>> +
>>      case 0x80000001:
>>          if ( !guest_64bit )
>>          {
>> 
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself, Keir Fraser
Next by Date:  [Xen-devel] [xen-unstable test] 7472: regressions - FAIL, xen . org
Previous by Thread:  Re: [Xen-devel] [Patch] Disallow SMEP for PV guest, Keir Fraser
Next by Thread:  Re: [Xen-devel] [Patch] Disallow SMEP for PV guest, Jan Beulich
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy