[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Patch] Disallow SMEP for PV guest


  • To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, "Yang, Wei Y" <wei.y.yang@xxxxxxxxx>
  • From: Keir Fraser <keir@xxxxxxx>
  • Date: Wed, 01 Jun 2011 16:28:07 +0100
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 01 Jun 2011 08:29:42 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:cc:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=Q1Yc1k8RARrsgGD3iTZQK9/99lDhwqYDswqN/lGySJo0FcOf6omb/KxQDeUGvURPOg akQIqE55Q4PUZCRY7nFzOJSxuYOMUmH0LjmaVWTGuQ06YwJgvSXTXTZMudUG0qY7FYG3 iHoWJWbtxTXPb0N+aFuOEG9RysMGqJPD2qgU4=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcwgcIGedqxeaad4ZkGim6FnTge50Q==
  • Thread-topic: [Xen-devel] [Patch] Disallow SMEP for PV guest

On 01/06/2011 15:55, "Konrad Rzeszutek Wilk" <konrad.wilk@xxxxxxxxxx> wrote:

> On Wed, Jun 01, 2011 at 10:31:12PM +0800, Yang, Wei Y wrote:
>> This patch disallows SMEP for PV guest.
> 
> What are the reasons for it? What do we gain from it?

Good question. It looks like it would be harmless to let it through (and the
guest can see the bit in CR4 is set, and it will be getting the SMEP
experience anyhow). And this patch does not stop the flag being passed to
dom0.

 -- Keir

>> 
>>  Signed-off-by: Yang, Wei <wei.y.yang@xxxxxxxxx>
>>  Signed-off-by: Shan, Haitao <haitao.shan@xxxxxxxxx>
>>  Signed-off-by: Li, Xin <xin.li@xxxxxxxxx>
>> 
>> ---
>>  xc_cpufeature.h |    3 +++
>>  xc_cpuid_x86.c  |    5 +++++
>>  2 files changed, 8 insertions(+)
>> 
>> diff -r 6f72160d2d55 tools/libxc/xc_cpufeature.h
>> --- a/tools/libxc/xc_cpufeature.h Wed Jun 01 19:57:32 2011 +0800
>> +++ b/tools/libxc/xc_cpufeature.h Wed Jun 01 22:21:33 2011 +0800
>> @@ -141,4 +141,7 @@
>>  #define X86_FEATURE_TBM         (6*32+21) /* trailing bit manipulations */
>>  #define X86_FEATURE_TOPOEXT     (6*32+22) /* topology extensions CPUID leafs
>> */
>>  
>> +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 7 */
>> +#define X86_FEATURE_SMEP       (7*32+ 7) /* Supervisor Mode Execution
>> Protection */
>> +
>>  #endif /* __LIBXC_CPUFEATURE_H */
>> diff -r 6f72160d2d55 tools/libxc/xc_cpuid_x86.c
>> --- a/tools/libxc/xc_cpuid_x86.c Wed Jun 01 19:57:32 2011 +0800
>> +++ b/tools/libxc/xc_cpuid_x86.c Wed Jun 01 22:21:33 2011 +0800
>> @@ -470,6 +470,11 @@
>>          xc_cpuid_config_xsave(xch, domid, xfeature_mask, input, regs);
>>          break;
>>  
>> +    case 7:
>> +        if ( input[1] == 0 )
>> +            clear_bit(X86_FEATURE_SMEP, regs[1]);
>> +        break;
>> +
>>      case 0x80000001:
>>          if ( !guest_64bit )
>>          {
>> 
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.