[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself

> >>> and kills a pv guest triggering SMEP fault.
> >>
> >> Should only occur when the guest kernel triggers the SMEP.
> >
> > According to code base size, it's much easier for malicious applications to
> > explore
> > security holes in kernel.  But unluckily SMEP doesn't apply to the ring 3
> > where
> > x86_64 pv kernel runs on.  It's wiser to use HVM :)
> Yep, but 32-bit guests can still benefit.

Can we know a guest will be 32bit or 64bit before it boots?
Code will be like
        case 7, 0:
            if ( 64 bit pv guest )
                 disallow smep;
I don't know if we can distinguish that when creating guest.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.