On 05/30/2011 12:18 PM, Tian, Kevin wrote:
> From: Avi Kivity [mailto:[email protected]]
> Sent: Monday, May 30, 2011 5:14 PM
>
> On 05/30/2011 12:08 PM, Tian, Kevin wrote:
> > > From: Avi Kivity
> > > Sent: Monday, May 30, 2011 4:52 PM
> > >
> > > On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> > > > This patchset enables a new CPU feature SMEP (Supervisor Mode
> Execution
> > > > Protection) in KVM. SMEP prevents kernel from executing code in
> application.
> > > > Updated Intel SDM describes this CPU feature. The document will be
> > > > published soon.
> > > >
> > > > This patchset is based on Fenghua's SMEP patch series, as referred
> by:
> > > > https://lkml.org/lkml/2011/5/17/523
> > >
> > > Looks good. I'll post the cr0.wp=0 fixup soon.
> > >
> >
> > what's your planned fix? through NX bit? :-)
>
> Yes.
>
> > btw, why is current scheme used to emulate cr0.wp=0 case instead of simply
> > emulating it?
>
> How would you simply emulate it?
>
> We have to force cr0.wp=1, otherwise we cannot write-protect guest page
> tables. Once we do that, we have to set U=1 to allow user reads or U=0
> to allow kernel writes.
>
I mean using instruction emulation instead of changing permission to re-execute
faulting instruction. Or is current KVM instruction emulator not complete enough
to handle various memory access instructions (just designed for page table
access
and real mode instructions?)?
I think by now it's complete enough (it wasn't when the shadow mmu was
written). But emulation will be slow if the guest writes a lot of data
to the page.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
