On 01/04/2018 10:16 PM, Yisheng Xie wrote: > BTW, we have just reported a bug caused by kaiser[1], which looks like > caused by SMEP. Could you please help to have a look? > > [1] https://lkml.org/lkml/2018/1/5/3
Please report that to your kernel vendor. Your EFI page tables have the NX bit set on the low addresses. There have been a bunch of iterations of this, but you need to make sure that the EFI kernel mappings don't get _PAGE_NX set on them. Look at what __pti_set_user_pgd() does in mainline.
