> From: Andrew Cooper [mailto:andrew.coop...@citrix.com]
> Sent: Saturday, October 6, 2018 1:02 AM
>
> When using shadow paging, EFER.NX is a Xen controlled bit, and is required
> by
> the shadow pagefault handler to distinguish instruction fetches from data
> accesses.
>
> This can be observed
>>> On 08.10.18 at 13:03, wrote:
> On 08/10/18 11:12, Jan Beulich wrote:
> On 05.10.18 at 19:02, wrote:
>>> --- a/xen/arch/x86/hvm/svm/svm.c
>>> +++ b/xen/arch/x86/hvm/svm/svm.c
>>> @@ -649,13 +649,32 @@ void svm_update_guest_cr(struct vcpu *v, unsigned int
> cr, unsigned int flags)
>>>
On 08/10/18 11:12, Jan Beulich wrote:
On 05.10.18 at 19:02, wrote:
>> --- a/xen/arch/x86/hvm/svm/svm.c
>> +++ b/xen/arch/x86/hvm/svm/svm.c
>> @@ -649,13 +649,32 @@ void svm_update_guest_cr(struct vcpu *v, unsigned int
>> cr, unsigned int flags)
>> static void svm_update_guest_efer(struct
>>> On 05.10.18 at 19:02, wrote:
> --- a/xen/arch/x86/hvm/svm/svm.c
> +++ b/xen/arch/x86/hvm/svm/svm.c
> @@ -649,13 +649,32 @@ void svm_update_guest_cr(struct vcpu *v, unsigned int
> cr, unsigned int flags)
> static void svm_update_guest_efer(struct vcpu *v)
> {
> struct vmcb_struct *vmcb
When using shadow paging, EFER.NX is a Xen controlled bit, and is required by
the shadow pagefault handler to distinguish instruction fetches from data
accesses.
This can be observed by a guest which has NX and SMEP clear but SMAP active by
attempting to execute code on a user mapping. The first