On 29/07/2024 12:53 pm, Jan Beulich wrote: > On 26.07.2024 17:21, Roger Pau Monne wrote: >> The PVH dom0 builder doesn't switch page tables and has no need to run with >> SMAP disabled. >> >> Put the SMAP disabling close to the code region where it's necessary, as it >> then becomes obvious why switch_cr3_cr4() is required instead of >> write_ptbase(). >> >> Note removing SMAP from cr4_pv32_mask is not required, as we never jump into >> guest context, and hence updating the value of cr4_pv32_mask is not relevant. > I'm okay-ish with that being dropped, but iirc the goal was to keep the > variable in sync with CPU state.
Removing SMAP from cr4_pv32_mask is necessary. Otherwise IST vectors will reactive SMAP behind the back of the dombuilder. This will probably only manifest in practice in a CONFIG_PV32=y build, and with a poorly timed NMI. ~Andrew
