[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen

To: "Feng Wu" <feng.wu@xxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 06 May 2014 10:11:28 +0100
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, "ian.campbell@xxxxxxxxxx" <ian.campbell@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, Eddie Dong <eddie.dong@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>
Delivery-date: Tue, 06 May 2014 09:12:01 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 06.05.14 at 10:24, <feng.wu@xxxxxxxxx> wrote:
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> >>> On 06.05.14 at 07:19, <feng.wu@xxxxxxxxx> wrote:
>> >> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> >> I should have noticed this on the previous round already - the way
>> >> it's being done right now will leave APs with SMAP disabled for an
>> >> indeterminate amount of time (until they first reload CR4 from
>> >> mmu_cr4_features).
>> >
>> > Yes, that's a question. In that case, we should move this part to the place
>> > where
>> > it was. So we should come back to the question about how to handle
>> > stac()/clac()
>> > in construct_dom0(), right?
>> 
>> An option might be to move it back to where it was, but clear the flag
>> temporarily on the one CPU calling construct_dom0(). That's a little
>> hackish, but properly commented acceptable imo.
> 
> Do you mean clear SMAP bit in CR4 before construct_dom0() and set it after 
> that like this?
> 
> write_cr4(read_cr4() & ~X86_CR4_SMAP);
> construct_dom0();
> write_cr4(read_cr4() | X86_CR4_SMAP);

Yes, properly conditionalized of course (at least the second one).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Wu, Feng

References:
- [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Feng Wu
- Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Wu, Feng
- Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Wu, Feng

Prev by Date: Re: [Xen-devel] Xen Platform QoS design discussion
Next by Date: Re: [Xen-devel] Xen Platform QoS design discussion
Previous by thread: Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
Next by thread: Re: [Xen-devel] [PATCH v4 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.