[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 1/3] x86: suppress SMEP and SMAP while running 32-bit PV guest code
On 10/03/16 09:53, Jan Beulich wrote: > Since such guests' kernel code runs in ring 1, their memory accesses, > at the paging layer, are supervisor mode ones, and hence subject to > SMAP/SMEP checks. Such guests cannot be expected to be aware of those > two features though (and so far we also don't expose the respective > feature flags), and hence may suffer page faults they cannot deal with. > > While the placement of the re-enabling slightly weakens the intended > protection, it was selected such that 64-bit paths would remain > unaffected where possible. At the expense of a further performance hit > the re-enabling could be put right next to the CLACs. > > Note that this introduces a number of extra TLB flushes - CR4.SMEP > transitioning from 0 to 1 always causes a flush, and it transitioning > from 1 to 0 may also do. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |