|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 0/4] x86: accommodate 32-bit PV guests with SMEP/SMAP handling
On Thu, Mar 17, 2016 at 01:50:39AM -0600, Jan Beulich wrote: > As has been explained previously[1], SMAP (and with less relevance > also SMEP) is not compatible with 32-bit PV guests which aren't > aware/prepared to be run with that feature enabled. Andrew's > original approach either sacrificed architectural correctness for > making 32-bit guests work again, or disabled SMAP also for not > insignificant portions of hypervisor code, both by allowing to control > the workaround mode via command line option. > > This alternative approach disables SMEP and SMAP only while > running 32-bit PV guest code plus a few hypervisor instructions > early after entering hypervisor context from or late before exiting > to such guests. Those few instructions (in assembly source) are of > course much easier to prove not to perform undue memory > accesses than code paths reaching deep into C sources. > > The 4th patch really is unrelated except for not applying cleanly > without the earlier ones, and the potential having been noticed > while putting together the 2nd one. > > 1: move cached CR4 value to struct cpu_info > 2: suppress SMEP and SMAP while running 32-bit PV guest code > 3: use optimal NOPs to fill the SMEP/SMAP placeholders > 4: use 32-bit loads for 32-bit PV guest state reload > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Release-acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |