[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
> >>> and kills a pv guest triggering SMEP fault. > >> > >> Should only occur when the guest kernel triggers the SMEP. > > > > According to code base size, it's much easier for malicious applications to > > explore > > security holes in kernel. But unluckily SMEP doesn't apply to the ring 3 > > where > > x86_64 pv kernel runs on. It's wiser to use HVM :) > > Yep, but 32-bit guests can still benefit. Can we know a guest will be 32bit or 64bit before it boots? Code will be like xc_pv_cpuid_policy() { case 7, 0: if ( 64 bit pv guest ) disallow smep; } I don't know if we can distinguish that when creating guest. Thanks! -Xin _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |