Re: [Xen-devel] [PATCH v4] xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself

>>> On 31.08.16 at 11:49, wrote: > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -1433,6 +1433,7 @@ Set the serial transmit buffer size. > > Default: `true` > > Flag to enable Supervisor Mode Execution Protection > +Use `smep=hvm` to enable SMEP for

[Xen-devel] [PATCH v4] xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself

SMEP/SMAP is a security feature to prevent kernel executing/accessing user address involuntarily, any such behavior will lead to a page fault. SMEP/SMAP is open (in CR4) for both Xen and HVM guest in earlier code. SMEP/SMAP bit set in Xen CR4 would enforce security checking for 32-bit PV guest whi