On 17/03/16 08:03, Jan Beulich wrote: > Since such guests' kernel code runs in ring 1, their memory accesses, > at the paging layer, are supervisor mode ones, and hence subject to > SMAP/SMEP checks. Such guests cannot be expected to be aware of those > two features though (and so far we also don't expose the respective > feature flags), and hence may suffer page faults they cannot deal with. > > While the placement of the re-enabling slightly weakens the intended > protection, it was selected such that 64-bit paths would remain > unaffected where possible. At the expense of a further performance hit > the re-enabling could be put right next to the CLACs. > > Note that this introduces a number of extra TLB flushes - CR4.SMEP > transitioning from 0 to 1 always causes a flush, and it transitioning > from 1 to 0 may also do. > > Signed-off-by: Jan Beulich <jbeul...@suse.com>
Sorry - I reviewed the v3 code, and replied to the v2 email. For clarity sake, Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
