projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 997f96a) | patch
x86: Enable Supervisor Mode Execution Protection (SMEP)
authorKeir Fraser <keir@xen.org>
Fri, 3 Jun 2011 20:39:00 +0000 (21:39 +0100)
committerKeir Fraser <keir@xen.org>
Fri, 3 Jun 2011 20:39:00 +0000 (21:39 +0100)
commita2e55460988adcd150c9d80b790f10a95a9203c7
treeb25eb227735187b04a9567216b4ed28759372e1atree | snapshot
parent997f96a28b192da35e3ed494df7d2d56804c79d9commit | diff
x86: Enable Supervisor Mode Execution Protection (SMEP)

Intel new CPU supports SMEP (Supervisor Mode Execution
Protection). SMEP prevents software operating with CPL < 3 (supervisor
mode) from fetching instructions from any linear address with a valid
translation for which the U/S flag (bit 2) is 1 in every
paging-structure entry controlling the translation for the linear
address.

This patch enables SMEP in Xen to protect Xen hypervisor from
executing pv guest instructions, whose translation paging-structure
entries' U/S flags are all set.

Signed-off-by: Yang Wei <wei.y.yang@intel.com>
Signed-off-by: Shan Haitao <haitao.shan@intel.com>
Signed-off-by: Li Xin <xin.li@intel.com>
Signed-off-by: Keir Fraser <keir@xen.org>
xen/arch/x86/setup.c diff | blob | history
xen/arch/x86/traps.c diff | blob | history
xen/include/asm-x86/cpufeature.h diff | blob | history
xen/include/asm-x86/domain.h diff | blob | history
xen/include/asm-x86/processor.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.