dgit.raspbian.org Git - xen.git/commit

author	He Chen <he.chen@linux.intel.com>
	Wed, 19 Oct 2016 08:03:24 +0000 (16:03 +0800)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 20 Oct 2016 11:44:16 +0000 (12:44 +0100)
commit	493ab190e5b1432e23cd3d09ba28315f453239e4
tree	7912986da15fedf0e44651c1246cc4cf9381bd96	tree \| snapshot
parent	66fbe2c2cd8b1dba492e8c2c8f604a3c1ce1fe73	commit \| diff

xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself

SMEP/SMAP is a security feature to prevent kernel executing/accessing
user address involuntarily, any such behavior will lead to a page fault.

SMEP/SMAP is open (in CR4) for both Xen and HVM guest in earlier code.
SMEP/SMAP bit set in Xen CR4 would enforce security checking for 32-bit
PV guest which will suffer unknown SMEP/SMAP page fault when guest
kernel attempt to access user address although SMEP/SMAP is close for
PV guests.

This patch introduces a new boot option value "hvm" for "sm{e,a}p", it
is going to diable SMEP/SMAP for Xen hypervisor while enable them for
HVM. In this way, 32-bit PV guest will not suffer SMEP/SMAP security
issue. Users can choose whether open SMEP/SMAP for Xen itself,
especially when they are going to run 32-bit PV guests.

Signed-off-by: He Chen <he.chen@linux.intel.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
[Fixed up command line docs]
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

docs/misc/xen-command-line.markdown		diff \| blob \| history
xen/arch/x86/setup.c		diff \| blob \| history
xen/arch/x86/x86_64/compat/entry.S		diff \| blob \| history
xen/arch/x86/x86_64/entry.S		diff \| blob \| history
xen/include/asm-x86/asm_defns.h		diff \| blob \| history
xen/include/asm-x86/cpufeature.h		diff \| blob \| history