xenbits.xensource.com Git - xen.git/commit

author	He Chen <he.chen@linux.intel.com>
	Mon, 5 Sep 2016 10:49:43 +0000 (12:49 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Mon, 5 Sep 2016 10:49:43 +0000 (12:49 +0200)
commit	5fdea6577098eda065c794c79e1ae23f33f103af
tree	f639d778d86af07d938d95dedb6fc323a8954789	tree
parent	698d0f377d72fdc8d4e247e76b6508090c366187	commit \| diff

x86: allow disabling sm{e,a}p for Xen itself

SMEP/SMAP is a security feature to prevent kernel executing/accessing
user address involuntarily, any such behavior will lead to a page fault.

SMEP/SMAP is open (in CR4) for both Xen and HVM guest in earlier code.
SMEP/SMAP bit set in Xen CR4 would enforce security checking for 32-bit
PV guest which will suffer unknown SMEP/SMAP page fault when guest
kernel attempt to access user address although SMEP/SMAP is close for
PV guests.

This patch introduces a new boot option value "hvm" for "sm{e,a}p", it
is going to diable SMEP/SMAP for Xen hypervisor while enable them for
HVM. In this way, 32-bit PV guest will not suffer SMEP/SMAP security
issue. Users can choose whether open SMEP/SMAP for Xen itself,
especially when they are going to run 32-bit PV guests.

Signed-off-by: He Chen <he.chen@linux.intel.com>
[jbeulich: doc and style adjustments]
Reviewed-by: Jan Beulich <jbeulich@suse.com>

docs/misc/xen-command-line.markdown		diff \| blob \| blame \| history
xen/arch/x86/setup.c		diff \| blob \| blame \| history
xen/include/asm-x86/asm_defns.h		diff \| blob \| blame \| history
xen/include/asm-x86/cpufeature.h		diff \| blob \| blame \| history