From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ingo Molnar <mingo@elte.hu>
Subject: Re: [Patch v5 1/4] Remove SMEP bit from CR4_RESERVED_BITS
Date: Mon, 30 May 2011 09:40:33 +0200
Message-ID: <20110530074033.GB27557@elte.hu>
References: <5D8008F58939784290FAB48F5497519844E92781DF@shsmsx502.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Avi Kivity <avi@redhat.com>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>
To: "Yang, Wei Y" <wei.y.yang@intel.com>,
	Pekka Enberg <penberg@cs.helsinki.fi>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx2.mail.elte.hu ([157.181.151.9]:54748 "EHLO mx2.mail.elte.hu"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754041Ab1E3Hkp (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 30 May 2011 03:40:45 -0400
Content-Disposition: inline
In-Reply-To: <5D8008F58939784290FAB48F5497519844E92781DF@shsmsx502.ccr.corp.intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>


* Yang, Wei Y <wei.y.yang@intel.com> wrote:

> This patch removes SMEP bit from CR4_RESERVED_BITS.

I'm wondering, what is the best-practice way for tools/kvm/ to set 
SMEP for the guest kernel automatically, even if the guest kernel 
itsef has not requested SMEP?

The portion i'm worried about are old KVM versions that have the SMEP 
bit in CR4_RESERVED_BITS and reject it. So we cannot just 
unilaterally add SMEP to every cr4 write of the guest. Is there a way 
to query whether the host KVM version supports SMEP setting in cr4?

That way tools/kvm/ could add the SMEP bit if the host CPU has it in 
/proc/cpuinfo and if KVM supports it.

( With a --no-smep kind of command line option to opt out of this 
  automatic protection, to test it, and for the unlikely case that
  SMEP causes problems. )

Thanks,

	Ingo