HV: enable SMEP in hypervisor

- this patch is to enable SMEP in hypervisor, SMEP protects guests' memory from supervisor-mode instruction fetches, in other words, hypervisor which operating in supervisor mode can't fetch instructions from (guests' memory) linear addresses that are accessible in user mode. Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
2026-01-04 23:24:56 +00:00 · 2018-06-14 18:22:51 +08:00
parent b2b49a64a9
commit 098c2e6788
4 changed files with 40 additions and 7 deletions
--- a/hypervisor/include/arch/x86/cpu.h
+++ b/hypervisor/include/arch/x86/cpu.h
@@ -84,6 +84,8 @@
 #define CR4_SMXE                (1<<14)	/* SMX enable */
 #define CR4_PCIDE               (1<<17)	/* PCID enable */
 #define CR4_OSXSAVE             (1<<18)
+#define CR4_SMEP                (1<<20)
+#define CR4_SMAP                (1<<21)
 /* XSAVE and Processor Extended States enable bit */