On Thu, 2023-10-12 at 10:13 +0800, [email protected] wrote: > On 11/10/2023 7:34 pm, David Woodhouse wrote: > > But why does the shim even need to turn it off when switching to the > > guest context? Its guest isn't running in supervisor mode so surely it > > doesn't *matter* whether SMEP is enabled or not? Why not just leave it > > on at all times? > > 32bit PV kernels run in Ring1. Which is supervisor and not user.
Ah, thanks. > Some older PV kernels do execute on user pages, and don't like getting > SMEP faults when they didn't turn it on to begin with. PV guests never actually had the option to turn SMEP on, did they? (Otherwise I may have to rethink the approach of just putting 'smep=off' onto the shim command line when running under KVM...)
smime.p7s
Description: S/MIME cryptographic signature
