[fedora-virt] Re: [PATCH] xen: do not set NX bit when making initial pagetables readonly
Virtualization
virtualization at webwombat.com.au
Thu Feb 12 23:44:42 UTC 2009
Hi list,
Thanks for all your efforts in trying to resolve the NX CPU capability
issue.
Turns out that in our circumstance, IBM xSeries 336 machines had
Irwindale? CPUs. Intel documentation says this was one of the first CPUs
to have Execute Disable (XD).
Herein lies some misunderstanding. NX really means XD that is:
"No Execute" is "Execute Disable" in IntelSpeak. Armed with this
knowledge I went into the bios and "Enabled Execute Disable".
The NX capability is now in the /proc/cpuinfo listing. The F10 kernel
works on the F8 host in 64 bit mode.
For IBM xSeries 336 owners, Execute Disable was Disabled by default (on
delivery).
Hope this helps someone out there.
Cheers
Phill.
On Fri, 2009-01-30 at 19:07 +0000, Ian Campbell wrote:
> On Fri, 2009-01-30 at 10:56 -0800, Jeremy Fitzhardinge wrote:
> > Ian Campbell wrote:
> > > __supported_pte_mask has not been correctly configured at this point
> > > and Xen prevents us from using the NX bit if the hardware does not
> > > support it. Some BIOSes seem to offer the option to disable NX.
> > >
> > Could we sniff EFER and update __supported_pte_mask accordingly?
>
> Perhaps, we might also have to handle the various noexec= command line
> options? I don't suppose they matter so much in a guest though.
>
> The equivalent native seems to use _KERNPG_TABLE as well (e.g.
> head_64.S) -- is there something later on which comes along and tries to
> apply the NX bit to those pages which didn't get it at start of day?
>
> Ian.
>
> _______________________________________________
> Fedora-virt mailing list
> Fedora-virt at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-virt
>
More information about the Fedora-virt
mailing list