Management of Supervisor Mode Execution Protection (SMEP) by a Hypervisor
First Claim
1. One or more computer-readable storage mediums storing one or more sequences of instructions, which when executed by one or more processors, cause:
- executing, within a virtual machine, a guest operating system which does not support Supervisor Mode Execution Protection (SMEP); and
a hypervisor instructing hardware to enable Supervisor Mode Execution Protection (SMEP) for the virtual machine executing the guest operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.
-
Citations
27 Claims
-
1. One or more computer-readable storage mediums storing one or more sequences of instructions, which when executed by one or more processors, cause:
-
executing, within a virtual machine, a guest operating system which does not support Supervisor Mode Execution Protection (SMEP); and a hypervisor instructing hardware to enable Supervisor Mode Execution Protection (SMEP) for the virtual machine executing the guest operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
one or more processors; and one or more computer-readable storage mediums storing one or more sequences of instructions, which when executed by the one or more processors, cause; executing, within a virtual machine, a guest operating system which does not support Supervisor Mode Execution Protection (SMEP); and a hypervisor instructing hardware to enable Supervisor Mode Execution Protection (SMEP) for the virtual machine executing the guest operating system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising:
-
executing, within a virtual machine, a guest operating system which does not support Supervisor Mode Execution Protection (SMEP); and a hypervisor instructing hardware to enable Supervisor Mode Execution Protection (SMEP) for the virtual machine executing the guest operating system. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification