On 10/03/2016 09:27, Xiao Guangrong wrote: > So it only hurts the box which has cpu_has_load_ia32_efer support otherwise > NX is inherited from kernel (kernel always sets NX if CPU supports it), > right?
Yes, but I think !cpu_has_load_ia32_efer && SMEP does not exist. On the other hand it's really only when disabling ept, so it's a weird corner case that only happens during testing. Paolo
