On 08/03/2016 06:54, Xiao Guangrong wrote: > > > On 03/07/2016 04:32 AM, Paolo Bonzini wrote: >> >> >> On 06/03/2016 10:28, Xiao Guangrong wrote: >>>> This patch disables CPUID:PKU without ept, because pkeys is not yet >>>> implemented for shadow paging. >>> >>> Does the PKRU is loaded/saved during vm-enter/vm-exit? >> >> Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active). > > You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a > kernel parameter and this patchset did not force it on. Some XSAVE features (currently only MPX, but in the future PKRU too) will force eagerfpu on, see fpu__init_system_ctx_switch: if (xfeatures_mask & XFEATURE_MASK_EAGER) { if (eagerfpu == DISABLE) { xfeatures_mask &= ~XFEATURE_MASK_EAGER; } else { eagerfpu = ENABLE; } } if (eagerfpu == ENABLE) setup_force_cpu_cap(X86_FEATURE_EAGER_FPU); KVM only exposes a subset of the host XSAVE features so the FPU is always eager if KVM exposes MPX and PKRU. > However, even if we use eager-fpu kvm still can lazily save/load due to > some fpu optimizations in kvm. KVM will use eager FPU if the host uses it. See arch/x86/kvm/cpuid.c: vcpu->arch.eager_fpu = use_eager_fpu() || guest_cpuid_has_mpx(vcpu); But the guest_cpuid_has_mpx(vcpu) check is unnecessary. The guest CPUID cannot have MPX if the host doesn't have the BNDREGS and BNDCSR features... Another patch to send. :) >>> BTW, I just very quickly go through the spec, it seems VMX lacks the >>> ability to intercept the access to PKRU. Right? >> >> Indeed RDPKRU/WRPKRU cannot be intercepted. > > Er, i was thinking using this feature to speedup write-protection for > shadow page table and dirty-logging... it seems not easy as PKRU can not > be intercepted. :( Also it only works on U=1 pages. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html