On 08/03/2016 06:54, Xiao Guangrong wrote:
>
>
> On 03/07/2016 04:32 AM, Paolo Bonzini wrote:
>>
>>
>> On 06/03/2016 10:28, Xiao Guangrong wrote:
>>>> This patch disables CPUID:PKU without ept, because pkeys is not yet
>>>> implemented for shadow paging.
>>>
>>> Does the PKRU is loaded/saved during vm-enter/vm-exit?
>>
>> Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active).
>
> You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a
> kernel parameter and this patchset did not force it on.
Some XSAVE features (currently only MPX, but in the future PKRU too)
will force eagerfpu on, see fpu__init_system_ctx_switch:
if (xfeatures_mask & XFEATURE_MASK_EAGER) {
if (eagerfpu == DISABLE) {
xfeatures_mask &= ~XFEATURE_MASK_EAGER;
} else {
eagerfpu = ENABLE;
}
}
if (eagerfpu == ENABLE)
setup_force_cpu_cap(X86_FEATURE_EAGER_FPU);
KVM only exposes a subset of the host XSAVE features so the FPU is
always eager if KVM exposes MPX and PKRU.
> However, even if we use eager-fpu kvm still can lazily save/load due to
> some fpu optimizations in kvm.
KVM will use eager FPU if the host uses it. See arch/x86/kvm/cpuid.c:
vcpu->arch.eager_fpu =
use_eager_fpu() || guest_cpuid_has_mpx(vcpu);
But the guest_cpuid_has_mpx(vcpu) check is unnecessary. The guest CPUID
cannot have MPX if the host doesn't have the BNDREGS and BNDCSR
features... Another patch to send. :)
>>> BTW, I just very quickly go through the spec, it seems VMX lacks the
>>> ability to intercept the access to PKRU. Right?
>>
>> Indeed RDPKRU/WRPKRU cannot be intercepted.
>
> Er, i was thinking using this feature to speedup write-protection for
> shadow page table and dirty-logging... it seems not easy as PKRU can not
> be intercepted. :(
Also it only works on U=1 pages.
Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
