Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/08/2016 04:47 PM, Paolo Bonzini wrote:



On 08/03/2016 06:54, Xiao Guangrong wrote:



On 03/07/2016 04:32 AM, Paolo Bonzini wrote:



On 06/03/2016 10:28, Xiao Guangrong wrote:

This patch disables CPUID:PKU without ept, because pkeys is not yet
implemented for shadow paging.


Does the PKRU is loaded/saved during vm-enter/vm-exit?


Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active).


You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a
kernel parameter and this patchset did not force it on.


Some XSAVE features (currently only MPX, but in the future PKRU too)
will force eagerfpu on, see fpu__init_system_ctx_switch:

         if (xfeatures_mask & XFEATURE_MASK_EAGER) {
                 if (eagerfpu == DISABLE) {
                         xfeatures_mask &= ~XFEATURE_MASK_EAGER;


So if the kennel parameter, eagerfpu is set to "off", then eager is not
enabled, so PKRU can not work in KVM?


                 } else {
                         eagerfpu = ENABLE;
                 }
         }

         if (eagerfpu == ENABLE)
                 setup_force_cpu_cap(X86_FEATURE_EAGER_FPU);

KVM only exposes a subset of the host XSAVE features so the FPU is
always eager if KVM exposes MPX and PKRU.


However, even if we use eager-fpu kvm still can lazily save/load due to
some fpu optimizations in kvm.


KVM will use eager FPU if the host uses it.  See arch/x86/kvm/cpuid.c:

	vcpu->arch.eager_fpu =
		use_eager_fpu() || guest_cpuid_has_mpx(vcpu);




But the guest_cpuid_has_mpx(vcpu) check is unnecessary.  The guest CPUID
cannot have MPX if the host doesn't have the BNDREGS and BNDCSR
features...  Another patch to send. :)



Sorry, i missread the code, yes, if vcpu->arch.eager_fpu is true, it is
always save/load fpu for every vm-exit/vm-enter.


BTW, I just very quickly go through the spec, it seems VMX lacks the
ability to intercept the access to PKRU. Right?


Indeed RDPKRU/WRPKRU cannot be intercepted.


Er, i was thinking using this feature to speedup write-protection for
shadow page table and dirty-logging... it seems not easy as PKRU can not
be intercepted. :(


Also it only works on U=1 pages.


Yes, indeed.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux