On 2016/3/5 19:27, Huaitong Han wrote:
Pkeys is disabled if CPU is in non-paging mode in hardware. However KVM always uses paging mode to emulate guest non-paging, mode with TDP. To emulate this behavior, pkeys needs to be manually disabled when guest switches to non-paging mode. Signed-off-by: Huaitong Han <huaitong.han@xxxxxxxxx> --- Changes in v4: *Patch has rebased on http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/log/?h=mm/pkeys arch/x86/kvm/vmx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index e2951b6..db33c22 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3855,13 +3855,13 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) if (!enable_unrestricted_guest && !is_paging(vcpu))
The comment says "Pkeys is disabled if CPU is in non-paging mode in hardware". Why to check enable_unrestricted_guest here?
/* - * SMEP/SMAP is disabled if CPU is in non-paging mode in + * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in * hardware. However KVM always uses paging mode without * unrestricted guest. - * To emulate this behavior, SMEP/SMAP needs to be manually + * To emulate this behavior, SMEP/SMAP/PKU needs to be manually * disabled when guest switches to non-paging mode. */ - hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP); + hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE); vmcs_writel(CR4_READ_SHADOW, cr4); vmcs_writel(GUEST_CR4, hw_cr4);
-- best regards yang -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html