On 08/03/2016 13:09, Yang Zhang wrote: >> >> if (!enable_unrestricted_guest && !is_paging(vcpu)) > > The comment says "Pkeys is disabled if CPU is in non-paging mode in > hardware". Why to check enable_unrestricted_guest here? If !enable_unrestricted_guest, the CPU is always running with CR0.PG=1 and CR4 needs to be modified. If enable_unrestricted_guest, the CPU automatically disables SMEP/SMAP/PKU when the guest sets CR0.PG=0. Paolo >> /* >> - * SMEP/SMAP is disabled if CPU is in non-paging mode in >> + * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in >> * hardware. However KVM always uses paging mode without >> * unrestricted guest. >> - * To emulate this behavior, SMEP/SMAP needs to be manually >> + * To emulate this behavior, SMEP/SMAP/PKU needs to be manually >> * disabled when guest switches to non-paging mode. >> */ >> - hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP); >> + hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE); -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
