Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2016/3/8 16:47, Paolo Bonzini wrote:


On 08/03/2016 06:54, Xiao Guangrong wrote:


On 03/07/2016 04:32 AM, Paolo Bonzini wrote:


On 06/03/2016 10:28, Xiao Guangrong wrote:
This patch disables CPUID:PKU without ept, because pkeys is not yet
implemented for shadow paging.

Does the PKRU is loaded/saved during vm-enter/vm-exit?

Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active).

You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a
kernel parameter and this patchset did not force it on.

Some XSAVE features (currently only MPX, but in the future PKRU too)
will force eagerfpu on, see fpu__init_system_ctx_switch:

         if (xfeatures_mask & XFEATURE_MASK_EAGER) {
                 if (eagerfpu == DISABLE) {
                         xfeatures_mask &= ~XFEATURE_MASK_EAGER;
                 } else {
                         eagerfpu = ENABLE;
                 }
         }

         if (eagerfpu == ENABLE)
                 setup_force_cpu_cap(X86_FEATURE_EAGER_FPU);

KVM only exposes a subset of the host XSAVE features so the FPU is
always eager if KVM exposes MPX and PKRU.

However, even if we use eager-fpu kvm still can lazily save/load due to
some fpu optimizations in kvm.

KVM will use eager FPU if the host uses it.  See arch/x86/kvm/cpuid.c:

Why KVM needs to uses eager FPU if the host uses it? I remember the prerequisite for eager FPU is guest has MPX feature. Besides, i noticed the original patch only enable eager_fpu whe guest has it:

vcpu->arch.eager_fpu = guest_cpuid_has_mpx(vcpu);

Is there any discussion around this changes? I cannot find it through google. :(


	vcpu->arch.eager_fpu =
		use_eager_fpu() || guest_cpuid_has_mpx(vcpu);

But the guest_cpuid_has_mpx(vcpu) check is unnecessary.  The guest CPUID
cannot have MPX if the host doesn't have the BNDREGS and BNDCSR
features...  Another patch to send. :)

BTW, I just very quickly go through the spec, it seems VMX lacks the
ability to intercept the access to PKRU. Right?

Indeed RDPKRU/WRPKRU cannot be intercepted.

Er, i was thinking using this feature to speedup write-protection for
shadow page table and dirty-logging... it seems not easy as PKRU can not
be intercepted. :(

Also it only works on U=1 pages.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



--
best regards
yang
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux