From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xiao Guangrong Subject: Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept Date: Tue, 8 Mar 2016 13:54:33 +0800 Message-ID: <56DE6919.4060107@linux.intel.com> References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com> <1457177252-7577-8-git-send-email-huaitong.han@intel.com> <56DBF834.1020309@linux.intel.com> <56DC93D1.2070204@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Paolo Bonzini , Huaitong Han , gleb@kernel.org Return-path: Received: from mga01.intel.com ([192.55.52.88]:33990 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751534AbcCHFy4 (ORCPT ); Tue, 8 Mar 2016 00:54:56 -0500 In-Reply-To: <56DC93D1.2070204@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 03/07/2016 04:32 AM, Paolo Bonzini wrote: > > > On 06/03/2016 10:28, Xiao Guangrong wrote: >>> This patch disables CPUID:PKU without ept, because pkeys is not yet >>> implemented for shadow paging. >> >> Does the PKRU is loaded/saved during vm-enter/vm-exit? > > Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active). You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a kernel parameter and this patchset did not force it on. However, even if we use eager-fpu kvm still can lazily save/load due to some fpu optimizations in kvm. >> BTW, I just very quickly go through the spec, it seems VMX lacks the >> ability to intercept the access to PKRU. Right? > > Indeed RDPKRU/WRPKRU cannot be intercepted. Er, i was thinking using this feature to speedup write-protection for shadow page table and dirty-logging... it seems not easy as PKRU can not be intercepted. :(