From mboxrd@z Thu Jan  1 00:00:00 1970
From: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Subject: Re: [PATCH V4 4/7] KVM, pkeys: add pkeys support for permission_fault
 logic
Date: Tue, 8 Mar 2016 13:57:13 +0800
Message-ID: <56DE69B9.3070202@linux.intel.com>
References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com>
 <1457177252-7577-5-git-send-email-huaitong.han@intel.com>
 <56DBE387.4080704@linux.intel.com> <56DC94C4.2050201@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org
To: Paolo Bonzini <pbonzini@redhat.com>,
	Huaitong Han <huaitong.han@intel.com>, gleb@kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mga11.intel.com ([192.55.52.93]:13042 "EHLO mga11.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754044AbcCHF5g (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 8 Mar 2016 00:57:36 -0500
In-Reply-To: <56DC94C4.2050201@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>



On 03/07/2016 04:36 AM, Paolo Bonzini wrote:
>
>
> On 06/03/2016 09:00, Xiao Guangrong wrote:
>>>
>>>        if (vcpu_match_mmio_gva(vcpu, gva)
>>>            && !permission_fault(vcpu, vcpu->arch.walk_mmu,
>>> -                 vcpu->arch.access, access)) {
>>> +                 vcpu->arch.access, 0, access)) {
>>
>> No. The pkey is not always 0.
>>
>> We should cache PKEY for the mmio access and use it here to check if the
>> right is adequate.
>
> This is just an optimization I think, so it can have false negatives (it
> won't have many in practice because MMIO accesses are usually done in
> supervisor mode).  The actual check is done when
> vcpu->arch.walk_mmu->gva_to_gpa is called.

Okay, this patchset disabled PKEY for soft mmu (ept = 0) so it should be safe,
however some comments would be appreciated.