From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept
Date: Tue, 8 Mar 2016 09:47:57 +0100
Message-ID: <56DE91BD.4010502@redhat.com>
References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com>
 <1457177252-7577-8-git-send-email-huaitong.han@intel.com>
 <56DBF834.1020309@linux.intel.com> <56DC93D1.2070204@redhat.com>
 <56DE6919.4060107@linux.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org
To: Xiao Guangrong <guangrong.xiao@linux.intel.com>,
	Huaitong Han <huaitong.han@intel.com>, gleb@kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-wm0-f66.google.com ([74.125.82.66]:33515 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753938AbcCHIsI (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 8 Mar 2016 03:48:08 -0500
Received: by mail-wm0-f66.google.com with SMTP id n186so2758618wmn.0
        for <kvm@vger.kernel.org>; Tue, 08 Mar 2016 00:48:08 -0800 (PST)
In-Reply-To: <56DE6919.4060107@linux.intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>



On 08/03/2016 06:54, Xiao Guangrong wrote:
> 
> 
> On 03/07/2016 04:32 AM, Paolo Bonzini wrote:
>>
>>
>> On 06/03/2016 10:28, Xiao Guangrong wrote:
>>>> This patch disables CPUID:PKU without ept, because pkeys is not yet
>>>> implemented for shadow paging.
>>>
>>> Does the PKRU is loaded/saved during vm-enter/vm-exit?
>>
>> Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active).
> 
> You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a
> kernel parameter and this patchset did not force it on.

Some XSAVE features (currently only MPX, but in the future PKRU too)
will force eagerfpu on, see fpu__init_system_ctx_switch:

        if (xfeatures_mask & XFEATURE_MASK_EAGER) {
                if (eagerfpu == DISABLE) {
                        xfeatures_mask &= ~XFEATURE_MASK_EAGER;
                } else {
                        eagerfpu = ENABLE;
                }
        }

        if (eagerfpu == ENABLE)
                setup_force_cpu_cap(X86_FEATURE_EAGER_FPU);

KVM only exposes a subset of the host XSAVE features so the FPU is
always eager if KVM exposes MPX and PKRU.

> However, even if we use eager-fpu kvm still can lazily save/load due to
> some fpu optimizations in kvm.

KVM will use eager FPU if the host uses it.  See arch/x86/kvm/cpuid.c:

	vcpu->arch.eager_fpu =
		use_eager_fpu() || guest_cpuid_has_mpx(vcpu);

But the guest_cpuid_has_mpx(vcpu) check is unnecessary.  The guest CPUID
cannot have MPX if the host doesn't have the BNDREGS and BNDCSR
features...  Another patch to send. :)

>>> BTW, I just very quickly go through the spec, it seems VMX lacks the
>>> ability to intercept the access to PKRU. Right?
>>
>> Indeed RDPKRU/WRPKRU cannot be intercepted.
> 
> Er, i was thinking using this feature to speedup write-protection for
> shadow page table and dirty-logging... it seems not easy as PKRU can not
> be intercepted. :(

Also it only works on U=1 pages.

Paolo