From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xiao Guangrong Subject: Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept Date: Tue, 8 Mar 2016 17:32:53 +0800 Message-ID: <56DE9C45.4090504@linux.intel.com> References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com> <1457177252-7577-8-git-send-email-huaitong.han@intel.com> <56DBF834.1020309@linux.intel.com> <56DC93D1.2070204@redhat.com> <56DE6919.4060107@linux.intel.com> <56DE91BD.4010502@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Paolo Bonzini , Huaitong Han , gleb@kernel.org Return-path: Received: from mga09.intel.com ([134.134.136.24]:57727 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753497AbcCHJdT (ORCPT ); Tue, 8 Mar 2016 04:33:19 -0500 In-Reply-To: <56DE91BD.4010502@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 03/08/2016 04:47 PM, Paolo Bonzini wrote: > > > On 08/03/2016 06:54, Xiao Guangrong wrote: >> >> >> On 03/07/2016 04:32 AM, Paolo Bonzini wrote: >>> >>> >>> On 06/03/2016 10:28, Xiao Guangrong wrote: >>>>> This patch disables CPUID:PKU without ept, because pkeys is not yet >>>>> implemented for shadow paging. >>>> >>>> Does the PKRU is loaded/saved during vm-enter/vm-exit? >>> >>> Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active). >> >> You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a >> kernel parameter and this patchset did not force it on. > > Some XSAVE features (currently only MPX, but in the future PKRU too) > will force eagerfpu on, see fpu__init_system_ctx_switch: > > if (xfeatures_mask & XFEATURE_MASK_EAGER) { > if (eagerfpu == DISABLE) { > xfeatures_mask &= ~XFEATURE_MASK_EAGER; So if the kennel parameter, eagerfpu is set to "off", then eager is not enabled, so PKRU can not work in KVM? > } else { > eagerfpu = ENABLE; > } > } > > if (eagerfpu == ENABLE) > setup_force_cpu_cap(X86_FEATURE_EAGER_FPU); > > KVM only exposes a subset of the host XSAVE features so the FPU is > always eager if KVM exposes MPX and PKRU. > >> However, even if we use eager-fpu kvm still can lazily save/load due to >> some fpu optimizations in kvm. > > KVM will use eager FPU if the host uses it. See arch/x86/kvm/cpuid.c: > > vcpu->arch.eager_fpu = > use_eager_fpu() || guest_cpuid_has_mpx(vcpu); > > But the guest_cpuid_has_mpx(vcpu) check is unnecessary. The guest CPUID > cannot have MPX if the host doesn't have the BNDREGS and BNDCSR > features... Another patch to send. :) > Sorry, i missread the code, yes, if vcpu->arch.eager_fpu is true, it is always save/load fpu for every vm-exit/vm-enter. >>>> BTW, I just very quickly go through the spec, it seems VMX lacks the >>>> ability to intercept the access to PKRU. Right? >>> >>> Indeed RDPKRU/WRPKRU cannot be intercepted. >> >> Er, i was thinking using this feature to speedup write-protection for >> shadow page table and dirty-logging... it seems not easy as PKRU can not >> be intercepted. :( > > Also it only works on U=1 pages. Yes, indeed.