From mboxrd@z Thu Jan  1 00:00:00 1970
From: Yang Zhang <yang.zhang.wz@gmail.com>
Subject: Re: [PATCH V4 2/7] KVM, pkeys: disable pkeys for guests in non-paging
 mode
Date: Tue, 8 Mar 2016 20:09:50 +0800
Message-ID: <56DEC10E.60903@gmail.com>
References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com>
 <1457177252-7577-3-git-send-email-huaitong.han@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org
To: Huaitong Han <huaitong.han@intel.com>, pbonzini@redhat.com,
	gleb@kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-vk0-f68.google.com ([209.85.213.68]:35387 "EHLO
	mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932068AbcCHMJz (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 8 Mar 2016 07:09:55 -0500
Received: by mail-vk0-f68.google.com with SMTP id e185so1123877vkb.2
        for <kvm@vger.kernel.org>; Tue, 08 Mar 2016 04:09:55 -0800 (PST)
In-Reply-To: <1457177252-7577-3-git-send-email-huaitong.han@intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 2016/3/5 19:27, Huaitong Han wrote:
> Pkeys is disabled if CPU is in non-paging mode in hardware. However KVM
> always uses paging mode to emulate guest non-paging, mode with TDP. To
> emulate this behavior, pkeys needs to be manually disabled when guest
> switches to non-paging mode.
>
> Signed-off-by: Huaitong Han <huaitong.han@intel.com>
> ---
> Changes in v4:
> *Patch has rebased on http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/log/?h=mm/pkeys
>
>   arch/x86/kvm/vmx.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index e2951b6..db33c22 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3855,13 +3855,13 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
>
>   	if (!enable_unrestricted_guest && !is_paging(vcpu))

The comment says "Pkeys is disabled if CPU is in non-paging mode in 
hardware". Why to check enable_unrestricted_guest here?

>   		/*
> -		 * SMEP/SMAP is disabled if CPU is in non-paging mode in
> +		 * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in
>   		 * hardware.  However KVM always uses paging mode without
>   		 * unrestricted guest.
> -		 * To emulate this behavior, SMEP/SMAP needs to be manually
> +		 * To emulate this behavior, SMEP/SMAP/PKU needs to be manually
>   		 * disabled when guest switches to non-paging mode.
>   		 */
> -		hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
> +		hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
>
>   	vmcs_writel(CR4_READ_SHADOW, cr4);
>   	vmcs_writel(GUEST_CR4, hw_cr4);
>


-- 
best regards
yang