From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yang Zhang Subject: Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept Date: Wed, 9 Mar 2016 14:24:06 +0800 Message-ID: <56DFC186.6020604@gmail.com> References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com> <1457177252-7577-8-git-send-email-huaitong.han@intel.com> <56DBF834.1020309@linux.intel.com> <56DC93D1.2070204@redhat.com> <56DE6919.4060107@linux.intel.com> <56DE91BD.4010502@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Paolo Bonzini , Xiao Guangrong , Huaitong Han , gleb@kernel.org Return-path: Received: from mail-pa0-f65.google.com ([209.85.220.65]:35593 "EHLO mail-pa0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751085AbcCIGYM (ORCPT ); Wed, 9 Mar 2016 01:24:12 -0500 Received: by mail-pa0-f65.google.com with SMTP id fl4so2604710pad.2 for ; Tue, 08 Mar 2016 22:24:11 -0800 (PST) In-Reply-To: <56DE91BD.4010502@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 2016/3/8 16:47, Paolo Bonzini wrote: > > > On 08/03/2016 06:54, Xiao Guangrong wrote: >> >> >> On 03/07/2016 04:32 AM, Paolo Bonzini wrote: >>> >>> >>> On 06/03/2016 10:28, Xiao Guangrong wrote: >>>>> This patch disables CPUID:PKU without ept, because pkeys is not yet >>>>> implemented for shadow paging. >>>> >>>> Does the PKRU is loaded/saved during vm-enter/vm-exit? >>> >>> Yes, through XSAVE/XRSTOR (which uses eager mode when PKE is active). >> >> You mean eager fpu? however, eager-fpu depends on 'eagerfpu' which is a >> kernel parameter and this patchset did not force it on. > > Some XSAVE features (currently only MPX, but in the future PKRU too) > will force eagerfpu on, see fpu__init_system_ctx_switch: > > if (xfeatures_mask & XFEATURE_MASK_EAGER) { > if (eagerfpu == DISABLE) { > xfeatures_mask &= ~XFEATURE_MASK_EAGER; > } else { > eagerfpu = ENABLE; > } > } > > if (eagerfpu == ENABLE) > setup_force_cpu_cap(X86_FEATURE_EAGER_FPU); > > KVM only exposes a subset of the host XSAVE features so the FPU is > always eager if KVM exposes MPX and PKRU. > >> However, even if we use eager-fpu kvm still can lazily save/load due to >> some fpu optimizations in kvm. > > KVM will use eager FPU if the host uses it. See arch/x86/kvm/cpuid.c: Why KVM needs to uses eager FPU if the host uses it? I remember the prerequisite for eager FPU is guest has MPX feature. Besides, i noticed the original patch only enable eager_fpu whe guest has it: vcpu->arch.eager_fpu = guest_cpuid_has_mpx(vcpu); Is there any discussion around this changes? I cannot find it through google. :( > > vcpu->arch.eager_fpu = > use_eager_fpu() || guest_cpuid_has_mpx(vcpu); > > But the guest_cpuid_has_mpx(vcpu) check is unnecessary. The guest CPUID > cannot have MPX if the host doesn't have the BNDREGS and BNDCSR > features... Another patch to send. :) > >>>> BTW, I just very quickly go through the spec, it seems VMX lacks the >>>> ability to intercept the access to PKRU. Right? >>> >>> Indeed RDPKRU/WRPKRU cannot be intercepted. >> >> Er, i was thinking using this feature to speedup write-protection for >> shadow page table and dirty-logging... it seems not easy as PKRU can not >> be intercepted. :( > > Also it only works on U=1 pages. > > Paolo > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- best regards yang