From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept Date: Wed, 9 Mar 2016 09:13:28 +0100 Message-ID: <56DFDB28.4040506@redhat.com> References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com> <1457177252-7577-8-git-send-email-huaitong.han@intel.com> <56DBF834.1020309@linux.intel.com> <56DC93D1.2070204@redhat.com> <56DE6919.4060107@linux.intel.com> <56DE91BD.4010502@redhat.com> <56DE9C45.4090504@linux.intel.com> <56DEA33B.1010005@redhat.com> <56DFB9E4.1050609@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: kvm@vger.kernel.org To: Xiao Guangrong , Huaitong Han , gleb@kernel.org Return-path: Received: from mail-wm0-f65.google.com ([74.125.82.65]:34518 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751298AbcCIINb (ORCPT ); Wed, 9 Mar 2016 03:13:31 -0500 Received: by mail-wm0-f65.google.com with SMTP id p65so8598697wmp.1 for ; Wed, 09 Mar 2016 00:13:31 -0800 (PST) In-Reply-To: <56DFB9E4.1050609@linux.intel.com> Sender: kvm-owner@vger.kernel.org List-ID: On 09/03/2016 06:51, Xiao Guangrong wrote: >>> >> >> Yes. Neither PKRU nor MPX. >=20 > Er... I noticed fpregs is not switched if the CPU is running in KVM m= odule > (vcpu is not scheduled out and does not exit to userspace), that is w= hy > read_pkru() can be used to read guest's PKRU in the patch 4. >=20 > However, then guest can fully control the access of userspace's memor= y if > CR4.PKRU is enabled on host and KVM needs to access QEMU's memory to = do > some emulation anyway. Is it really safe=EF=BC=9F I was thinking the same, and I think you're right. We need to save/restore PKRU in vmx_vcpu_run, and access a field in kvm_arch_vcpu instead of using __read_pkru directly. Paolo