From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: [PATCH V4 7/7] KVM, pkeys: disable PKU feature without ept Date: Wed, 9 Mar 2016 09:18:31 +0100 Message-ID: <56DFDC57.8020604@redhat.com> References: <1457177252-7577-1-git-send-email-huaitong.han@intel.com> <1457177252-7577-8-git-send-email-huaitong.han@intel.com> <56DBF834.1020309@linux.intel.com> <56DC93D1.2070204@redhat.com> <56DE6919.4060107@linux.intel.com> <56DE91BD.4010502@redhat.com> <56DE9C45.4090504@linux.intel.com> <56DEA33B.1010005@redhat.com> <56DFB9E4.1050609@linux.intel.com> <56DFC4BE.8080406@gmail.com> <56DFCEE2.3030101@linux.intel.com> <56DFD3AE.8070509@gmail.com> <56DFD5D6.3030104@linux.intel.com> <56DFD826.6000308@gmail.com> <56DFD95F.1010108@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Xiao Guangrong , Yang Zhang , Huaitong Han , gleb@kernel.org Return-path: Received: from mail-wm0-f65.google.com ([74.125.82.65]:35911 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751891AbcCIISf (ORCPT ); Wed, 9 Mar 2016 03:18:35 -0500 Received: by mail-wm0-f65.google.com with SMTP id l68so8585357wml.3 for ; Wed, 09 Mar 2016 00:18:34 -0800 (PST) In-Reply-To: <56DFD95F.1010108@linux.intel.com> Sender: kvm-owner@vger.kernel.org List-ID: On 09/03/2016 09:05, Xiao Guangrong wrote: >> Besides, should we consider host's setting when guest is running? > > We should. No reason stop QEMU and other KVM-based hypervisors using > protection-key. :) This is a bit tricky. Without pkey support in EPT, you'd also have to: 1) save the host PKRU somewhere in kvm_mmu between invocations of KVM_RUN, and call kvm_mmu_reset_context when it changes; 2) get the pkeys from the host pages, compute ad/wd, and use it to fill in the permissions for the shadow or EPT page tables; 3) add ad/wd to the page role. So it's a good feature, but it should be a separate one. Paolo