From: Paolo Bonzini <pbonzini@redhat.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: jmattson@google.com,
Sean Christopherson <sean.j.christopherson@intel.com>
Subject: Re: [PATCH] kvm: x86: Use KVM CPU capabilities to determine CR4 reserved bits
Date: Mon, 18 May 2020 14:31:54 +0200 [thread overview]
Message-ID: <09cb27f8-fa02-4b37-94de-1a4d86b9bdbd@redhat.com> (raw)
In-Reply-To: <6a4daca4-6034-901a-261f-215df7d606a6@intel.com>
On 18/05/20 06:52, Xiaoyao Li wrote:
> On 5/6/2020 5:44 PM, Paolo Bonzini wrote:
>> Using CPUID data can be useful for the processor compatibility
>> check, but that's it. Using it to compute guest-reserved bits
>> can have both false positives (such as LA57 and UMIP which we
>> are already handling) and false negatives:
>
>> in particular, with
>> this patch we don't allow anymore a KVM guest to set CR4.PKE
>> when CR4.PKE is clear on the host.
>
> A common question about whether a feature can be exposed to guest:
>
> Given a feature, there is a CPUID bit to enumerate it, and a CR4 bit to
> turn it on/off. Whether the feature can be exposed to guest only depends
> on host CR4 setting? I.e., if CPUID bit is not cleared in cpu_data in
> host but host kernel doesn't set the corresponding CR4 bit to turn it
> on, we cannot expose the feature to guest. right?
It depends. The most obvious case is that the host kernel doesn't use
CR4.PSE but we even use 4MB pages to emulate paging disabled mode when
the processor doesn't support unrestricted guests.
Basically, the question is whether we are able to save/restore any
processor state attached to the CR4 bit on vmexit/vmentry. In this case
there is no PKRU field in the VMCS and the RDPKRU/WRPKRU instructions
require CR4.PKE=1; therefore, we cannot let the guest enable CR4.PKE
unless it's also enabled on the host.
Paolo
next prev parent reply other threads:[~2020-05-18 12:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 9:44 [PATCH] kvm: x86: Use KVM CPU capabilities to determine CR4 reserved bits Paolo Bonzini
2020-05-18 4:52 ` Xiaoyao Li
2020-05-18 12:31 ` Paolo Bonzini [this message]
2020-05-18 15:49 ` Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=09cb27f8-fa02-4b37-94de-1a4d86b9bdbd@redhat.com \
--to=pbonzini@redhat.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sean.j.christopherson@intel.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox