On 24/08/2017 11:09, Yang Zhang wrote:
>> + if (static_cpu_has(X86_FEATURE_OSPKE) &&
>
> We expose protection key to VM without check whether OSPKE is enabled or
> not. Why not check guest's cpuid here which also can avoid unnecessary
> access to pkru?
Checking guest CPUID is pretty slow. We could check CR4.PKE though.
Also, using static_cpu_has with OSPKE is probably wrong. But if we do
check CR4.PKE, we can check X86_FEATURE_PKU instead, so something like
if (static_cpu_has(X86_FEATURE_PKU) &&
kvm_read_cr4_bits(vcpu, X86_CR4_PKE) &&
vcpu->arch.pkru != vmx->host_pkru)
... but then, kvm_read_cr4_bits is also pretty slow---and we don't
really need it, since all CR4 writes cause a vmexit. So for now I'd
stay with this patch, only s/static_cpu_has/boot_cpu_has/g.
Of course you can send improvements on top!
Paolo
>> + vcpu->arch.pkru != vmx->host_pkru)
>> + __write_pkru(vcpu->arch.pkru);
