Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3689520pxb; Mon, 1 Feb 2021 01:57:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJwWpTVrHDXAzMK0Ith52t8lvjh3kEilPKwwTUYEDilYp9d2UVYNsh0i7tzW0awVNzwI4JVh X-Received: by 2002:aa7:cd4e:: with SMTP id v14mr18421237edw.138.1612173440689; Mon, 01 Feb 2021 01:57:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612173440; cv=none; d=google.com; s=arc-20160816; b=z28P/Tqutfnwz96URcThM9W0LtQYebp6yTQQQfgv9BX1QXqPvN4dkzBiTgjMpdOP1X ELSvAsF+7vWjirm0RKw8zqVvtljv/pRd7dHtRKjH6bPt622b1INRPp+NfwKGbqdzeX0V ETgUAh8Qu1HomQldPU0Vg+6AWIMid0lE3QzWTQZoqGcnAk/nyXa6NOuW7Ipgqxsa1hLI 6ilH1+Q2PF097vbmdJ+lQwtHICT7BkSt9bs1tpWvPyKDBp1V6xE8zpds6h+UU3Wjn4Fj 4rDCdKAsso8BX4dwBX4O29F5Ug6AHxuoaQcyiTuj4yXjjylDKyZxjRfnC0Df3w3E410A dibw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=bYahuLTeX8FuHAMkqrerZQfIs6lMnSl3Oyxb3Ct6Tco=; b=txwc8UT7S9vIz9qPJ4IiWevMnBL3XEhuoq9sSRwdJ3ki9A7Frpitxwit8Dd0sfeyDy WFFWxyn1qvfiDC6rZoUreuZS1s6AUnSZEXH9QQYQ2YzGS52OH9Ux7gBccjExH6SO/umq BH5myrpcqHHh9CUOaH2mefoz7vW7+SiZ/6bqGkFqcM/XBJEMsXD4rLn5z8NYcmlWa4OA wAPemd78ofNn7YVZcMPsnnZPanV3cPxgi402OBGSgXIP9zCSnm8V65QhwHv9dN1lCHBk pVZJsCj+YRwNrqxDy1GQ7fdfCeC2o9LksxZERddnu0NGklyubSSffKtYu43Zi/hRWSPr Py1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e10si10334015edv.269.2021.02.01.01.56.55; Mon, 01 Feb 2021 01:57:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232986AbhBAJy1 (ORCPT + 99 others); Mon, 1 Feb 2021 04:54:27 -0500 Received: from mga07.intel.com ([134.134.136.100]:22956 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232779AbhBAJyY (ORCPT ); Mon, 1 Feb 2021 04:54:24 -0500 IronPort-SDR: uY24XbNcq6vei11v5bj+xqSbebmbXxqgQXUzzgOmaNr9cmwuCVPUT87MMU1CSbrUufFg3xEfj+ IJQNk33kQrxA== X-IronPort-AV: E=McAfee;i="6000,8403,9881"; a="244743500" X-IronPort-AV: E=Sophos;i="5.79,392,1602572400"; d="scan'208";a="244743500" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2021 01:53:42 -0800 IronPort-SDR: zVgiQr9TeuhQr64iMqqAOliYb0ySwY8kR4MwpSNzx53MsS9MjlTIbS0Agn4tk/kVXb9/2FGrW5 vpv7eI1WUvMw== X-IronPort-AV: E=Sophos;i="5.79,392,1602572400"; d="scan'208";a="390834248" Received: from cqiang-mobl.ccr.corp.intel.com (HELO [10.238.1.32]) ([10.238.1.32]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2021 01:53:40 -0800 Subject: Re: [RFC 2/7] KVM: VMX: Expose IA32_PKRS MSR To: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Xiaoyao Li Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org References: <20200807084841.7112-1-chenyi.qiang@intel.com> <20200807084841.7112-3-chenyi.qiang@intel.com> <62f5f5ba-cbe9-231d-365a-80a656208e37@redhat.com> From: Chenyi Qiang Message-ID: Date: Mon, 1 Feb 2021 17:53:38 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: <62f5f5ba-cbe9-231d-365a-80a656208e37@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/27/2021 2:01 AM, Paolo Bonzini wrote: > On 07/08/20 10:48, Chenyi Qiang wrote: >> +{ >> +    struct vcpu_vmx *vmx = to_vmx(vcpu); >> +    unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap; >> +    bool pks_supported = guest_cpuid_has(vcpu, X86_FEATURE_PKS); >> + >> +    /* >> +     * set intercept for PKRS when the guest doesn't support pks >> +     */ >> +    vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_PKRS, MSR_TYPE_RW, >> !pks_supported); >> + >> +    if (pks_supported) { >> +        vm_entry_controls_setbit(vmx, VM_ENTRY_LOAD_IA32_PKRS); >> +        vm_exit_controls_setbit(vmx, VM_EXIT_LOAD_IA32_PKRS); >> +    } else { >> +        vm_entry_controls_clearbit(vmx, VM_ENTRY_LOAD_IA32_PKRS); >> +        vm_exit_controls_clearbit(vmx, VM_EXIT_LOAD_IA32_PKRS); >> +    } > > Is the guest expected to do a lot of reads/writes to the MSR (e.g. at > every context switch)? > > Even if this is the case, the MSR intercepts and the entry/exit controls > should only be done if CR4.PKS=1.  If the guest does not use PKS, KVM > should behave as if these patches did not exist. > Hi Paolo, Per the MSR intercepts and entry/exit controls, IA32_PKRS access is independent of the CR4.PKS bit, it just depends on CPUID enumeration. If the guest doesn't set CR4.PKS but still has the CPUID capability, modifying on PKRS should be supported but has no effect. IIUC, we can not ignore these controls if CR4.PKS=0. Thanks Chenyi > Paolo >