| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40adf946-79ad-87cd-8bfd-6db4dfdbefc3@redhat.com>
Date: Thu, 24 Aug 2017 11:19:33 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Yang Zhang <yang.zhang.wz@...il.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: junkang.fjk@...baba-inc.com
Subject: Re: [PATCH 1/2] KVM: x86: simplify handling of PKRU
On 24/08/2017 11:09, Yang Zhang wrote:
>> + if (static_cpu_has(X86_FEATURE_OSPKE) &&
>
> We expose protection key to VM without check whether OSPKE is enabled or
> not. Why not check guest's cpuid here which also can avoid unnecessary
> access to pkru?
Checking guest CPUID is pretty slow. We could check CR4.PKE though.
Also, using static_cpu_has with OSPKE is probably wrong. But if we do
check CR4.PKE, we can check X86_FEATURE_PKU instead, so something like
if (static_cpu_has(X86_FEATURE_PKU) &&
kvm_read_cr4_bits(vcpu, X86_CR4_PKE) &&
vcpu->arch.pkru != vmx->host_pkru)
... but then, kvm_read_cr4_bits is also pretty slow---and we don't
really need it, since all CR4 writes cause a vmexit. So for now I'd
stay with this patch, only s/static_cpu_has/boot_cpu_has/g.
Of course you can send improvements on top!
Paolo
>> + vcpu->arch.pkru != vmx->host_pkru)
>> + __write_pkru(vcpu->arch.pkru);
Powered by blists - more mailing lists