Re: [RFC 2/7] KVM: VMX: Expose IA32_PKRS MSR

[Chenyi Qiang]

On 1/27/2021 2:01 AM, Paolo Bonzini wrote:
> On 07/08/20 10:48, Chenyi Qiang wrote:
> > +{
> > +    struct vcpu_vmx *vmx = to_vmx(vcpu);
> > +    unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
> > +    bool pks_supported = guest_cpuid_has(vcpu, X86_FEATURE_PKS);
> > +
> > +    /*
> > +     * set intercept for PKRS when the guest doesn't support pks
> > +     */
> > +    vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_PKRS, MSR_TYPE_RW, 
> > !pks_supported);
> > +
> > +    if (pks_supported) {
> > +        vm_entry_controls_setbit(vmx, VM_ENTRY_LOAD_IA32_PKRS);
> > +        vm_exit_controls_setbit(vmx, VM_EXIT_LOAD_IA32_PKRS);
> > +    } else {
> > +        vm_entry_controls_clearbit(vmx, VM_ENTRY_LOAD_IA32_PKRS);
> > +        vm_exit_controls_clearbit(vmx, VM_EXIT_LOAD_IA32_PKRS);
> > +    }
>
> Is the guest expected to do a lot of reads/writes to the MSR (e.g. at 
> every context switch)?
>
> Even if this is the case, the MSR intercepts and the entry/exit controls 
> should only be done if CR4.PKS=1.  If the guest does not use PKS, KVM 
> should behave as if these patches did not exist.

Hi Paolo,

Per the MSR intercepts and entry/exit controls, IA32_PKRS access is 
independent of the CR4.PKS bit, it just depends on CPUID enumeration. If 
the guest doesn't set CR4.PKS but still has the CPUID capability, 
modifying on PKRS should be supported but has no effect. IIUC, we can 
not ignore these controls if CR4.PKS=0.

Thanks
Chenyi

> Paolo