Re: [PATCH] KVM: MMU: shadow nested paging does not have PKU

From: Tom Lendacky
Date: Mon Nov 29 2021 - 14:10:35 EST

Next message: Andy Shevchenko: "Re: [PATCH] ASoC: Intel: atom: Remove redundant check to simplify the code"
Previous message: Guenter Roeck: "Re: [PATCH] watchdog: da9063: Add hard dependency on I2C"
In reply to: Paolo Bonzini: "Re: [PATCH] KVM: MMU: shadow nested paging does not have PKU"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/27/21 4:25 AM, Paolo Bonzini wrote:

On 11/27/21 02:21, Lai Jiangshan wrote:

On 2021/11/26 21:21, Paolo Bonzini wrote:

Initialize the mask for PKU permissions as if CR4.PKE=0, avoiding
incorrect interpretations of the nested hypervisor's page tables.

I think the AMD64 volume2 Architecture Programmer’s Manual does not
specify it, but it seems that for a sane NPT walk, PKU should not work
in NPT.

The PK bit is not defined in the nested page fault EXITINFO1, too. Thomas, can you have it fixed in the APM that the host's SMEP, SMAP and PKE bits do not affect nested page table walks?

I talked to our documentation folks and they will look to update the APM with the appropriate information.

Thanks,
Tom

Next message: Andy Shevchenko: "Re: [PATCH] ASoC: Intel: atom: Remove redundant check to simplify the code"
Previous message: Guenter Roeck: "Re: [PATCH] watchdog: da9063: Add hard dependency on I2C"
In reply to: Paolo Bonzini: "Re: [PATCH] KVM: MMU: shadow nested paging does not have PKU"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]