Re: [PATCH] KVM: MMU: shadow nested paging does not have PKU

[Paolo Bonzini <pbonzini@redhat.com>]

On 11/27/21 02:21, Lai Jiangshan wrote:
> 
> 
> On 2021/11/26 21:21, Paolo Bonzini wrote:
>> Initialize the mask for PKU permissions as if CR4.PKE=0, avoiding
>> incorrect interpretations of the nested hypervisor's page tables.
> 
> I think the AMD64 volume2 Architecture Programmer’s Manual does not
> specify it, but it seems that for a sane NPT walk, PKU should not work
> in NPT.

The PK bit is not defined in the nested page fault EXITINFO1, too. 
Thomas, can you have it fixed in the APM that the host's SMEP, SMAP and 
PKE bits do not affect nested page table walks?

> I once planed to set
> 
>      cr0 = X86_CR0_PG | X86_CR0_WP;
>      cr4 = cr4 & ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
> 
> It adds X86_CR0_WP and removes smep smap just because it is always usermode
> access, and it has no meaning for CR0_WP, smep, smap.  Setting it like this
> ways can reduce the role combination.

Adding WP is a good idea (the host hCR0.WP bit is ignored under nested 
paging).  Adding PG is unnecessary though, it must be on.

Removing SMEP and SMAP makes sense, but not really because of the role 
(if you add WP, then SMEP and SMAP are not part of the role because SMEP 
& ~WP and SMAP & ~WP are both zero).  Special-casing hCR4.SMEP basically 
allows us to implement Guest Mode Execute Trap essentially for free and 
even on older processors, because it's the same thing as SMEP---just 
governed by a field in the VMCB control area instead of host CR4.

I'll send a v2 that also removes WP, SMEP and SMAP.

>> -    update_pkru_bitmask(context);
>> +    context->pkru_mask = 0;
> 
> It is not worth to optimize it since update_pkru_bitmask() will also just
> set context->pkru_mask = 0 and then return.

I didn't think of it as an optimization, but I can undo it.

Paolo