On 21.05.19 17:55, Ralf Ramsauer wrote:
On 5/21/19 5:09 PM, Jan Kiszka wrote:
On 21.05.19 15:45, Ralf Ramsauer wrote:
Hi,
we have some issues enabling Jailhouse on a Intel with a pretty new CPU
(Xeon Gold 5118).
First, the CPU supports PKE and Linux will enable it (CR4, Bit 22).
Jailhouse won't start, as this bit is marked in X86_CR4_RESERVED. Didn't
have a deeper look into this on how it affects the hypervisor or
allowing it needs some special treatment, so adding nopku to the
commandline will keep the feature disabled and suffices for the moment.
Known issue, see https://github.com/siemens/jailhouse/pull/23
Aah, I remember that discussion a month ago...
So I guess it is okay to allow this feature.
What would you say, is it better to use a configuration parameter that
indicates the existence of PKE (as noted in the github discussion, we
should only respect that bit if available), or online cpuid discovery?
I guess the latter one is a bit against the philosophy, but much simpler
to implement.
Checking the code again and the comment I wrote around it, my remark in github
that we would need discovery was actually overkill: The whole purpose of
X86_CR4_RESERVED is to filter out future unknown bits. But CR4.PKE is no longer
unknown, and it is apparently safe to allow it to the root cell. IOW, that
commit was fine (if it had been submitted with signed-off here).
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/339bf164-d7b1-f9ef-2023-b6fbb9d5c098%40siemens.com.
For more options, visit https://groups.google.com/d/optout.
