Yeah, sorry been caught up and lost track of doing this. Will do it ASAP. I’ll will also try to add some code to dynamically determine PKE support to avoid setting it for older platforms (Jan previously requested this).
Thanks for the reminder. Yasser On Tue, May 21, 2019 at 12:38 PM Ralf Ramsauer < [email protected]> wrote: > Hi Yasser, > > I hit the same CR4 PKE-bit case as you did a month ago. > > May I ask you to resend the patch (with a Signed-Off line) to the > mailing list? > > Thanks > Ralf > > On 5/21/19 6:38 PM, Jan Kiszka wrote: > > On 21.05.19 17:55, Ralf Ramsauer wrote: > >> > >> > >> On 5/21/19 5:09 PM, Jan Kiszka wrote: > >>> On 21.05.19 15:45, Ralf Ramsauer wrote: > >>>> Hi, > >>>> > >>>> we have some issues enabling Jailhouse on a Intel with a pretty new > CPU > >>>> (Xeon Gold 5118). > >>>> > >>>> First, the CPU supports PKE and Linux will enable it (CR4, Bit 22). > >>>> Jailhouse won't start, as this bit is marked in X86_CR4_RESERVED. > >>>> Didn't > >>>> have a deeper look into this on how it affects the hypervisor or > >>>> allowing it needs some special treatment, so adding nopku to the > >>>> commandline will keep the feature disabled and suffices for the > moment. > >>>> > >>> > >>> Known issue, see https://github.com/siemens/jailhouse/pull/23 > >> > >> Aah, I remember that discussion a month ago... > >> > >> So I guess it is okay to allow this feature. > >> > >> What would you say, is it better to use a configuration parameter that > >> indicates the existence of PKE (as noted in the github discussion, we > >> should only respect that bit if available), or online cpuid discovery? > >> > >> I guess the latter one is a bit against the philosophy, but much simpler > >> to implement. > >> > > > > Checking the code again and the comment I wrote around it, my remark in > > github that we would need discovery was actually overkill: The whole > > purpose of X86_CR4_RESERVED is to filter out future unknown bits. But > > CR4.PKE is no longer unknown, and it is apparently safe to allow it to > > the root cell. IOW, that commit was fine (if it had been submitted with > > signed-off here). > > > > Jan > > > -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/CACkfA5tm2H-LeU0MnQWM0TZGOOoeSjuAY8FeRNRODQCceJr-8A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
