Yeah that makes sense. It’s no longer considered reserved — even for older platforms. I submitted the patch.
Thanks, Yasser On Tue, May 21, 2019 at 12:45 PM Ralf Ramsauer < [email protected]> wrote: > Hi, > > On 5/21/19 7:43 PM, Yasser Shalabi wrote: > > Yeah, sorry been caught up and lost track of doing this. Will do it > ASAP. > > > > I’ll will also try to add some code to dynamically determine PKE support > > to avoid setting it for older platforms (Jan previously requested this). > > in Jan's last mail, he wrote that your original patch is fine: > > > Checking the code again and the comment I wrote around it, my > > remark in github that we would need discovery was actually overkill: > > The whole purpose of X86_CR4_RESERVED is to filter out future unknown > > bits. But CR4.PKE is no longer unknown, and it is apparently safe to > > allow it to the root cell. IOW, that commit was fine (if it had been > > submitted > > Ralf > > > > > Thanks for the reminder. > > > > Yasser > > > > On Tue, May 21, 2019 at 12:38 PM Ralf Ramsauer > > <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi Yasser, > > > > I hit the same CR4 PKE-bit case as you did a month ago. > > > > May I ask you to resend the patch (with a Signed-Off line) to the > > mailing list? > > > > Thanks > > Ralf > > > > On 5/21/19 6:38 PM, Jan Kiszka wrote: > > > On 21.05.19 17:55, Ralf Ramsauer wrote: > > >> > > >> > > >> On 5/21/19 5:09 PM, Jan Kiszka wrote: > > >>> On 21.05.19 15:45, Ralf Ramsauer wrote: > > >>>> Hi, > > >>>> > > >>>> we have some issues enabling Jailhouse on a Intel with a pretty > > new CPU > > >>>> (Xeon Gold 5118). > > >>>> > > >>>> First, the CPU supports PKE and Linux will enable it (CR4, Bit > 22). > > >>>> Jailhouse won't start, as this bit is marked in > X86_CR4_RESERVED. > > >>>> Didn't > > >>>> have a deeper look into this on how it affects the hypervisor or > > >>>> allowing it needs some special treatment, so adding nopku to the > > >>>> commandline will keep the feature disabled and suffices for the > > moment. > > >>>> > > >>> > > >>> Known issue, see https://github.com/siemens/jailhouse/pull/23 > > >> > > >> Aah, I remember that discussion a month ago... > > >> > > >> So I guess it is okay to allow this feature. > > >> > > >> What would you say, is it better to use a configuration parameter > > that > > >> indicates the existence of PKE (as noted in the github > discussion, we > > >> should only respect that bit if available), or online cpuid > > discovery? > > >> > > >> I guess the latter one is a bit against the philosophy, but much > > simpler > > >> to implement. > > >> > > > > > > Checking the code again and the comment I wrote around it, my > > remark in > > > github that we would need discovery was actually overkill: The > whole > > > purpose of X86_CR4_RESERVED is to filter out future unknown bits. > But > > > CR4.PKE is no longer unknown, and it is apparently safe to allow > it to > > > the root cell. IOW, that commit was fine (if it had been submitted > > with > > > signed-off here). > > > > > > Jan > > > > > > > -- > > You received this message because you are subscribed to the Google > > Groups "Jailhouse" group. > > To unsubscribe from this group and stop receiving emails from it, send > > an email to [email protected] > > <mailto:[email protected]>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/jailhouse-dev/CACkfA5tm2H-LeU0MnQWM0TZGOOoeSjuAY8FeRNRODQCceJr-8A%40mail.gmail.com > > < > https://groups.google.com/d/msgid/jailhouse-dev/CACkfA5tm2H-LeU0MnQWM0TZGOOoeSjuAY8FeRNRODQCceJr-8A%40mail.gmail.com?utm_medium=email&utm_source=footer > >. > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/CACkfA5t%3DYfZzQBoY2Ci7201e6uJwA-_3fy9p_DjBSQYhBNnBqQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
