| Message ID | 20211216095421.12871-2-andrew.cooper3@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86: Support PKS | expand |
On 16.12.2021 10:54, Andrew Cooper wrote: > Protection Key Supervisor works in a very similar way to Protection Key User, > except that instead of a PKRU register used by the {RD,WR}PKRU instructions, > the supervisor protection settings live in MSR_PKRS and is accessed using > normal {RD,WR}MSR instructions. > > PKS has the same problematic interactions with PV guests as PKU (more infact, > given the guest kernel's CPL), so we'll only support this for HVM guests for > now. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index e1acf6648db4..efd01fd5c5b5 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -211,6 +211,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx512-vpopcntdq",0x00000007,0,CPUID_REG_ECX, 14, 1}, {"rdpid", 0x00000007, 0, CPUID_REG_ECX, 22, 1}, {"cldemote", 0x00000007, 0, CPUID_REG_ECX, 25, 1}, + {"pks", 0x00000007, 0, CPUID_REG_ECX, 31, 1}, {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index fb36cac07baa..f5b67acacc48 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -133,7 +133,7 @@ static const char *const str_7c0[32] = /* 24 */ [25] = "cldemote", /* 26 */ [27] = "movdiri", [28] = "movdir64b", [29] = "enqcmd", - [30] = "sgx-lc", + [30] = "sgx-lc", [31] = "pks", }; static const char *const str_e7d[32] = diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index ab68ef2681a9..3a1b4438e939 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -122,6 +122,8 @@ #define MSR_PL3_SSP 0x000006a7 #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 +#define MSR_PKRS 0x000006e1 + #define MSR_X2APIC_FIRST 0x00000800 #define MSR_X2APIC_LAST 0x00000bff diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/asm/x86-defns.h index 28628807cb98..37bbb3594e88 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -74,6 +74,7 @@ #define X86_CR4_SMAP 0x00200000 /* enable SMAP */ #define X86_CR4_PKE 0x00400000 /* enable PKE */ #define X86_CR4_CET 0x00800000 /* Control-flow Enforcement Technology */ +#define X86_CR4_PKS 0x01000000 /* Protection Key Supervisor */ /* * XSTATE component flags in XCR0 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 647ee9e5e277..79a8f244d88a 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -244,6 +244,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE instruction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ +XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor */ /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */
Protection Key Supervisor works in a very similar way to Protection Key User, except that instead of a PKRU register used by the {RD,WR}PKRU instructions, the supervisor protection settings live in MSR_PKRS and is accessed using normal {RD,WR}MSR instructions. PKS has the same problematic interactions with PV guests as PKU (more infact, given the guest kernel's CPL), so we'll only support this for HVM guests for now. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Jan Beulich <JBeulich@suse.com> CC: Roger Pau Monné <roger.pau@citrix.com> CC: Wei Liu <wl@xen.org> --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/include/asm/msr-index.h | 2 ++ xen/arch/x86/include/asm/x86-defns.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 6 insertions(+), 1 deletion(-)