From patchwork Thu Dec 16 09:54:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12680575 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 59246C433EF for ; Thu, 16 Dec 2021 09:54:53 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.247794.427307 (Exim 4.92) (envelope-from ) id 1mxnTJ-0005A3-3Y; Thu, 16 Dec 2021 09:54:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 247794.427307; Thu, 16 Dec 2021 09:54:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTI-00059w-Vp; Thu, 16 Dec 2021 09:54:44 +0000 Received: by outflank-mailman (input) for mailman id 247794; Thu, 16 Dec 2021 09:54:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTI-00058M-JP for xen-devel@lists.xenproject.org; Thu, 16 Dec 2021 09:54:44 +0000 Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 3070c026-5e56-11ec-85d3-df6b77346a89; Thu, 16 Dec 2021 10:54:43 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 3070c026-5e56-11ec-85d3-df6b77346a89 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1639648482; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ihpelIPg6Kn5U7wqbrqGt9VXxmF63gDVFbDxvOc0uT0=; b=d16DqkhE4Ug2SSVDn/vDRHYlvSYliVxymRpXB1geJjgoTL10qdRZwR3z T9goOdYkjw5OA9OrpLY4hCaq+umdXviXcdrQg+ZAYLDGjOSLf4P90mYFn AQgPTCUQ9kQJkzv2ZuR2BsuG4O4TXp6rSMCKZ3YzmNWub3zgewTBmU+oD 8=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: 8mJNhzLqrse/pUMk4lmSKtVCbNxIRcPVqSRHnU04+4QVkbCaNgtMpdIZnPrQOuJRV2onTGUI+D yb6jLXj+oP4kQO7xN7LqguwBn3k/D3abfMAbjrQdnY9fP1ck5igdTcGV/YIv5zYr2St4ljfXbO 75u4ULpsj3BPomrZfcLQp8HtMARCfh+q/AqTFA61fdxD3e/UGbwgYIj8CEng2w5q3fXogNnpHM gnDpgit0lLczdtZUI9BEyiSfk+pK+xiD9dbg7p6ScwZQAE1L3VfIddg9APUmAQUxMpk+pyk9OT HLen+MHlam8XSVRz/N1VrVjr X-SBRS: 5.1 X-MesageID: 60174026 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:C1JfhaP3PMAQYWjvrR1okMFynXyQoLVcMsEvi/4bfWQNrUon0zJVn DQZDGqAa66KZzb9eNFzaN/goBkD6MKEm95lSQto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdpJYz/uUGuCJQUNUjMlkfZKhTr6UUsxNbVU8En5400s9w7RRbrNA2rBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2zhH5OKk3N6CpR0YUd6EPdgKMq 0Qv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOK/WNz8A/+v9TCRYSVatYowyUn4Bq7 upijre1azg3EuqTibw5ChYNRkmSPYUekFPGCX22sMjVxEzaaXr8hf5pCSnaP6VBpLwxWzsXs 6VFdnZdNXhvhMrvqF6/YsBqit4uM4/AO4QHt2s75TrYEewnUdbIRKCiCdpwgm9p2ZwWR6i2i 8wxYCRwYErhXTh1Zmg4EL4PoeGq1l7mfGgNwL6SjfVuuDWCpOBr65DyNPLFd9rMQt9a9m66j G/b+2XyAjkBKceSjzGC9xqEluLJ2C/2Ro8WPLm57eJxxk2ewHQJDx8bXkf9puO24nNSQPoGd RZSoHB36/Fvqgr7FbERQiFUvla9ox5MQPxvPNYR7SOy1IaTvBfBIjELG2sphMMdiOc6Qjkj1 1msltzvBCByvLD9dU9x5ot4vhvpZ3FLcDZqiTssCFJcvoK9+N1bYgfnF447SMaIYsvJ9SYcK txghAw3nP0tgMECzM1XFniX0mv39vAlouPYjzg7v15JDCslNOZJhKTysDA3CMqsyq7DFDFtW 1BexKCjABgmV83lqcB0aLxl8EuVz/iEKibAplVkAoMs8T+gk1b6I9sBvWAlexc0aJ5fEdMMX KM1kVkLjHO0FCH1BZKbnqrrU5h6pUQePYqNug/ogipmPcEqKV7vENBGbk+MxWH9+HXAYolkU ap3hf2EVC5AYYw+lWLeb75EjdcDm3BvrUuOFMuT50n2jtKjiIu9FO5t3K2mNbtisstpYWz9r r5iCid940kFDbClPHCIqdV7wJJjBSFTOK0aYvd/LoarSjeK0kl7YxMI6b9+KYFjgYpPkeLEo iO0VkNCkQKtjnzbMwSaLHtkbeq3D5p4qHs6Ow0qPEqphCd/Mdr+sv9HestlZ6Qj+cxi0eVwE 6sPdfKfD6kdUT/A4TkcM8Xw9dQwaBSxiAuSFCO5ezxjLYV4TgnE94a8LAvi/SUDFAStss46r +Hy3w/XW8NbFQ9jENzXeLSkyFbo5SoRn+d7Xk3pJNhPeRqzrNg2enKp1vJuepMCMxTOwDeex j26OxZAqLmfuZIx/fnImbuA89WjHdxhExcIBGLc97u3a3XXpzLx3Y9aXe+UVjnBT2eoqr66b OBYwvygYv0KmFFG79h1H7pxlP9s4tLuo/lRzxh+HWWNZFOuU+syLn6D1MhJl6tM2r4G5lfmB hPRooFXaeeTJcfoMF8NPw50PO2M2MYdliTW8flocl7x4zV6/ebfXEhfV/VWZPex8Feh3FsZ/ Noc IronPort-HdrOrdr: A9a23:M3O/iK12XQQWbJZW+n+3UQqjBIokLtp133Aq2lEZdPRUGvb3qy nIpoVj6faUskd2ZJhOo7C90cW7LU80sKQFhLX5Xo3SOzUO2lHYT72KhLGKq1aLdhEWtNQtsZ uIG5IOcOEYZmIasS+V2maF+q4bsbu6zJw= X-IronPort-AV: E=Sophos;i="5.88,211,1635220800"; d="scan'208";a="60174026" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH 1/6] x86/prot-key: Enumeration for Protection Key Supervisor Date: Thu, 16 Dec 2021 09:54:16 +0000 Message-ID: <20211216095421.12871-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20211216095421.12871-1-andrew.cooper3@citrix.com> References: <20211216095421.12871-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Protection Key Supervisor works in a very similar way to Protection Key User, except that instead of a PKRU register used by the {RD,WR}PKRU instructions, the supervisor protection settings live in MSR_PKRS and is accessed using normal {RD,WR}MSR instructions. PKS has the same problematic interactions with PV guests as PKU (more infact, given the guest kernel's CPL), so we'll only support this for HVM guests for now. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/include/asm/msr-index.h | 2 ++ xen/arch/x86/include/asm/x86-defns.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index e1acf6648db4..efd01fd5c5b5 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -211,6 +211,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx512-vpopcntdq",0x00000007,0,CPUID_REG_ECX, 14, 1}, {"rdpid", 0x00000007, 0, CPUID_REG_ECX, 22, 1}, {"cldemote", 0x00000007, 0, CPUID_REG_ECX, 25, 1}, + {"pks", 0x00000007, 0, CPUID_REG_ECX, 31, 1}, {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index fb36cac07baa..f5b67acacc48 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -133,7 +133,7 @@ static const char *const str_7c0[32] = /* 24 */ [25] = "cldemote", /* 26 */ [27] = "movdiri", [28] = "movdir64b", [29] = "enqcmd", - [30] = "sgx-lc", + [30] = "sgx-lc", [31] = "pks", }; static const char *const str_e7d[32] = diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index ab68ef2681a9..3a1b4438e939 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -122,6 +122,8 @@ #define MSR_PL3_SSP 0x000006a7 #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 +#define MSR_PKRS 0x000006e1 + #define MSR_X2APIC_FIRST 0x00000800 #define MSR_X2APIC_LAST 0x00000bff diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/asm/x86-defns.h index 28628807cb98..37bbb3594e88 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -74,6 +74,7 @@ #define X86_CR4_SMAP 0x00200000 /* enable SMAP */ #define X86_CR4_PKE 0x00400000 /* enable PKE */ #define X86_CR4_CET 0x00800000 /* Control-flow Enforcement Technology */ +#define X86_CR4_PKS 0x01000000 /* Protection Key Supervisor */ /* * XSTATE component flags in XCR0 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 647ee9e5e277..79a8f244d88a 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -244,6 +244,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE instruction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ +XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor */ /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */ From patchwork Thu Dec 16 09:54:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12680587 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0B74FC433FE for ; Thu, 16 Dec 2021 09:55:00 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.247800.427359 (Exim 4.92) (envelope-from ) id 1mxnTP-0006Q9-5D; Thu, 16 Dec 2021 09:54:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 247800.427359; Thu, 16 Dec 2021 09:54:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTO-0006ML-K6; Thu, 16 Dec 2021 09:54:50 +0000 Received: by outflank-mailman (input) for mailman id 247800; Thu, 16 Dec 2021 09:54:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTL-0004jJ-Pb for xen-devel@lists.xenproject.org; Thu, 16 Dec 2021 09:54:47 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 32a17c47-5e56-11ec-9e60-abaf8a552007; Thu, 16 Dec 2021 10:54:45 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 32a17c47-5e56-11ec-9e60-abaf8a552007 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1639648485; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=bFNQanPdXABbQVU+6GCRr2U4dROyJOhmm2L/RcJtAp0=; b=Muc/dkvAcrTooGORKPmYEeFtjm+pbrIVUZQ/0vFF4pAVylnAsMIephU0 lybFZH2XBjsD5omhX+vyggYWg+/+UJWUPc0zyxCQ9Pu/gU8MbLKabLaj3 QNtIHxiC3KZsQSAXmxLeMptxAnqPlYjhhceO2rQVMYkLmbTKy0wHDGazC E=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: Vc2006kljhkzR6RljOr7vQ0+5e5qjt133yt9idvu0E8fqdSEFWKeklfakbl6z+nhDOfxFgl4Xh ntyDbeuCnpOwttQULoLbtqFWs9QmF7ZBeLpzmfmSIyrt//BYz3RxJwZdCgym0S2BWipE8MdTrh f6rs6Ael0K1Yu5o/NwXX+bnxx0Pd1P40MQxQgLCzmH5C5TOZOlDNP1XAK3XRlH6/YCLI9UtvkD 9leoRgsWeOs70IdENbqqdNWjmh0pN1UaUw4fzjAeZ7uOmIvFpUCNwEq7TE6THhP39fhf0zBhSo HKv3J1Q0ETTC/M4fqKxvgnlD X-SBRS: 5.1 X-MesageID: 62240013 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:HANQWaOlgn0i+rrvrR1okMFynXyQoLVcMsEvi/4bfWQNrUp012QAy TEfUD+DOqqCZGemf49xPozl9UoPsZGEnNBrGgto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdpJYz/uUGuCJQUNUjMlkfZKhTr6UUsxNbVU8En5400s9w7RRbrNA2rBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2zhH5OKk3N6CpR0YUd6EPdgKMq 0Qv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOK/WNz8A/+v9TCRYSVatYozKD3NdJ4 osWj6KLcD1uG67Qp98laSANRkmSPYUekFPGCX22sMjVxEzaaXr8hf5pCSnaP6VBpLwxWzsXs 6VFdnZdNXhvhMrvqF6/YsBqit4uM4/AO4QHt2s75TrYEewnUdbIRKCiCdpwgm1q2pgWRK22i 8wxTBZkXhqDSB52Cw0pFZgzwsT4gnnebGgNwL6SjfVuuDWCpOBr65DyNPLFd9rMQt9a9m66j G/b+2XyAjkBKceSjzGC9xqEluLJ2C/2Ro8WPLm57eJxxk2ewHQJDx8bXkf9puO24nNSQPoGd RZSoHB36/Fvqgr7FbERQiFUvlaDtF0bY/AOSNcE0zi3jY/X/zmiPlI9G2sphMMdiOc6Qjkj1 1msltzvBCByvLD9dU9x5ot4vhvpZ3FLcDZqiTssCFJcvoK9+N1bYgfnF447SMaIYsvJ9SYcK txghAw3nP0tgMECzM1XFniX0mv39vAlouPYjzg7v15JDCslNOZJhKTysDA3CMqsyq7DFDFtW 1BexKCjABgmV83lqcB0aLxl8EuVz/iEKibAplVkAoMs8T+gk1b6I9sBvWAlexc0aJ5fEdMMX KM1kVkLjHO0FCH1BZKbnqrrU5h6pUQePYqNug/ogipmPcEqKV7vENBGbk+MxWH9+HXAYolkU ap3hf2EVC5AYYw+lWLeb75EjdcDm3BvrUuOFMuT50n2jtKjiIu9FO5t3K2mNbtisstpYWz9r r5iCid940kFDbClPHCIqdV7wJJjBSFTOK0aYvd/LoarSjeK0kl7YxMI6b9+KYFjgYpPkeLEo iO0VkNCkQKtjnzbMwSaLHtkbeq3D5p4qHs6Ow0qPEqphCd/Mdr+sv9HestlZ6Qj+cxi0eVwE 6sPdfKfD6kdUT/A4TkcM8Xw9dQwaBSxiAuSFCO5ezxjLYV4TgnE94a8LAvi/SUDFAStss46r +Hy3w/XW8NbFQ9jENzXeLSkyFbo5SoRn+d7Xk3pJNhPeRqzrNg2enKp1vJuepMCMxTOwDeex j26OxZAqLmfuZIx/fnImbuA89WjHdxhExcIBGLc97u3a3XXpzLx3Y9aXe+UVjnBT2eoqr66b OBYwvygYv0KmFFG79h1H7pxlP9s4tLuo/lRzxh+HWWNZFOuU+syLn6D1MhJl6tM2r4G5lfmB hPRooFXaeeTJcfoMF8NPw50PO2M2MYdliTW8flocl7x4zV6/ebfXEhfV/VWZPex8Feh3FsZ/ Noc IronPort-HdrOrdr: A9a23:ijdemKyemQREHMg1p0nYKrPwFr1zdoMgy1knxilNoRw8SK2lfq eV7YwmPH7P+U8ssR4b6LO90cW7Lk80sKQFhbX5Xo3SOjUO2lHYTr2KhLGKq1aLdkHDH6xmpM BdmsBFeabN5DNB7foSjjPXLz9Z+qjjzJyV X-IronPort-AV: E=Sophos;i="5.88,211,1635220800"; d="scan'208";a="62240013" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH 2/6] x86/prot-key: Split PKRU infrastructure out of asm/processor.h Date: Thu, 16 Dec 2021 09:54:17 +0000 Message-ID: <20211216095421.12871-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20211216095421.12871-1-andrew.cooper3@citrix.com> References: <20211216095421.12871-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 asm/processor.h is in desperate need of splitting up, and protection key functionality in only used in the emulator and pagewalk. Introduce a new asm/prot-key.h and move the relevant content over. Rename the PKRU_* constants to drop the user part and to use the architectural terminology. Drop the read_pkru_{ad,wd}() helpers entirely. The pkru infix is about to become wrong, and the sole user is shorter and easier to follow without the helpers. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/include/asm/processor.h | 38 ------------------------------ xen/arch/x86/include/asm/prot-key.h | 45 ++++++++++++++++++++++++++++++++++++ xen/arch/x86/mm/guest_walk.c | 9 +++++--- xen/arch/x86/x86_emulate.c | 2 ++ 4 files changed, 53 insertions(+), 41 deletions(-) create mode 100644 xen/arch/x86/include/asm/prot-key.h diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h index 400b4fac5ed4..eb1687d0795c 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -367,44 +367,6 @@ static always_inline void set_in_cr4 (unsigned long mask) write_cr4(read_cr4() | mask); } -static inline unsigned int rdpkru(void) -{ - unsigned int pkru; - - asm volatile (".byte 0x0f,0x01,0xee" - : "=a" (pkru) : "c" (0) : "dx"); - - return pkru; -} - -static inline void wrpkru(unsigned int pkru) -{ - asm volatile ( ".byte 0x0f, 0x01, 0xef" - :: "a" (pkru), "d" (0), "c" (0) ); -} - -/* Macros for PKRU domain */ -#define PKRU_READ (0) -#define PKRU_WRITE (1) -#define PKRU_ATTRS (2) - -/* - * PKRU defines 32 bits, there are 16 domains and 2 attribute bits per - * domain in pkru, pkeys is index to a defined domain, so the value of - * pte_pkeys * PKRU_ATTRS + R/W is offset of a defined domain attribute. - */ -static inline bool_t read_pkru_ad(uint32_t pkru, unsigned int pkey) -{ - ASSERT(pkey < 16); - return (pkru >> (pkey * PKRU_ATTRS + PKRU_READ)) & 1; -} - -static inline bool_t read_pkru_wd(uint32_t pkru, unsigned int pkey) -{ - ASSERT(pkey < 16); - return (pkru >> (pkey * PKRU_ATTRS + PKRU_WRITE)) & 1; -} - static always_inline void __monitor(const void *eax, unsigned long ecx, unsigned long edx) { diff --git a/xen/arch/x86/include/asm/prot-key.h b/xen/arch/x86/include/asm/prot-key.h new file mode 100644 index 000000000000..084b248d81a5 --- /dev/null +++ b/xen/arch/x86/include/asm/prot-key.h @@ -0,0 +1,45 @@ +/****************************************************************************** + * arch/x86/include/asm/spec_ctrl.h + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021 Citrix Systems Ltd. + */ +#ifndef ASM_PROT_KEY_H +#define ASM_PROT_KEY_H + +#include + +#define PKEY_AD 1 /* Access Disable */ +#define PKEY_WD 2 /* Write Disable */ + +#define PKEY_WIDTH 2 /* Two bits per protection key */ + +static inline uint32_t rdpkru(void) +{ + uint32_t pkru; + + asm volatile ( ".byte 0x0f,0x01,0xee" + : "=a" (pkru) : "c" (0) : "dx" ); + + return pkru; +} + +static inline void wrpkru(uint32_t pkru) +{ + asm volatile ( ".byte 0x0f, 0x01, 0xef" + :: "a" (pkru), "d" (0), "c" (0) ); +} + +#endif /* ASM_PROT_KEY_H */ diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index b9f607272c39..dc8fdde0212e 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -26,7 +26,9 @@ #include #include #include + #include +#include #include #include @@ -413,10 +415,11 @@ guest_walk_tables(const struct vcpu *v, struct p2m_domain *p2m, guest_pku_enabled(v) ) { unsigned int pkey = guest_l1e_get_pkey(gw->l1e); - unsigned int pkru = rdpkru(); + unsigned int pkr = rdpkru(); + unsigned int pk_ar = pkr >> (pkey * PKEY_WIDTH); - if ( read_pkru_ad(pkru, pkey) || - ((walk & PFEC_write_access) && read_pkru_wd(pkru, pkey) && + if ( (pk_ar & PKEY_AD) || + ((walk & PFEC_write_access) && (pk_ar & PKEY_WD) && ((walk & PFEC_user_mode) || guest_wp_enabled(v))) ) { gw->pfec |= PFEC_prot_key; diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b2d..551ad0f7b303 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -12,8 +12,10 @@ #include #include #include + #include #include /* current_cpu_info */ +#include #include #include /* cpu_has_amd_erratum() */ #include From patchwork Thu Dec 16 09:54:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12680583 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6419DC4332F for ; Thu, 16 Dec 2021 09:54:57 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.247797.427340 (Exim 4.92) (envelope-from ) id 1mxnTN-000631-Ah; Thu, 16 Dec 2021 09:54:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 247797.427340; Thu, 16 Dec 2021 09:54:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTN-00062k-5c; Thu, 16 Dec 2021 09:54:49 +0000 Received: by outflank-mailman (input) for mailman id 247797; Thu, 16 Dec 2021 09:54:45 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTJ-0004jJ-PA for xen-devel@lists.xenproject.org; Thu, 16 Dec 2021 09:54:45 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 31040c06-5e56-11ec-9e60-abaf8a552007; Thu, 16 Dec 2021 10:54:44 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 31040c06-5e56-11ec-9e60-abaf8a552007 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1639648483; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=v9bw6OTYe4GMK9r+ci/619JzYrUtHb0Orn0SUhf+1FU=; b=MridvwzDq9A4Syj+4pxI06L4DOjmlPSaDXdeUJWlwha2gVYYUcuOrTu2 8ZNraDKSKXAmUUu3hxWEGNgY4IZJAYWihmuYuG6dpfzHO9GrDystvnYwy wbi1OpRbYlXnhZMyf7m0Vnn65HTIZUbzdMAOd+z4T9nFACtrN5Sua6Y8u Q=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: C4+7FJeYr4zePLeQRlSaazB/lvsCFpm+foHbA2xrM+AIlHCh1mUUbEx0AN9MxdsD7bVMQEgSnt x6831LE3SJtYJmoxXmmoiYG2koTMGKtku+o88WXt/FGS9kiGZsdLeE1LKFnk9KgrVJaO0uRxy6 0IMLQpLDcKi2pj03rhr+0Fd44S/SFfLBIObo+cVdVR1635qX7576hW4kpWSOyO+nD+yyrMcCdz SZWk8z/qzex2eAu0EMbBFU5/uH+C8gof15WtAS+DujlEKHJSr1m7aLMXrjMX8o+Bh2zEpIvUVD EPaf+baT0JiMaBlxGnsWl9P0 X-SBRS: 5.1 X-MesageID: 62240014 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:MpXo06kaIxkJOppWx7QvUBLo5gxaIURdPkR7XQ2eYbSJt1+Wr1Gzt xIaDWuPPPfeajPxfo9yOt7n9h9Sv5OGzoBnTQNl+Co2ESMWpZLJC+rCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BClVlxJVF/fngqoDUUYYoAQgsA180IMsdoUg7wbdg2Nc22YLR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 NJH9puIY1lyBJP3od5adhpELBpGB5QTrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBODtMJkSpTdLyjbBAOx9aZvCX7/L9ZlT2zJYasVmQ6yEO 5JBMGYHgBLoR0JhZ30GAq8Hv8DxtHXUfDtolgiQqv9ii4TU5FMoi+W8WDbPQfSVQe1Fk0Deo XjJl0z6Dw8bMpqDyDOD2nOqmuLL2yj8Xeo6BLC+s/JnnlCX7mgSEwENE0u2p+GjjUyzUM4ZL FYbkgIMh6Uv8E2gTvHmQga15nWDu3Yht8F4SrNgrlvXk+yNvljfVjNsoiN9hMIOs8V1QgQAi ASzoejQP3tKs6Gqckqnz+LBxd+tAhQ9IWgHbC4CaAIK5dj/vY0+5i7yosZf/L2d1YOsR2ypq 9yehG1n3uhI05ZXv0mu1Qmf22rEm3TfcuIiCuw7tEqB5xgxWoOqbpfABbPzvacZd9bxorVsU RE5dymiAAImUcHleM+lGrxl8FSVCxCtame0bblHRcZJythV0yT/Fb28GRknTKuTDu4KeCXyf GjYsh5L6ZlYMROCNPEsMt/gUJt6kPK4TrwJs8w4iPIUOPCdkyfdo0lTibO4hTixwCDAb4lhU XtkTSpcJSlDUvk2pNZHb+wczaUq1kgDKZD7HvjGI+Cc+ePGPha9EO5dWHPXN7xRxP7U8W39r ocEX+PXmko3bQELSnSOmWLlBQtRdiZT6FGfg5E/S9Nv1SI6Qjx8UKGInut6E2Gn9owM/tr1E riGchcw4DLCabfvcm1ms1hvN+HiW4hRt3U+MXB+NFqkwSF7M42u8L0eZ908erx+rL5vyvt9T v8kfcScA6sQFmSbqmpFNZSt/pZ/cBmLhB6VO3b3ajYIYJM9FRfC/cXpf1Wz+XBWXDa3r8Y3v 5apyhjfHcgYXw1nAcuPMKCvwlq9sGIzguV3W0eUcNBfdF+1qNphKjDrj+9xKMYJcE2Ryjyf3 geQIBEZueiS/NNlrIiX3fiJ9t77HfF/E0xWG3jgwYy3bSSKrHC+xYJgUfqTeWyPXm3D56j/N /5eyOvxMaNbkQ8S4ZZ8Cbti0Yk3+8Dr++1B1g1hEXjGMwarB7dnLiXU1MVDrPQQlLpQuA/wU UOT4NhKf76OPZq9QlIWIQMkaMWF1O0VxWaOvahkfh2i6X8l5qeDXGVTIwKI2X5UI7ZCOY84x fss5ZwN4Aulhxt2atuLg0i4LYhXwqDsh0n/iqwnPQ== IronPort-HdrOrdr: A9a23:lTYAJq6hEAuCDw6D0gPXwPLXdLJyesId70hD6qhwISY1TiX+rb HXoB17726MtN9/YgBCpTntAsa9qDbnhPpICOoqTNGftWvdyQmVxehZhOOIqVCNJ8S9zJ876U 4JSdkENDSaNzhHZKjBjjVQa+xQpeW6zA== X-IronPort-AV: E=Sophos;i="5.88,211,1635220800"; d="scan'208";a="62240014" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , Kevin Tian Subject: [PATCH 3/6] x86/hvm: Context switch MSR_PKRS Date: Thu, 16 Dec 2021 09:54:18 +0000 Message-ID: <20211216095421.12871-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20211216095421.12871-1-andrew.cooper3@citrix.com> References: <20211216095421.12871-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Under PKS, MSR_PKRS is available and based on the CPUID policy alone, and usable independently of CR4.PKS. See the large comment in prot-key.h for details of the context switching arrangement. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu CC: Kevin Tian At a guess, we're likely to see PKS on AMD eventually, hence not putting the DEFINE_PER_CPU() in vmx.c, but I'm at a total loss to find anywhere better to put it than hvm.c. Suggestions welcome. --- xen/arch/x86/hvm/hvm.c | 3 +++ xen/arch/x86/hvm/vmx/vmx.c | 9 +++++++ xen/arch/x86/include/asm/msr.h | 8 +++++++ xen/arch/x86/include/asm/prot-key.h | 48 +++++++++++++++++++++++++++++++++++++ 4 files changed, 68 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 350dc396e37c..63eaa3c5a66b 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -69,6 +69,7 @@ #include #include #include +#include #include #include #include @@ -117,6 +118,8 @@ static const char __initconst warning_hvm_fep[] = static bool_t __initdata opt_altp2m_enabled = 0; boolean_param("altp2m", opt_altp2m_enabled); +DEFINE_PER_CPU(uint32_t, pkrs); + static int cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index a7a0d662342a..2e6af1e1c033 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -525,6 +526,7 @@ static void vmx_restore_host_msrs(void) static void vmx_save_guest_msrs(struct vcpu *v) { + const struct cpuid_policy *cp = v->domain->arch.cpuid; struct vcpu_msrs *msrs = v->arch.msrs; /* @@ -538,10 +540,14 @@ static void vmx_save_guest_msrs(struct vcpu *v) rdmsrl(MSR_RTIT_OUTPUT_MASK, msrs->rtit.output_mask); rdmsrl(MSR_RTIT_STATUS, msrs->rtit.status); } + + if ( cp->feat.pks ) + msrs->pkrs = rdpkrs_and_cache(); } static void vmx_restore_guest_msrs(struct vcpu *v) { + const struct cpuid_policy *cp = v->domain->arch.cpuid; const struct vcpu_msrs *msrs = v->arch.msrs; write_gs_shadow(v->arch.hvm.vmx.shadow_gs); @@ -558,6 +564,9 @@ static void vmx_restore_guest_msrs(struct vcpu *v) wrmsrl(MSR_RTIT_OUTPUT_MASK, msrs->rtit.output_mask); wrmsrl(MSR_RTIT_STATUS, msrs->rtit.status); } + + if ( cp->feat.pks ) + wrpkrs(msrs->pkrs); } void vmx_update_cpu_exec_control(struct vcpu *v) diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 1d3eca9063a2..2ee0b68100c9 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -338,6 +338,14 @@ struct vcpu_msrs }; } rtit; + /* + * 0x000006e1 - MSR_PKRS - Protection Key Supervisor. + * + * Exposed R/W to guests. Xen doesn't use PKS yet, so only context + * switched per vcpu. When in current context, live value is in hardware. + */ + uint32_t pkrs; + /* 0x00000da0 - MSR_IA32_XSS */ struct { uint64_t raw; diff --git a/xen/arch/x86/include/asm/prot-key.h b/xen/arch/x86/include/asm/prot-key.h index 084b248d81a5..4387c27b7ec5 100644 --- a/xen/arch/x86/include/asm/prot-key.h +++ b/xen/arch/x86/include/asm/prot-key.h @@ -19,8 +19,11 @@ #ifndef ASM_PROT_KEY_H #define ASM_PROT_KEY_H +#include #include +#include + #define PKEY_AD 1 /* Access Disable */ #define PKEY_WD 2 /* Write Disable */ @@ -42,4 +45,49 @@ static inline void wrpkru(uint32_t pkru) :: "a" (pkru), "d" (0), "c" (0) ); } +/* + * Xen does not use PKS. + * + * Guest kernel use is expected to be one default key, except for tiny windows + * with a double write to switch to a non-default key in a permitted critical + * section. + * + * As such, we want MSR_PKRS un-intercepted. Furthermore, as we only need it + * in Xen for emulation or migration purposes (i.e. possibly never in a + * domain's lifetime), we don't want to re-sync the hardware value on every + * vmexit. + * + * Therefore, we read and cache the guest value in ctxt_switch_from(), in the + * expectation that we can short-circuit the write in ctxt_switch_to(). + * During regular operations in current context, the guest value is in + * hardware and the per-cpu cache is stale. + */ +DECLARE_PER_CPU(uint32_t, pkrs); + +static inline uint32_t rdpkrs(void) +{ + uint32_t pkrs, tmp; + + rdmsr(MSR_PKRS, pkrs, tmp); + + return pkrs; +} + +static inline uint32_t rdpkrs_and_cache(void) +{ + return this_cpu(pkrs) = rdpkrs(); +} + +static inline void wrpkrs(uint32_t pkrs) +{ + uint32_t *this_pkrs = &this_cpu(pkrs); + + if ( *this_pkrs != pkrs ) + { + *this_pkrs = pkrs; + + wrmsr(MSR_PKRS, pkrs, 0); + } +} + #endif /* ASM_PROT_KEY_H */ From patchwork Thu Dec 16 09:54:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12680581 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DDA08C43217 for ; Thu, 16 Dec 2021 09:54:57 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.247798.427347 (Exim 4.92) (envelope-from ) id 1mxnTN-00067N-Sn; Thu, 16 Dec 2021 09:54:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 247798.427347; Thu, 16 Dec 2021 09:54:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTN-00065i-ID; Thu, 16 Dec 2021 09:54:49 +0000 Received: by outflank-mailman (input) for mailman id 247798; Thu, 16 Dec 2021 09:54:46 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTK-00058M-C9 for xen-devel@lists.xenproject.org; Thu, 16 Dec 2021 09:54:46 +0000 Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 328129be-5e56-11ec-85d3-df6b77346a89; Thu, 16 Dec 2021 10:54:45 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 328129be-5e56-11ec-85d3-df6b77346a89 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1639648485; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Y7yij6K+XUWatRCxO0dFSLXD8ZxBgFCf9pYhU1zZkmY=; b=X9i4S3rXzH4D8sxr9SIL0wKe05bz7JlgxJZvVLSQGgAvoP4w8tXLZEBG 1a8gGvgNDxgs9JgBnSHrotrkcJSGZB4BmXE4jr+LLohMNJOoWADcTlhoQ ibQl7vYUEsedsXu+K5iriWD4/+YMejVlqnr9rxYnMINkLYaBQWoIoVMrR Y=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: 4QpB0e8eTB9eFeUQMI67lhP8GTDW39DEZtsCOZrcQAvzVpALrBVM42xR1ia0MjPQPLDwNvGVSI FcTvbiAhIywEOmkLv1l9gzHQN6ZtWrUt0f/0SRKHI8DT5Bk1htJ8Ru7PY12qxpNd8AHUegrZlq s9BNXvQbnJgdAtf0O5e2DzoiwE8Xy95mVbkdXkCeYaOD6unz1i8G65pOCisHLUdy4b9FrZgVTC 8SW4QxDGjZ14KYEc4sjmap1Ly3k6K2FeV2YNRrInRqGJMjV656rJTBYiJmsuLpqQL1aBmAMs/5 vh2WxkWGEcEszJiTfoeuPuVA X-SBRS: 5.1 X-MesageID: 60174028 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:kc5xpqmAxX+Uz5JzJ+jYPbro5gxaIURdPkR7XQ2eYbSJt1+Wr1Gzt xJKDGuGPv7eZDbzKot0Oti1oxkBuZCDnNIwSgZsqixnFCMWpZLJC+rCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BClVlxJVF/fngqoDUUYYoAQgsA180IMsdoUg7wbdg2Nc22YLR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 JZwjN+XEyEnBYeSmcMEagZ9Dn1uFJQTrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBODtMJkSpTdLyjbBAOx9aZvCX7/L9ZlT2zJYasVmQ66HO JZBM2oHgBLoZERPA20lS4AEuKSkmimiUAQCqHSVjP9ii4TU5FMoi+W8WDbPQfSVQe1Fk0Deo XjJl0z6Dw8bMpqDyDOD2nOqmuLL2yj8Xeo6BLC+s/JnnlCX7mgSEwENE0u2p+GjjUyzUM4ZL FYbkgIMh6Uv8E2gTvHmQga15nWDu3Yht8F4SrNgrlvXk+yNvljfVjNsoiN9hMIO9/IPBhtw8 FGytY3oIiVWr5iIFWK0z+LBxd+tAhQ9IWgHbC4CaAIK5dj/vY0+5i7yosZf/L2d1YOsR2ypq 9yehG1n3uhI05ZXv0mu1Qmf22rEm3TfcuIiCuw7tEqB5xgxWoOqbpfABbPzvacZd9bxorVsU RE5dymiAAImUcHleM+lGrxl8FSVCxCtame0bblHRcZJythV0yT/Fb28GRknTKuTDu4KeCXyf GjYsh5L6ZlYMROCNPEsMt/gUJt6kPK4TrwJs8w4iPIUOPCdkyfdo0lTibO4hTixwCDAb4lhU XtkTSpcJSlDUvk2pNZHb+wczaUq1kgDKZD7HvjGI+Cc+ePGPha9EO5dWHPXN7xRxP7U8W39r ocEX+PXmko3bQELSnSOmWLlBQtRdiZT6FGfg5E/S9Nv1SI6Qjx8UKGInut6E2Gn9owM/tr1E riGchcw4DLCabfvc21ms1hvN+HiW4hRt3U+MXB+NFqkwSF7M42u8L0eZ908erx+rL5vyvt9T v8kfcScA6sQFmSbqmpFNZSt/pZ/cBmLhB6VO3b3ajYIYJM9FRfC/cXpf1Wz+XBWXDa3r8Y3v 5apyhjfHcgYXw1nAcuPMKCvwlq9sGIzguV3W0eUcNBfdF+1qNphKjDrj+9xKMYJcE2Ryjyf3 geQIBEZueiS/NNlrIiX3fiJ9t77HfF/E0xWG3jgwYy3bSSKrHC+xYJgUfqTeWyPXm3D56j/N /5eyOvxMaNbkQ8S4ZZ8Cbti0Yk3+8Dr++1B1g1hEXjGMwarB7dnLiXU1MVDrPQQlLpQuA/wU UOT4NhKf76OPZq9QlIWIQMkaMWF1O0VxWaOvahkfh2i6X8l5qeDXGVTIwKI2X5UI7ZCOY84x fss5ZwN4Aulhxt2atuLg0i4LYhXwqDsh0n/iqwnPQ== IronPort-HdrOrdr: A9a23:wo+oN6tZO3Ll6TngaX67xfiW7skDTtV00zEX/kB9WHVpmszxra 6TdZMgpGbJYVcqKRcdcL+7WJVoLUmxyXcx2/h1AV7AZniAhILLFvAA0WKK+VSJcEeSygce79 YFT0EXMqyJMbEQt6fHCWeDfOrIuOP3kpyVuQ== X-IronPort-AV: E=Sophos;i="5.88,211,1635220800"; d="scan'208";a="60174028" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , Kevin Tian Subject: [PATCH 4/6] x86/hvm: Enable guest access to MSR_PKRS Date: Thu, 16 Dec 2021 09:54:19 +0000 Message-ID: <20211216095421.12871-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20211216095421.12871-1-andrew.cooper3@citrix.com> References: <20211216095421.12871-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Have guest_{rd,wr}msr() access either the live register, or stashed state, depending on context. Include MSR_PKRS for migration, and let the guest have full access. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu CC: Kevin Tian --- xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/hvm/vmx/vmx.c | 5 +++++ xen/arch/x86/msr.c | 17 +++++++++++++++++ 3 files changed, 23 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 63eaa3c5a66b..e75245f36dce 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1372,6 +1372,7 @@ static int hvm_load_cpu_xsave_states(struct domain *d, hvm_domain_context_t *h) static const uint32_t msrs_to_send[] = { MSR_SPEC_CTRL, MSR_INTEL_MISC_FEATURES_ENABLES, + MSR_PKRS, MSR_IA32_BNDCFGS, MSR_IA32_XSS, MSR_AMD64_DR0_ADDRESS_MASK, diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 2e6af1e1c033..2288ea54f0b5 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -632,6 +632,11 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) vmx_clear_msr_intercept(v, MSR_FLUSH_CMD, VMX_MSR_RW); else vmx_set_msr_intercept(v, MSR_FLUSH_CMD, VMX_MSR_RW); + + if ( cp->feat.pks ) + vmx_clear_msr_intercept(v, MSR_PKRS, VMX_MSR_RW); + else + vmx_set_msr_intercept(v, MSR_PKRS, VMX_MSR_RW); } int vmx_guest_x86_mode(struct vcpu *v) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index b834456c7b02..d2569a81b7ba 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -315,6 +316,13 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) *val = 0; break; + case MSR_PKRS: + if ( !cp->feat.pks ) + goto gp_fault; + + *val = (v == curr) ? rdpkrs() : msrs->pkrs; + break; + case MSR_X2APIC_FIRST ... MSR_X2APIC_LAST: if ( !is_hvm_domain(d) || v != curr ) goto gp_fault; @@ -581,6 +589,15 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; goto gp_fault; + case MSR_PKRS: + if ( !cp->feat.pks || val != (uint32_t)val ) + goto gp_fault; + + msrs->pkrs = val; + if ( v == curr ) + wrmsr(MSR_PKRS, val, 0); + break; + case MSR_X2APIC_FIRST ... MSR_X2APIC_LAST: if ( !is_hvm_domain(d) || v != curr ) goto gp_fault; From patchwork Thu Dec 16 09:54:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12680585 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E422FC4321E for ; Thu, 16 Dec 2021 09:54:57 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.247799.427350 (Exim 4.92) (envelope-from ) id 1mxnTO-0006GT-9b; Thu, 16 Dec 2021 09:54:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 247799.427350; Thu, 16 Dec 2021 09:54:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTO-0006Cb-1i; Thu, 16 Dec 2021 09:54:50 +0000 Received: by outflank-mailman (input) for mailman id 247799; Thu, 16 Dec 2021 09:54:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTK-0004jJ-PG for xen-devel@lists.xenproject.org; Thu, 16 Dec 2021 09:54:46 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 324ce813-5e56-11ec-9e60-abaf8a552007; Thu, 16 Dec 2021 10:54:44 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 324ce813-5e56-11ec-9e60-abaf8a552007 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1639648484; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=xtRI3BLk7ZWqiz6X+MMatMX66rJ6BEiGCj6erUpx/jo=; b=Z9XJ/wjxf5YLR9MvDJ/GwAsKeFocdRWCCeueVBuigLNHsNL9zZQhT67j KctgfL/9WXsFHF8L9GE7+KUVw0wQOeqZb1QnYgOaO+A9JK2icJ5QMPOqe tPWl6qOKUcr8yU9UFdWFjsQDuiUJbQ2UGIm+vArwyqHewC7WJ7g/K29Ky 8=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: 488ouJ4q8rmljPTJrBrg+TTe2yYP5NDrzKwZf1W36Q3wNYaakrD6Oew+sxZQTeP2WQsLjR5Yz9 jEnQOaCzVj/ZS2Lp79cqscwyNwnQmdxIhhFvit4+PsO0DTPiiVuRr6vAAqyK3tx0K73AzDOeVx QXg6IY5Jk5PHIa2zDNaXqPpOxj4LtetyBZfATxXtJ5mmsagevylpsYam1sRltcYlDtGAGqAQMW D0GH9PsHmIQ1ceRbx2ei0wjhrAEUh2iVT9oYapNsyRNs9TxaALQNaVvZdUy7CmxV2Pv/xrcsjg s5WGHp4lbl3nT4M59HyV9m58 X-SBRS: 5.1 X-MesageID: 60560088 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:JZgV7anz8PgCRWCkYKjQBv/o5gxMIURdPkR7XQ2eYbSJt1+Wr1Gzt xIdXTvQb/jfM2GnLtggbtvg8R5SuJ+AyoIxQVBr+y5jFSMWpZLJC+rCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BClVlxJVF/fngqoDUUYYoAQgsA180IMsdoUg7wbdg2Nc22YLR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 NZzi5rzd1l2BaGPo8k8YgdILQUnZ5QTrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBODtMJkSpTdLyjbBAOx9aZvCX7/L9ZlT2zJYasVmQ66DO ZJBOWoHgBLoZxx1FBRPV7QCo9iFpUXcfRNR9EiMnP9ii4TU5FMoi+W8WDbPQfSVQe1Fk0Deo XjJl0zbKBwHMN2UyRKe72mhwOTImEvTSI8UUbG16PNuqFmS3XAITg0bU0Ohpvu0gVL4XMhQQ 3H44QJ38/J0rhbyCICgAVvo+xZooyLwRfJTLdM8qz/TlZHYoD20J1kaXgBlMYYf4ZpeqSMR6 neFmNbgBDpKubKTSG6A+rr8kQ5eKRT5PkdZO3ZaEFJtD83L5dhq00mRFooL/Lud14WtQVnNL ya2QD/Sbln5peoCzO2F8F/OmFpATbCZH1dutm07so9Ihz6VhbJJhaT0uTA3Dt4ade51q2VtW lBewaByC8hUUvmweNSlGrllIV1Qz6/t3MfgqVBuBYI90D+m5mSue4tdiBknehw4b5dfJm+0O heI0e+02HO1FCHwBUOQS9juY/nGMIC6TYi1PhwqRoQmjmdNmP+vo3g1OB/4M5HFm0kwi6AvU ap3gu73ZUv2/Z9PlWLsL89EiOdD7nlnmQv7GMCqpzz6gOH2TCPEFt843K6mM7lRAFWs+16Or b6y9qKiln1ibQEJSnWNrNNIcwlVdSNT6FKfg5U/S9Nv6zFOQAkJY8I9C5t7E2C8t6gKxOrO4 F+nXUpUlAj2iXHdcF3YYXF/crL/G514qCtjbyArOF+p3VklYJqus/hDJ8dmI+F/+bwx1+NwQ tkEZ96EXqZFRAPY9mlPdpL6toFjKkim3FrcIyq/bTEjVJd8XAiVqMT8dw7i+XBWXCq6vMczu ZO60QbfTcZRTghuFp+OOvmu00mwrT4Wn+crBxnEJdxaeUPN9ol2KnOu0q9rcp9UcRian2mUz QebBxsctNLhmY5t/Ymbn72AoqeoD/B6QhhQEV7E4OvkLiLd5Gein9NNCb7aYTDHWWro06y+f uEJnerkOfgKkVsW4YpxF7FnkfA369f1/uIIyw1lGDPAbkixC6MmKX6DhJEduqpIz75fmA23R kPQpYUKZeTXYJvoQAwLOQ4oTuWfzvVFyDDd4MM8LFj++CIqrqGMVl9fPkXUhSFQRFev3FjJH Qv1VBYq1jGC IronPort-HdrOrdr: A9a23:4C42k637vEXiIF7oVo7hDQqjBIIkLtp133Aq2lEZdPUMSL39qy ncpoV96faUskdrZJhOo6HjBEDtexzhHP1OkPMs1NWZLWzbUQKTRekIh+aP/9SKIUzDH5tmpM Rdmt9FaOEYY2IVsS+w2njfLz9p+qj/zEiC7d2ut0tQcQ== X-IronPort-AV: E=Sophos;i="5.88,211,1635220800"; d="scan'208";a="60560088" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH 5/6] x86/pagewalk: Support PKS Date: Thu, 16 Dec 2021 09:54:20 +0000 Message-ID: <20211216095421.12871-6-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20211216095421.12871-1-andrew.cooper3@citrix.com> References: <20211216095421.12871-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 PKS is incredibly similar to the existing PKU behaviour, operating on pagewalks for any supervisor mapping. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/include/asm/guest_pt.h | 5 +++++ xen/arch/x86/include/asm/hvm/hvm.h | 3 +++ xen/arch/x86/mm/guest_walk.c | 9 +++++---- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/include/asm/guest_pt.h b/xen/arch/x86/include/asm/guest_pt.h index 6647ccfb8520..6802db2a415a 100644 --- a/xen/arch/x86/include/asm/guest_pt.h +++ b/xen/arch/x86/include/asm/guest_pt.h @@ -282,6 +282,11 @@ static always_inline bool guest_pku_enabled(const struct vcpu *v) return !is_pv_vcpu(v) && hvm_pku_enabled(v); } +static always_inline bool guest_pks_enabled(const struct vcpu *v) +{ + return !is_pv_vcpu(v) && hvm_pks_enabled(v); +} + /* Helpers for identifying whether guest entries have reserved bits set. */ /* Bits reserved because of maxphysaddr, and (lack of) EFER.NX */ diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index bd2cbb0e7baf..ffef7ed075a7 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -394,6 +394,8 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); ((v)->arch.hvm.guest_efer & EFER_NXE) #define hvm_pku_enabled(v) \ (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKE)) +#define hvm_pks_enabled(v) \ + (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKS)) /* Can we use superpages in the HAP p2m table? */ #define hap_has_1gb (!!(hvm_funcs.hap_capabilities & HVM_HAP_SUPERPAGE_1GB)) @@ -868,6 +870,7 @@ static inline int hvm_vmtrace_get_option( #define hvm_smap_enabled(v) ((void)(v), false) #define hvm_nx_enabled(v) ((void)(v), false) #define hvm_pku_enabled(v) ((void)(v), false) +#define hvm_pks_enabled(v) ((void)(v), false) #define arch_vcpu_block(v) ((void)(v)) diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index dc8fdde0212e..8670d4990a11 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -406,16 +406,17 @@ guest_walk_tables(const struct vcpu *v, struct p2m_domain *p2m, #if GUEST_PAGING_LEVELS >= 4 /* 64-bit only... */ /* * If all access checks are thus far ok, check Protection Key for 64bit - * data accesses to user mappings. + * data accesses. * * N.B. In the case that the walk ended with a superpage, the fabricated * gw->l1e contains the appropriate leaf pkey. */ - if ( (ar & _PAGE_USER) && !(walk & PFEC_insn_fetch) && - guest_pku_enabled(v) ) + if ( !(walk & PFEC_insn_fetch) && + ((ar & _PAGE_USER) ? guest_pku_enabled(v) + : guest_pks_enabled(v)) ) { unsigned int pkey = guest_l1e_get_pkey(gw->l1e); - unsigned int pkr = rdpkru(); + unsigned int pkr = (ar & _PAGE_USER) ? rdpkru() : rdpkrs(); unsigned int pk_ar = pkr >> (pkey * PKEY_WIDTH); if ( (pk_ar & PKEY_AD) || From patchwork Thu Dec 16 09:54:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12680579 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 95EA3C433F5 for ; Thu, 16 Dec 2021 09:54:56 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.247795.427318 (Exim 4.92) (envelope-from ) id 1mxnTK-0005QG-Dz; Thu, 16 Dec 2021 09:54:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 247795.427318; Thu, 16 Dec 2021 09:54:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTK-0005Q2-98; Thu, 16 Dec 2021 09:54:46 +0000 Received: by outflank-mailman (input) for mailman id 247795; Thu, 16 Dec 2021 09:54:44 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mxnTI-0004jJ-Ow for xen-devel@lists.xenproject.org; Thu, 16 Dec 2021 09:54:44 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 30615369-5e56-11ec-9e60-abaf8a552007; Thu, 16 Dec 2021 10:54:42 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 30615369-5e56-11ec-9e60-abaf8a552007 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1639648482; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ae8VnZhKfVIJXZyU4tX0YidXELQ0uGAsP7dO6F/9lBo=; b=ijAJlpjXbJ6A7qyX8POIlR/cZ/8+QcaBB/EP2dc3AgeMImOpR4IbdF4v T3h3+r9ces6pBttqOXOC2TJOOBISF2OiM9CJovFpFf0BV/fnkcJRer6As 8rtfhSEPg1iMkQt395DS9H/TZ3JfiCJ6F5xFKUiRE6CMBKprGiMTYWcWc k=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: oPSgKXn5gvwA0PjAUBXdp0/z7/udOEeedCojYGqvBNersRBRCzF/GrQCIKlFmt6v5PSBeZpeJm oB2toC1NqD5jSrTr+EKvWiIXfUF/7wEKU/RKdmXIWsTV92VSVwH0sNWYnyDFMA4CuxBCZM3+xe ip0h7lMBp8RQnqWtVcxBh7Mrel9cqfGLh9cVnzFhetGcE0XmsVxosiQAm+t6+nIZY4hiPgdRtV 6rEyomDVby5JgxMU8o1w8ps2eUITmS/lMNtrIcpzHA7YHtqLH6tKs2aQ2tBtaRf12AdQD1ec9i m9Zz6DhT8955rELdOOWwwyCD X-SBRS: 5.1 X-MesageID: 60560087 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:OOyyaqgUSL58IBPJ6KUMh5hvX161rRcKZh0ujC45NGQN5FlHY01je htvWjjXa/7YZTPyfYglOtiyp04E7JHUnNM2SFY4rHswEC4b9cadCdqndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oAMKRCQ7InQLlbGILes1htZGEk0GE/NtTo5w7Rg29Qx34Dja++wk YiaT/P3aQfNNwFcagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDfjZw0/DaptVBoaHq 9Prl9lVyI97EyAFUbtJmp6jGqEDryW70QKm0hK6UID66vROS7BbPg/W+5PwZG8O4whlkeydx /13qrCZDhtwYZHHv+4FWQt/SA0lGfBvreqvzXiX6aR/zmXDenrohf5vEFs3LcsT/eMf7WNmr KJCbmpXN1ba2rzwkOnTpupE36zPKOHCOo8Ft24m5jbeFfs8GrjIQrnQ5M8e1zA17ixLNaiGO pRBMWowBPjGSzBlfWUYU6sepb6tnkDRYzRp60mfnINitgA/yyQuieOwYbI5YOeiWsF9jkue4 GXc8AzRIDsXKdiewjqt6W+3i6nEmiaTcJIfEvi0++BnhHWXx3cPE1sGWF2ju/67h0WiHdVFJ CQpFjEG9PZoshbxF5+kAkP+8CXsUgMgt8R4KfIWwUaRk/Xo6CGTHmIWaWVtM/h7nZpjLdA17 WOhk9TsDD1plbSaT3OB67uZxQ+P1TgpwXwqPnFdE1ZcizX3iMRq10+UEI4/eEKgpoStQWmY/ tyckMQpa1z/Z+Yv3r7zw13IiinESnPhHl9svVW/so5IA2pEiG+Zi26AtQizARVodt/xory9U J4swZL2AAcmV87lqcB1aL9RdIxFHt7cWNEmvXZhHoM66xOm8GO5cIZb7VlWfRkyY5tVImC5P RWL4mu9AaO/2lPwN8ebhKrrVKwXIVXIT4y5Bpg4kPIQCnSOSON31H43PhPBt4wcuEMtjbs+K f+mnTWEVh4n5VBc5GPuHY81iOZzrghnnD+7bc2rnnyPjOvFDFbIGOhtDbd7Rr1ghE9yiF6Oq Ig32grj40g3bdASlQGLq9NOdg5TciBgbX00wuQOHtO+zsNdMDlJI5fsLXkJIeSJRoxZybXF+ G+TQEhdxAatjHHLM1zSOHtidKnuTdB0qndiZX4gOlOh2n4CZ4ez7fhAK8trLOd/rOEzn+RpS /QletmbBqgdQDrw5DlAP4L2q5ZvdUr3iFvWbTalejU2Y7VpWxfNpo3/ZgLq+SRXVni3uMIyr qeOzATeRZZfFQ1uANyPMKCkzk+rvGhbk+V3BhOaLt5WcUTq0Y5rNy2u0aNnf5BScU3On2LI2 RyXDBEUofj2j7U0qNSZ17qZq4qJEvdlGhYIFWfs8rvrZzLR+XCuwNEcXb/QLyzdTm795I6re f5Rk6PnKPQCkVtH79h8HrJswf5s7tfjveYHnAFtHXGNZFW3ELJwZHKB2JAX5KFKw7ZYvyqwW 16OpYYGaenYZpu9HQ5DPhchY8SCyeoQy2vb4vkCKUnn4DN6oeicWkJIMhjQ0CFQIdOZ6m/+L TvNbCLO1zGCtw== IronPort-HdrOrdr: A9a23:N1IwCauPSf2HguweFz2Ts00i7skDRtV00zEX/kB9WHVpm5Sj5q STdYcgpHjJYVcqKQodcL+7Scu9qB/nmqKdgrNhR4tKPjOW3VdARbsKheCJrlHd8kbFl9K1oJ 0QEJSWf+eRMbEVt6jHCUKDYrAdKZG8gdmVbcy39QYUcT1X X-IronPort-AV: E=Sophos;i="5.88,211,1635220800"; d="scan'208";a="60560087" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH 6/6] x86/hvm: Support PKS Date: Thu, 16 Dec 2021 09:54:21 +0000 Message-ID: <20211216095421.12871-7-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20211216095421.12871-1-andrew.cooper3@citrix.com> References: <20211216095421.12871-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 With all infrastructure in place, advertise the PKS CPUID bit to guests, and let them set CR4.PKS. Experiment with a tweak to the layout of hvm_cr4_guest_valid_bits() so future additions will be just a single added line. The current context switching behaviour is tied to how VT-x works, so leave a safety check in the short term. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/cpuid.c | 9 +++++++++ xen/arch/x86/hvm/hvm.c | 4 +++- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 151944f65702..03653d3766f4 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -512,6 +512,15 @@ static void __init calculate_hvm_max_policy(void) __clear_bit(X86_FEATURE_XSAVES, hvm_featureset); } + /* + * Xen doesn't use PKS, so the guest support for it has opted to not use + * the VMCS load/save controls for efficiency reasons. This depends on + * the exact vmentry/exit behaviour, so don't expose PKS in other + * situations until someone has cross-checked the behaviour for safety. + */ + if ( !cpu_has_vmx ) + __clear_bit(X86_FEATURE_PKS, hvm_featureset); + guest_common_feature_adjustments(hvm_featureset); sanitise_featureset(hvm_featureset); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index e75245f36dce..2552e7f45499 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1010,7 +1010,9 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d) (p->feat.smep ? X86_CR4_SMEP : 0) | (p->feat.smap ? X86_CR4_SMAP : 0) | (p->feat.pku ? X86_CR4_PKE : 0) | - (cet ? X86_CR4_CET : 0)); + (cet ? X86_CR4_CET : 0) | + (p->feat.pks ? X86_CR4_PKS : 0) | + 0); } static int hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 79a8f244d88a..92ec9eed3fd1 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -244,7 +244,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE instruction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ -XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor */ +XEN_CPUFEATURE(PKS, 6*32+31) /*H Protection Key for Supervisor */ /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */