From patchwork Tue Jan 10 17:18:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095386 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 054E2C46467 for ; Tue, 10 Jan 2023 17:19:09 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474875.736283 (Exim 4.92) (envelope-from ) id 1pFIH2-0003VX-EV; Tue, 10 Jan 2023 17:18:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474875.736283; Tue, 10 Jan 2023 17:18:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH2-0003Ur-8v; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (input) for mailman id 474875; Tue, 10 Jan 2023 17:18:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH1-0003S0-01 for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:55 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dab2f6fd-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:53 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dab2f6fd-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371133; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eCREFamTt0EoYJNm1E/bfKdghUubXSF6+VcYofNVBO0=; b=Y4HzCWa3dNjZ8nxtp9pKn19MxQtoCOFlnOVfbf91miE0xYt0OBdnuYED 8fs3uZeiaJ58vRpQCII3FnCMDgHcAynLeXWJId7RivDyRbDRoRwkxKQyE WyVXlfaWKtu+T/HWI0hcdfpQJF8aZV6n4nAHCvHAu3ycgam7XSrgtQzQQ I=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908184 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:HlOFja6Ym/vZ55ltzfpHKgxRtCvHchMFZxGqfqrLsTDasY5as4F+v jFNX2rQPanbMDDzKdp0OYni8UlSu5XSyIBhGwtk/i40Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraBYnoqLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+4pwehBtC5gZlPakS5AeF/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m6 NwkEiJWUw+/gLyV+ZSaQKpXh/8uI5y+VG8fkikIITDxCP8nRdbIQrnQ5M8e1zA17ixMNa+AP YxDM2MpNUmeJU0UUrsUIMtWcOOAr3/zaTBH7nmSorI6+TP7xw1tyrn9dtHSf7RmQO0ExhfA9 juWowwVBDkhHs7B0iOU0kixubGMsTzjCaxNBuOno6sCbFq7mTVIVUx+uUGAiea9ol6zXZRYM UN80jojq+0++VKmSvH5XgakuziUsxgEQd1SHuYmrgaXxcL8wSyUG2wFRT5pc8E9uYk9QjlC6 7OSt4q3X3o16uTTEC/DsOfPxd+vBcQLBXIiWRUWFjYa3969g7gVrxiMdddYHaHg27UZBgrM6 zyNqSE/gZAagsgKy7i38Dj7vt68mnTaZlVrv1uKBwpJ+is8Pdf4PNLwtTA3+N4adO6kok+9U G/ociR0xMQHFtmzmSOEW43h95n5tq/eYFUwbbOCdqTNFghBGVb5Jui8Axkkfi+F1/ronhe3C HI/QSsLuPdu0IKCNMebmb6ZBcUw1rTHHt/4TP3SZdcmSsEvK1TdrHA2OhPNhjqFfK0QfUcXY 8/znSGEVChyNEia5GDuG7d1PUEDmkjSOl8/tbiklk/6gNJylVaeSKsfMUvmUwzKxPrsnekhy P4Gb5Hi40wGAIXDjtz/rdZ7waYicSJqWvgbaqV/Koa+H+aRMDp9V66AkO58JdcNcmY8vr6gw 0xRk3RwkDLX7UAr4y3WApy/QNsDhapCkE8= IronPort-HdrOrdr: A9a23:VNaTBao4kH69+E0mjWyyoxkaV5oleYIsimQD101hICG9E/b1qy nKpp8mPHDP5wr5NEtPpTnjAsm9qALnlKKdiLN5Vd3OYOCMghrKEGgN1/qG/xTQXwH46+5Bxe NBXsFFebnN5IFB/KTH3DU= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908184" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 1/8] x86/boot: Sanitise PKRU on boot Date: Tue, 10 Jan 2023 17:18:38 +0000 Message-ID: <20230110171845.20542-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 While the reset value of the register is 0, it might not be after kexec/etc. If PKEY0.{WD,AD} have leaked in from an earlier context, construction of a PV dom0 will explode. Sequencing wise, this must come after setting CR4.PKE, and before we touch any user mappings. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu For sequencing, it could also come after setting XCR0.PKRU too, but then we'd need to construct an empty XSAVE area to XRSTOR from, and that would be even more horrible to arrange. --- xen/arch/x86/cpu/common.c | 3 +++ xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/setup.c | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0412dbc915e5..fe92f29c2dc6 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -936,6 +936,9 @@ void cpu_init(void) write_debugreg(6, X86_DR6_DEFAULT); write_debugreg(7, X86_DR7_DEFAULT); + if (cpu_has_pku) + wrpkru(0); + /* * If the platform is performing a Secure Launch via SKINIT, GIF is * clear to prevent external interrupts interfering with Secure diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index a3ad9ebee4e9..044cfd9f882d 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -109,6 +109,7 @@ /* CPUID level 0x00000007:0.ecx */ #define cpu_has_avx512_vbmi boot_cpu_has(X86_FEATURE_AVX512_VBMI) +#define cpu_has_pku boot_cpu_has(X86_FEATURE_PKU) #define cpu_has_avx512_vbmi2 boot_cpu_has(X86_FEATURE_AVX512_VBMI2) #define cpu_has_gfni boot_cpu_has(X86_FEATURE_GFNI) #define cpu_has_vaes boot_cpu_has(X86_FEATURE_VAES) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 566422600d94..6deadcf74763 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1798,7 +1798,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( boot_cpu_has(X86_FEATURE_FSGSBASE) ) set_in_cr4(X86_CR4_FSGSBASE); - if ( boot_cpu_has(X86_FEATURE_PKU) ) + if ( cpu_has_pku ) set_in_cr4(X86_CR4_PKE); if ( opt_invpcid && cpu_has_invpcid ) From patchwork Tue Jan 10 17:18:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095391 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 04222C678D5 for ; Tue, 10 Jan 2023 17:19:11 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474878.736322 (Exim 4.92) (envelope-from ) id 1pFIH5-0004TH-D0; Tue, 10 Jan 2023 17:18:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474878.736322; Tue, 10 Jan 2023 17:18:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH5-0004T2-8v; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (input) for mailman id 474878; Tue, 10 Jan 2023 17:18:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH3-0003S0-Pt for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:57 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc1f739e-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:55 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc1f739e-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371135; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OplqtOF2TCVepI2xNnGz4FHobV4vVNUxy+l935bIbyE=; b=N6+J8k6yv34EOg1DTFfVyosztgSqztT/sVz7NenGSHSyAiebnS15G7Nt 18xjxRWzaXgQxzqBICXtTxTS/30NvvzrBbnbfFHbHETeQK/v0EgLRGclq YVYUl/biioriDNNaAyyP2OZQMO+JwmxcdNggiqGoza2oc4MStePNxPYUt A=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91449594 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:POXL86vAUteEsYTc3GrAQvmQR+fnVEVeMUV32f8akzHdYApBsoF/q tZmKTuEa/+PZDf9f4wjaoSw8R8D7JPTmNRiGlRrrn8zQStD+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj5lv0gnRkPaoQ5AaHzyFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwBBsARw+D3s2Nz+yWZ8hpjIc4CPLxI9ZK0p1g5Wmx4fcORJnCR+PB5MNC3Sd2jcdLdRrcT 5NHM3w1Nk2GOkARfAdMYH49tL7Aan3XWjtUsl+K44Ew5HDe1ldZ27nxKtvFPNeNQK25m27J/ z6arjmoXnn2MvTD6QSq+0i1v9X9gArDaNgrKZGU3Nx11Qj7Kms7V0RNCArTTeOColG6c8JSL QoT4CVGhYoY+VGvT9L9dwalu3PCtRkZM/JAHut/5AyTx6785weCGnNCXjNHcMYhtsI9WXotz FDhoj/yLWUx6vvPEyvbr+rK62PpUcQIEYMcTQMvQCIa44DMm45toz/uS9wgC4qOlMKgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gKu1mSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZo3o0NR/IgD2wyRJEfUQD1 XGzK57E4ZEyUPoP8dZLb71Fje9DKt4WmQs/uqwXPzz4iOHDNRZ5uJ8OMUeUb/BR0U93iFy9z jqrDOPTk083eLSnMkHqHXs7cQhiwY4TWcqn9KS6t4erfmJbJY3WI6SNneJwKtE4wf89eyWh1 ijVZ3K0AWHX3RXvQThmoFg4AF8zdf6TdU4GABE= IronPort-HdrOrdr: A9a23:YMCwkqysP/VV8RpyfE9PKrPw6L1zdoMgy1knxilNoHxuH/Bw9v re+cjzsCWftN9/Yh4dcLy7VpVoIkmsl6Kdg7NwAV7KZmCP1FdARLsI0WKI+UyCJ8SRzI9gPa cLSdkFNDXzZ2IK8PoTNmODYqodKNrsytHWuQ/HpU0dKT2D88tbnn9E4gDwKDwQeCB2QaAXOb C7/cR9qz+paR0sH7+G7ilsZZmkmzXT/qiWGCI7Ow== X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="91449594" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 2/8] x86/prot-key: Enumeration for Protection Key Supervisor Date: Tue, 10 Jan 2023 17:18:39 +0000 Message-ID: <20230110171845.20542-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Protection Key Supervisor works in a very similar way to Protection Key User, except that instead of a PKRU register used by the {RD,WR}PKRU instructions, the supervisor protection settings live in MSR_PKRS and is accessed using normal {RD,WR}MSR instructions. PKS has the same problematic interactions with PV guests as PKU (more infact, given the guest kernel's CPL), so we'll only support this for HVM guests for now. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/msr-index.h | 2 ++ xen/arch/x86/include/asm/x86-defns.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 6 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 2aa23225f42c..cbd4e511e8ab 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -211,6 +211,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx512-vpopcntdq",0x00000007,0,CPUID_REG_ECX, 14, 1}, {"rdpid", 0x00000007, 0, CPUID_REG_ECX, 22, 1}, {"cldemote", 0x00000007, 0, CPUID_REG_ECX, 25, 1}, + {"pks", 0x00000007, 0, CPUID_REG_ECX, 31, 1}, {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d5833e9ce879..ea7ff320e0e4 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -134,7 +134,7 @@ static const char *const str_7c0[32] = /* 24 */ [25] = "cldemote", /* 26 */ [27] = "movdiri", [28] = "movdir64b", [29] = "enqcmd", - [30] = "sgx-lc", + [30] = "sgx-lc", [31] = "pks", }; static const char *const str_e7d[32] = diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 044cfd9f882d..0a301013c3d9 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -121,6 +121,7 @@ #define cpu_has_movdiri boot_cpu_has(X86_FEATURE_MOVDIRI) #define cpu_has_movdir64b boot_cpu_has(X86_FEATURE_MOVDIR64B) #define cpu_has_enqcmd boot_cpu_has(X86_FEATURE_ENQCMD) +#define cpu_has_pks boot_cpu_has(X86_FEATURE_PKS) /* CPUID level 0x80000007.edx */ #define cpu_has_hw_pstate boot_cpu_has(X86_FEATURE_HW_PSTATE) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 0a8852f3c246..7615d8087f46 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -148,6 +148,8 @@ #define MSR_PL3_SSP 0x000006a7 #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 +#define MSR_PKRS 0x000006e1 + #define MSR_X2APIC_FIRST 0x00000800 #define MSR_X2APIC_LAST 0x000008ff diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/asm/x86-defns.h index 42b5f382d438..fe1caba6f819 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -74,6 +74,7 @@ #define X86_CR4_SMAP 0x00200000 /* enable SMAP */ #define X86_CR4_PKE 0x00400000 /* enable PKE */ #define X86_CR4_CET 0x00800000 /* Control-flow Enforcement Technology */ +#define X86_CR4_PKS 0x01000000 /* Protection Key Supervisor */ /* * XSTATE component flags in XCR0 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 7915f5826f57..ad7e89dd4c40 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -227,6 +227,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE instruction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ +XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor */ /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */ From patchwork Tue Jan 10 17:18:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095390 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2291DC61DB3 for ; Tue, 10 Jan 2023 17:19:09 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474879.736328 (Exim 4.92) (envelope-from ) id 1pFIH5-0004a2-Tm; Tue, 10 Jan 2023 17:18:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474879.736328; Tue, 10 Jan 2023 17:18:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH5-0004ZF-OP; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (input) for mailman id 474879; Tue, 10 Jan 2023 17:18:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH4-0003S0-QI for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:58 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dcb2fe24-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:56 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dcb2fe24-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371135; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4kWQkYSpiZBIu90gQLV1EYaENe8mysfk1fvV+p0jEtY=; b=Yy5cNSMLA2BR3bxYAt0zSwq51NKtyLIYeE98unOEo508TO38foAnpOGp tOIk6YKcKalQe75FEFbDOhDrp+Cb3/NyztHQN0AW2xSlTGIFBBpxSr4T6 0kpwFEHhYjiCtEpvh2H1l8XKsmfQ6miYMpHX6aGZ4KCcO2D4wxnGnVRy9 Q=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908186 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:9XpW9q/pwj6N3yVagW41DrUDk36TJUtcMsCJ2f8bNWPcYEJGY0x3n DRLCzuFbK2IZjH9eIoiO9nk8E5TsJLTyYM1GQI6+3g8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKucYHsZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIx1BjOkGlA5AdmPKkT5AS2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklx/ t0ZL2ASSCyIxKG0/o+cUbcvg+kKeZyD0IM34hmMzBncBPciB5vCX7/L9ZlT2zJYasJmRKiEI ZBDMHw2MUqGM0Yn1lQ/UfrSmM+BgHXlfiIeg1WSvactuEDYzRBr0airO93QEjCPbZQNzx7I/ zKYl4j/Kg4aKMSwwheMyVSPts3erR/yfoItPrLto5aGh3XMnzdOWXX6T2CTvv2RmkO4HdVFJ CQ86ico6KQ/6kGvZt38RAGj5m6JuAYGXNhdGPF87xuCooL2yQuEAmkPThZadccr8sQxQFQXO kShxo2zQ2Y16fvMFCzbpuz8QS6O1TY9EmQjZChUUi056Jqgor8OqQmRDdNOOfvg5jHqIg3Yz zePpSk4orwci88Xyqm2lWz6byKQSovhFVBsuFiONo6xxkYgPdP+OdT0gbTOxawYRLt1WGVtq 5TtdyK2yOkVRa+AmyWWKAnmNOH4vq3VWNEwbLMGInXAy9hP0yT4FWyzyGskTKuMDirjUWGBX aMrkVkNjKK/xVPzBUONX6q/Ct4x0Y/rHsn/W/bfY7JmO8YuL1XXrXkxOBPJhQgBdXTAd4llY f93lu71Ux4n5VlPlmLqF4/xL5d3rszB+Y8jbc+ilEn2uVZvTHWUVa0EIDOzghMRtcu5TPHu2 48HbaOikkwPONASlwGLqeb/23hWdylkbX03wuQLHtO+zv1OQz19Wq6AnO5/IOSIXc19z4/1w 510YWcAoHKXuJENAV7ihqxLAF83YatCkA== IronPort-HdrOrdr: A9a23:dyl0+a9aSWYSd8IC7FZuk+DWI+orL9Y04lQ7vn2ZKCY4TiX8ra uTdZsguiMc5Ax+ZJhDo7C90di7IE80nKQdieN9AV7IZniEhILHFvAG0aLShxHmBi3i5qp8+M 5bAsxD4QTLfDpHsfo= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908186" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 3/8] x86/prot-key: Split PKRU infrastructure out of asm/processor.h Date: Tue, 10 Jan 2023 17:18:40 +0000 Message-ID: <20230110171845.20542-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 asm/processor.h is in desperate need of splitting up, and protection key functionality in only used in the emulator and pagewalk. Introduce a new asm/prot-key.h and move the relevant content over. Rename the PKRU_* constants to drop the user part and to use the architectural terminology. Drop the read_pkru_{ad,wd}() helpers entirely. The pkru infix is about to become wrong, and the sole user is shorter and easier to follow without the helpers. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu v2: * Mask pk_ar --- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/include/asm/processor.h | 38 ------------------------------------ xen/arch/x86/include/asm/prot-key.h | 31 +++++++++++++++++++++++++++++ xen/arch/x86/mm/guest_walk.c | 9 ++++++--- xen/arch/x86/x86_emulate.c | 2 ++ 5 files changed, 40 insertions(+), 41 deletions(-) create mode 100644 xen/arch/x86/include/asm/prot-key.h diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index fe92f29c2dc6..2bcdd08b2fb5 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h index 60b902060914..b95d2483212a 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -374,44 +374,6 @@ static always_inline void set_in_cr4 (unsigned long mask) write_cr4(read_cr4() | mask); } -static inline unsigned int rdpkru(void) -{ - unsigned int pkru; - - asm volatile (".byte 0x0f,0x01,0xee" - : "=a" (pkru) : "c" (0) : "dx"); - - return pkru; -} - -static inline void wrpkru(unsigned int pkru) -{ - asm volatile ( ".byte 0x0f, 0x01, 0xef" - :: "a" (pkru), "d" (0), "c" (0) ); -} - -/* Macros for PKRU domain */ -#define PKRU_READ (0) -#define PKRU_WRITE (1) -#define PKRU_ATTRS (2) - -/* - * PKRU defines 32 bits, there are 16 domains and 2 attribute bits per - * domain in pkru, pkeys is index to a defined domain, so the value of - * pte_pkeys * PKRU_ATTRS + R/W is offset of a defined domain attribute. - */ -static inline bool_t read_pkru_ad(uint32_t pkru, unsigned int pkey) -{ - ASSERT(pkey < 16); - return (pkru >> (pkey * PKRU_ATTRS + PKRU_READ)) & 1; -} - -static inline bool_t read_pkru_wd(uint32_t pkru, unsigned int pkey) -{ - ASSERT(pkey < 16); - return (pkru >> (pkey * PKRU_ATTRS + PKRU_WRITE)) & 1; -} - static always_inline void __monitor(const void *eax, unsigned long ecx, unsigned long edx) { diff --git a/xen/arch/x86/include/asm/prot-key.h b/xen/arch/x86/include/asm/prot-key.h new file mode 100644 index 000000000000..63a2e22f3fa0 --- /dev/null +++ b/xen/arch/x86/include/asm/prot-key.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef ASM_PROT_KEY_H +#define ASM_PROT_KEY_H + +#include + +#define PKEY_AD 1 /* Access Disable */ +#define PKEY_WD 2 /* Write Disable */ + +#define PKEY_WIDTH 2 /* Two bits per protection key */ + +static inline uint32_t rdpkru(void) +{ + uint32_t pkru; + + asm volatile ( ".byte 0x0f,0x01,0xee" + : "=a" (pkru) : "c" (0) : "dx" ); + + return pkru; +} + +static inline void wrpkru(uint32_t pkru) +{ + asm volatile ( ".byte 0x0f,0x01,0xef" + :: "a" (pkru), "d" (0), "c" (0) ); +} + +#endif /* ASM_PROT_KEY_H */ diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index 70dacc477f9a..161a61b8f5ca 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -26,7 +26,9 @@ #include #include #include + #include +#include #include #include @@ -413,10 +415,11 @@ guest_walk_tables(const struct vcpu *v, struct p2m_domain *p2m, guest_pku_enabled(v) ) { unsigned int pkey = guest_l1e_get_pkey(gw->l1e); - unsigned int pkru = rdpkru(); + unsigned int pkr = rdpkru(); + unsigned int pk_ar = (pkr >> (pkey * PKEY_WIDTH)) & (PKEY_AD | PKEY_WD); - if ( read_pkru_ad(pkru, pkey) || - ((walk & PFEC_write_access) && read_pkru_wd(pkru, pkey) && + if ( (pk_ar & PKEY_AD) || + ((walk & PFEC_write_access) && (pk_ar & PKEY_WD) && ((walk & PFEC_user_mode) || guest_wp_enabled(v))) ) { gw->pfec |= PFEC_prot_key; diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 720740f29b84..8c7d18521807 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -12,8 +12,10 @@ #include #include #include + #include #include /* current_cpu_info */ +#include #include #include /* cpu_has_amd_erratum() */ #include From patchwork Tue Jan 10 17:18:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095388 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 66E87C54EBE for ; Tue, 10 Jan 2023 17:19:09 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474874.736278 (Exim 4.92) (envelope-from ) id 1pFIH2-0003SN-5B; Tue, 10 Jan 2023 17:18:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474874.736278; Tue, 10 Jan 2023 17:18:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH2-0003SG-2G; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (input) for mailman id 474874; Tue, 10 Jan 2023 17:18:54 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH0-0003Rz-Lx for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:54 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d99b1fde-910a-11ed-b8d0-410ff93cb8f0; Tue, 10 Jan 2023 18:18:52 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d99b1fde-910a-11ed-b8d0-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371131; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nlcu1l1czYrvkQ6yAjB0ab/hxX/LNf+c8nxTwGFVhRM=; b=arkGuz02Y/TSqhJka3P0D7BPkhsPmZs/BAcU4ELfx/tMfyrNSAYwtAH+ mXEiN9eQtMeNPCPEYSHLQIlBuVbnSthuw50vp8dc3IKpPcK+mncDFmETz x1y4EObzV/TGWZcgj5NTNIqtSxLkl+ka6NYRMftbZt9Tce9sGQhh+OUD/ I=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 92390969 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:MnqQCa2gwGaBC4Zd3vbD5cBxkn2cJEfYwER7XKvMYLTBsI5bp2QGy WEfCDiCMq2JZzP1L9siPo6z/ENU78fcndRmSVNlpC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK5ULSfUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS9nuDgNyo4GlD5gVnPagQ1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfDX112 tcoER00TxmDgfu9y5eUT8pHr5F2RCXrFNt3VnBIyDjYCbAtQIzZQrWM7thdtNsyrpkQR7CEP ZNfMGcxKkSbC/FMEg5/5JYWteGknHTgNRZfr0qYv/Ef6GnP1g1hlrPqNbI5f/TbH54ExhfG9 woq+UzFJAxEHtu5xQGdsW+pg8LQuRK4eKM7QejQGvlC3wTImz175ActfUS/iem0jAi5Qd03A 24+9zcqrKMy3Fe2VdS7VBq9yFaUsxhZV9dOHukS7ACW1rGS8wufHnIDTDNKdJohrsBeeNAx/ gbXxZWzX2Up6eDLDyLGnluJkd+sESQJFkApVRYpdCoM49/6q4oWoRfsZf82RcZZkebJMT33x jmLqg03iLMSkdMH2s2HwLzXv96/jsOXF1Bov207Skrgt1okP9D9O+RE/HCBtZ59wJClok5tV ZTus+yX96gwAJ6Ej0Rhq81dTejyt55p3NAx6GOD/qXNFRz3oBZPnqgKulmSwXuF1e5aEQIFm GeJ5WtsCGZ7ZRNGl5NfbYOrENgNxqP9D9njXf28RoMQPcMrJF7fo3wzPBT4M4XRfK4Ey/lX1 XCzKJjEMJrnIf4/kGreqxk1jdfHORzSNUuMHMumnnxLIJKVZWKPSKdtDbd9RrlR0U9wmy2Mq 4w3H5LTm31ivBjWPnG/HXg7cQpbchDWxPne96RqSwJ0ClE6RDBwWqKMn+hJlk4Mt/09q9okN 0qVAidwoGcTT1WeQelWQhiPsI/SYKs= IronPort-HdrOrdr: A9a23:Xj6syKk04uxO5DNMXQHtoTXZa7XpDfIi3DAbv31ZSRFFG/Fw9v rDoB1/73TJYVkqN03I9ervBEDjexPhHO9OgLX5VI3KNGOKhILCFvAA0WKN+UyEJwTOssJbyK d8Y+xfJbTLfDxHZB/BkWuFL+o= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="92390969" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 4/8] x86: Initial support for WRMSRNS Date: Tue, 10 Jan 2023 17:18:41 +0000 Message-ID: <20230110171845.20542-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 WRMSR Non-Serialising is an optimisation intended for cases where an MSR needs updating, but architectural serialising properties are not needed. In is anticipated that this will apply to most if not all MSRs modified on context switch paths. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu v2: * New --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 1 + xen/arch/x86/include/asm/msr.h | 12 ++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 1 + 4 files changed, 15 insertions(+) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index cbd4e511e8ab..8da78773a886 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -235,6 +235,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"fzrm", 0x00000007, 1, CPUID_REG_EAX, 10, 1}, {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, + {"wrmsrns", 0x00000007, 1, CPUID_REG_EAX, 19, 1}, {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, {"mcdt-no", 0x00000007, 2, CPUID_REG_EDX, 5, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index ea7ff320e0e4..f482c4e28f30 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -189,6 +189,7 @@ static const char *const str_7a1[32] = [10] = "fzrm", [11] = "fsrs", [12] = "fsrcs", + /* 18 */ [19] = "wrmsrns", }; static const char *const str_e21a[32] = diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index dd1eee04a637..191e54068856 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -38,6 +38,18 @@ static inline void wrmsrl(unsigned int msr, __u64 val) wrmsr(msr, lo, hi); } +/* Non-serialising WRMSR, when available. Falls back to a serialising WRMSR. */ +static inline void wrmsr_ns(uint32_t msr, uint32_t lo, uint32_t hi) +{ + /* + * WRMSR is 2 bytes. WRMSRNS is 3 bytes. Pad WRMSR with a redundant CS + * prefix to avoid a trailing NOP. + */ + alternative_input(".byte 0x2e; wrmsr", + ".byte 0x0f,0x01,0xc6", X86_FEATURE_WRMSRNS, + "c" (msr), "a" (lo), "d" (hi)); +} + /* rdmsr with exception handling */ #define rdmsr_safe(msr,val) ({\ int rc_; \ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index ad7e89dd4c40..5444bc5d8374 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -281,6 +281,7 @@ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ XEN_CPUFEATURE(FZRM, 10*32+10) /*A Fast Zero-length REP MOVSB */ XEN_CPUFEATURE(FSRS, 10*32+11) /*A Fast Short REP STOSB */ XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */ +XEN_CPUFEATURE(WRMSRNS, 10*32+19) /* WRMSR Non-Serialising */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ From patchwork Tue Jan 10 17:18:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095392 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7D683C678D6 for ; Tue, 10 Jan 2023 17:19:12 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474880.736344 (Exim 4.92) (envelope-from ) id 1pFIH8-00054l-8N; Tue, 10 Jan 2023 17:19:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474880.736344; Tue, 10 Jan 2023 17:19:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH8-00054T-1o; Tue, 10 Jan 2023 17:19:02 +0000 Received: by outflank-mailman (input) for mailman id 474880; Tue, 10 Jan 2023 17:19:00 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH5-0003S0-QM for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:59 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc27791f-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:56 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc27791f-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371136; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nq9rxCSKOSFBwm6aWpKwYZFwQDRPg+/dlW9R5ZTrDnU=; b=f3zU8CdTxfe1VDbWjgv1M/n1ISXt4fe0NTFDgM9gE5MStm3U/n75NAwu uYYujmpeJKHSQpshSWyrRt1PFYzxKFj0CRZdUlsoOzJf6dIdqm8OWsFlP ydJwQF+39MnP+dkfs3U7e+cqLulfWC5VDhEYVDmJ9QZMTzzcqMc3hUDBc A=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908188 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:58OJS6qHUup8gnBYIg57y4Gp9bdeBmIxZRIvgKrLsJaIsI4StFCzt garIBmHOK2LNjDxc4wkYNm2oB8Dv8CGzYIxTAc5/HsxES4Qp5uZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpAFc+E0/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06W1wUmAWP6gR5weHziFNV/rzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXADoqVkCypc3s+72Ed7FGqdocF9S0EapK7xmMzRmBZRonaZXKQqGM7t5ExjYgwMtJGJ4yZ eJAN2ApNk6ZJUQSZBFHU/rSn8/x7pX7WxRepEiYuuwc5G/LwRYq+LPsLMDUapqBQsA9ckOw9 zqXpzSgUkFy2Nq3kDmB0H+jmLD2hirZBN09C562yuJRjwjGroAUIEJPDgbqyRWjsWahX/pPJ kpS/TAhxYAx+VKqSJ/hXhS+iH+CohMYHdFXFoUS+AyLj6bZ/QudLmwFVSJaLswrstcsQj4n3 UPPmMnmbRRNmrCITXOW9p+PsCi/fyMSKAc/iTQsFFVfpYO5+cdq00yJHo0L/LOJYsPdExbIk wGog3IFiIou1eQkyZqA4A/qqmf5znTWdTId6gLSV2Ojywp2Yo+5eoClgWTmAeZ8wJWxFQfY4 iVd8ySKxKVXVMzWynTRKAkYNOvxj8tpJgEwlrKG83MJ0z22s0CucolLiN2VDBc4a51UEdMFj aK6hO+w2HOxFCHxBUOUS9jrYyjP8UQHPYqNaxwsRoASCqWdjSfelM2UWWae3nr2jG8nmrwlN JGQfK6EVChFUv43nWLpGrpEi9fHIxzSI0uJHfgXKDz+j9KjiIO9E+9ZYDNikMhlhE97nOkl2 4kGbJbbo/mueOb/fjPW4eYuwaMidBAG6WTNg5UPLIare1M2cFzN/teNmdvNjaQ5xfUK/goJl 1nhMnJlJK3X3iGbeFTbNy09M9sCn/9X9BoGAMDlBn7ws1BLXGplxPl3m0cfFVX/yNFe8A== IronPort-HdrOrdr: A9a23:ZLPzHar/LmCAuSlV/CUVsGkaV5rveYIsimQD101hICG9Evb0qy nOpoV/6faQslwssR4b9uxoVJPvfZq+z+8W3WByB9eftWDd0QPFEGgL1+DfKlbbak7DH4BmtJ uJc8JFeafN5VoRt7eG3OFveexQvOVu88qT9JjjJ28Gd3APV0n5hT0JcjpyFCdNNW57LKt8Lr WwzOxdqQGtfHwGB/7LfUXsD4D41rv2fIuNW29+OyIa X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908188" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , Kevin Tian Subject: [PATCH v2 5/8] x86/hvm: Context switch MSR_PKRS Date: Tue, 10 Jan 2023 17:18:42 +0000 Message-ID: <20230110171845.20542-6-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Under PKS, MSR_PKRS is available and based on the CPUID policy alone, and usable independently of CR4.PKS. See the large comment in prot-key.h for details of the context switching arrangement. Use WRMSRNS right away, as we don't care about serialsing properties for context switching this MSR. Sanitise MSR_PKRS on boot. In anticipation of wanting to use PKS for Xen in the future, arrange for the sanitisation to occur prior to potentially setting CR4.PKS; if PKEY0.{AD,WD} leak in from a previous context, we will triple fault immediately on setting CR4.PKS. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu CC: Kevin Tian v2: * Use WRMSRNS * Sanitise MSR_PKS on boot. --- xen/arch/x86/cpu/common.c | 2 ++ xen/arch/x86/hvm/vmx/vmx.c | 9 +++++++ xen/arch/x86/include/asm/msr.h | 9 +++++++ xen/arch/x86/include/asm/prot-key.h | 54 +++++++++++++++++++++++++++++++++++++ xen/arch/x86/setup.c | 4 +++ xen/arch/x86/smpboot.c | 4 +++ 6 files changed, 82 insertions(+) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 2bcdd08b2fb5..f44c907e8a43 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -58,6 +58,8 @@ static unsigned int forced_caps[NCAPINTS]; DEFINE_PER_CPU(bool, full_gdt_loaded); +DEFINE_PER_CPU(uint32_t, pkrs); + void __init setup_clear_cpu_cap(unsigned int cap) { const uint32_t *dfs; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 43a4865d1c76..b1f493f009fd 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -536,6 +537,7 @@ static void vmx_restore_host_msrs(void) static void vmx_save_guest_msrs(struct vcpu *v) { + const struct cpuid_policy *cp = v->domain->arch.cpuid; struct vcpu_msrs *msrs = v->arch.msrs; /* @@ -549,10 +551,14 @@ static void vmx_save_guest_msrs(struct vcpu *v) rdmsrl(MSR_RTIT_OUTPUT_MASK, msrs->rtit.output_mask); rdmsrl(MSR_RTIT_STATUS, msrs->rtit.status); } + + if ( cp->feat.pks ) + msrs->pkrs = rdpkrs_and_cache(); } static void vmx_restore_guest_msrs(struct vcpu *v) { + const struct cpuid_policy *cp = v->domain->arch.cpuid; const struct vcpu_msrs *msrs = v->arch.msrs; write_gs_shadow(v->arch.hvm.vmx.shadow_gs); @@ -569,6 +575,9 @@ static void vmx_restore_guest_msrs(struct vcpu *v) wrmsrl(MSR_RTIT_OUTPUT_MASK, msrs->rtit.output_mask); wrmsrl(MSR_RTIT_STATUS, msrs->rtit.status); } + + if ( cp->feat.pks ) + wrpkrs(msrs->pkrs); } void vmx_update_cpu_exec_control(struct vcpu *v) diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 191e54068856..7946b6b24c11 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -373,6 +373,15 @@ struct vcpu_msrs }; } rtit; + /* + * 0x000006e1 - MSR_PKRS - Protection Key Supervisor. + * + * Exposed R/W to guests. Xen doesn't use PKS yet, so only context + * switched per vcpu. When in current context, live value is in hardware, + * and this value is stale. + */ + uint32_t pkrs; + /* 0x00000da0 - MSR_IA32_XSS */ struct { uint64_t raw; diff --git a/xen/arch/x86/include/asm/prot-key.h b/xen/arch/x86/include/asm/prot-key.h index 63a2e22f3fa0..0dcd31b7ea68 100644 --- a/xen/arch/x86/include/asm/prot-key.h +++ b/xen/arch/x86/include/asm/prot-key.h @@ -5,8 +5,11 @@ #ifndef ASM_PROT_KEY_H #define ASM_PROT_KEY_H +#include #include +#include + #define PKEY_AD 1 /* Access Disable */ #define PKEY_WD 2 /* Write Disable */ @@ -28,4 +31,55 @@ static inline void wrpkru(uint32_t pkru) :: "a" (pkru), "d" (0), "c" (0) ); } +/* + * Xen does not use PKS. + * + * Guest kernel use is expected to be one default key, except for tiny windows + * with a double write to switch to a non-default key in a permitted critical + * section. + * + * As such, we want MSR_PKRS un-intercepted. Furthermore, as we only need it + * in Xen for emulation or migration purposes (i.e. possibly never in a + * domain's lifetime), we don't want to re-sync the hardware value on every + * vmexit. + * + * Therefore, we read and cache the guest value in ctxt_switch_from(), in the + * expectation that we can short-circuit the write in ctxt_switch_to(). + * During regular operations in current context, the guest value is in + * hardware and the per-cpu cache is stale. + */ +DECLARE_PER_CPU(uint32_t, pkrs); + +static inline uint32_t rdpkrs(void) +{ + uint32_t pkrs, tmp; + + rdmsr(MSR_PKRS, pkrs, tmp); + + return pkrs; +} + +static inline uint32_t rdpkrs_and_cache(void) +{ + return this_cpu(pkrs) = rdpkrs(); +} + +static inline void wrpkrs(uint32_t pkrs) +{ + uint32_t *this_pkrs = &this_cpu(pkrs); + + if ( *this_pkrs != pkrs ) + { + *this_pkrs = pkrs; + + wrmsr_ns(MSR_PKRS, pkrs, 0); + } +} + +static inline void wrpkrs_and_cache(uint32_t pkrs) +{ + this_cpu(pkrs) = pkrs; + wrmsr_ns(MSR_PKRS, pkrs, 0); +} + #endif /* ASM_PROT_KEY_H */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 6deadcf74763..567a0a42ac50 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -54,6 +54,7 @@ #include #include #include +#include #include /* opt_nosmp: If true, secondary processors are ignored. */ @@ -1804,6 +1805,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( opt_invpcid && cpu_has_invpcid ) use_invpcid = true; + if ( cpu_has_pks ) + wrpkrs_and_cache(0); /* Must be before setting CR4.PKS */ + init_speculation_mitigations(); init_idle_domain(); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 52beed9d8d6d..b26758c2c89f 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -364,6 +365,9 @@ void start_secondary(void *unused) /* Full exception support from here on in. */ + if ( cpu_has_pks ) + wrpkrs_and_cache(0); /* Must be before setting CR4.PKS */ + /* Safe to enable feature such as CR4.MCE with the IDT set up now. */ write_cr4(mmu_cr4_features); From patchwork Tue Jan 10 17:18:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095385 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D1B90C54EBC for ; Tue, 10 Jan 2023 17:19:08 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474876.736290 (Exim 4.92) (envelope-from ) id 1pFIH2-0003cI-Ny; Tue, 10 Jan 2023 17:18:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474876.736290; Tue, 10 Jan 2023 17:18:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH2-0003Zm-I0; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (input) for mailman id 474876; Tue, 10 Jan 2023 17:18:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH1-0003S0-PK for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:55 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id da896568-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:53 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: da896568-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371133; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QpOw3C6VwM8FcX6hHOXRu7/mibwXlAuu3I7T3tZcU2Y=; b=OgrY0uZ3A7NGVTz6QwsutsL1L79JMqEB2hMV9187F5tbW+a/OlZmv5t5 NLWm93VR+G3t7qjJsM9cL2EvgEtahExvhYQNHh+i684lJd0oZS7agFOg0 Z5XBmBlqnpF43xvsQlNNcA9cvzx1ZwhM0GJknMX3Z/iCIWngK4NAs+MdM I=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91449590 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:Li9XpKpB6kbN4mSMqhYPLdNVOKZeBmIxZRIvgKrLsJaIsI4StFCzt garIBnTaavYajekfdp3b4u+908H7JHdzNUwSws4/y0xFH8T9puZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpAFc+E0/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06W1wUmAWP6gR5weHziFNV/rzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXAB9TV1egpr+4++rlWuQ2i8lyHOW3M7pK7xmMzRmBZRonaZXKQqGM7t5ExjYgwMtJGJ4yZ eJAN2ApNk6ZJUQSZBFHU/rSn8/x7pX7WxRepEiYuuwc5G/LwRYq+LPsLMDUapqBQsA9ckOw9 zuaozWkU0ly2Nq3wDi7wFCsjNHzrxj3UpgYMLL7r65YuQjGroAUIEJPDgbqyRWjsWahX/pPJ kpS/TAhxYAx+VKqSJ/hXhS+iH+CohMYHdFXFoUS+AyLj6bZ/QudLmwFVSJaLswrstcsQj4n3 UPPmMnmbRRNmrCITXOW9p+PsCi/fyMSKAc/iTQsFFVfpYO5+cdq00yJHo0L/LOJYsPdNm/Jh BOr8SYF3+sDgJQG2vSL0QzIumf5znTWdTId6gLSV2Ojywp2Yo+5eoClgWTmAeZ8wJWxFQfY4 iVd8ySKxKVXVMzWynTRKAkYNOvxj8tpJgEwlrKG83MJ0z22s0CucolLiN2VDBc4a51UEdMFj aK6hO+w2HOxFCHxBUOUS9jrYyjP8UQHPYqNaxwsRoASCqWdjSfelM2UWWae3nr2jG8nmrwlN JGQfK6EVChFUv43nWLpGrpEi9fHIxzSI0uJHfgXKDz+j9KjiIO9E+9ZYDNikMhlhE97nOkl2 4kGbJbbo/mueOb/fjPW4eYuwaMidBAG6WTNg5UPLIare1M2cFzN/teNmdvNjaQ5xfUK/goJl 1nhMnJlJK3X3iGbeFTbNy09M9sCn/9X9BoGAMDlBn7ws1BLXGplxP13m0cfFVX/yNFe8A== IronPort-HdrOrdr: A9a23:oTZoiq3aFgb5AX9qgrmu5gqjBHYkLtp133Aq2lEZdPU0SKGlfq GV7ZEmPHrP4gr5N0tOpTntAse9qBDnhPxICOsqXYtKNTOO0AeVxelZhrcKqAeQeBEWmNQ96U 9hGZIOcuEZDzJB/LvHCN/TKadd/DGFmprY+ts31x1WPGVXgzkL1XYANu6ceHcGIzVuNN4CO7 e3wNFInDakcWR/VLXBOpFUN9KzweEijfjdEGc7OyI= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="91449590" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , Kevin Tian Subject: [PATCH v2 6/8] x86/hvm: Enable guest access to MSR_PKRS Date: Tue, 10 Jan 2023 17:18:43 +0000 Message-ID: <20230110171845.20542-7-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Have guest_{rd,wr}msr(), via hvm_{get,set}_reg(), access either the live register, or stashed state, depending on context. Include MSR_PKRS for migration, and let the guest have full access. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu CC: Kevin Tian v2: * Rebase over the get/set_reg() infrastructure. --- xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/msr.c | 10 ++++++++++ 3 files changed, 28 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 927a221660e8..c6c1eea18003 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1333,6 +1333,7 @@ static int cf_check hvm_load_cpu_xsave_states( static const uint32_t msrs_to_send[] = { MSR_SPEC_CTRL, MSR_INTEL_MISC_FEATURES_ENABLES, + MSR_PKRS, MSR_IA32_BNDCFGS, MSR_IA32_XSS, MSR_VIRT_SPEC_CTRL, diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index b1f493f009fd..57827779c305 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -657,6 +657,11 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) else vmx_set_msr_intercept(v, MSR_FLUSH_CMD, VMX_MSR_RW); + if ( cp->feat.pks ) + vmx_clear_msr_intercept(v, MSR_PKRS, VMX_MSR_RW); + else + vmx_set_msr_intercept(v, MSR_PKRS, VMX_MSR_RW); + out: vmx_vmcs_exit(v); @@ -2455,6 +2460,7 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) { const struct vcpu *curr = current; struct domain *d = v->domain; + const struct vcpu_msrs *msrs = v->arch.msrs; uint64_t val = 0; int rc; @@ -2471,6 +2477,9 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) } return val; + case MSR_PKRS: + return (v == curr) ? rdpkrs() : msrs->pkrs; + case MSR_SHADOW_GS_BASE: if ( v != curr ) return v->arch.hvm.vmx.shadow_gs; @@ -2499,6 +2508,8 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + const struct vcpu *curr = current; + struct vcpu_msrs *msrs = v->arch.msrs; struct domain *d = v->domain; int rc; @@ -2514,6 +2525,12 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) domain_crash(d); } return; + + case MSR_PKRS: + msrs->pkrs = val; + if ( v == curr ) + wrpkrs(val); + return; } /* Logic which maybe requires remote VMCS acquisition. */ diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 317b154d244d..7ddf0078c3a2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -325,6 +325,11 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) *val = 0; break; + case MSR_PKRS: + if ( !cp->feat.pks ) + goto gp_fault; + goto get_reg; + case MSR_X2APIC_FIRST ... MSR_X2APIC_LAST: if ( !is_hvm_domain(d) || v != curr ) goto gp_fault; @@ -616,6 +621,11 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; goto gp_fault; + case MSR_PKRS: + if ( !cp->feat.pks || val != (uint32_t)val ) + goto gp_fault; + goto set_reg; + case MSR_X2APIC_FIRST ... MSR_X2APIC_LAST: if ( !is_hvm_domain(d) || v != curr ) goto gp_fault; From patchwork Tue Jan 10 17:18:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095389 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5F72FC54EBC for ; Tue, 10 Jan 2023 17:19:12 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474881.736350 (Exim 4.92) (envelope-from ) id 1pFIH8-000580-SC; Tue, 10 Jan 2023 17:19:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474881.736350; Tue, 10 Jan 2023 17:19:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH8-00057K-EC; Tue, 10 Jan 2023 17:19:02 +0000 Received: by outflank-mailman (input) for mailman id 474881; Tue, 10 Jan 2023 17:19:00 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH6-0003S0-Qe for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:19:00 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dd6eb98c-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:57 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dd6eb98c-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371137; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JEFM5DgSMIlHdoI6Ogj3/3vP8p3vve1BuSmFbdoNBC0=; b=CkJfXtGAuvEjg0fSpmAQpDOtb+a/xGUkfpEjtXNssU8v2WwoUpN+LrCE BNOR5fBNcTNCMEstQpPOj5d3C70hhJSospZ6FMmPZN1MGoOCOjdcAwMs0 VZh3zUeU+0rARogkOGXgh5OrojteeuIrFnL764w/j/A4VGfx9gRiSjdmy k=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908190 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:DbCNyqvq0Vx5DDVZ2p/52hYuvufnVEVeMUV32f8akzHdYApBsoF/q tZmKTuAP66DZWHwLt5yYYq+p0gAvZXSy4VnQQQ4+Ho2Ri4T+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj5lv0gnRkPaoQ5AaHzyFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwIhc1PiGhqLiNz42GEsNDmPsYMZbGFdZK0p1g5Wmx4fcORJnCR+PB5MNC3Sd2jcdLdRrcT 5NHM3w1Nk2GOkARfAdMYH49tL7Aan3XWjtUsl+K44Ew5HDe1ldZ27nxKtvFPNeNQK25m27J/ jOerz2oWnn2MvSE1ziV0WuHhdbzoiH3V78oL7aa5NBD1Qj7Kms7V0RNCArTTeOColG6c8JSL QoT4CVGhbg/8gmnQ8fwWzW8oWWYpVgMVtxICeo45QqRjK3O7G6xJEIJUzpAY9wOr9ItSHoh0 Vrhoj/yLWUx6vvPEyvbr+rK62PpUcQIEYMcTSUjdVs0wfa5m44Ms0rlYchcK7Pqo/SgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gKu1mSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZo3o0NR/IgD2wyRJEfUQD1 XGzK57E4ZEyUPoP8dZLb71Fje9DKt4WmQs/uqwXPzz4iOHDNRZ5uJ8OMUeUb/BR0U93iFy9z jqrDOPTk083eLSnMkHqHXs7cQhiwY4TWcqn9KS6t4erfmJbJY3WI6SNneJwKtE4wf89eyWh1 ijVZ3K0AWHX3RXvQThmoFg9AF8zdf6TdU4GABE= IronPort-HdrOrdr: A9a23:oRLJXKi0dBOuc7/fiMW0v9kprnBQXh4ji2hC6mlwRA09TyX5ra 2TdZUgpHrJYVMqMk3I9uruBEDtex3hHP1OkOss1NWZPDUO0VHARO1fBOPZqAEIcBeOldK1u5 0AT0B/YueAd2STj6zBkXSF+wBL+qj6zEiq792usEuEVWtRGsVdB58SMHfiLqVxLjM2YqYRJd 6nyedsgSGvQngTZtTTPAh/YwCSz+e78q4PeHQ9dmca1DU= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908190" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 7/8] x86/pagewalk: Support PKS Date: Tue, 10 Jan 2023 17:18:44 +0000 Message-ID: <20230110171845.20542-8-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 PKS is very similar to the existing PKU behaviour, operating on pagewalks for any supervisor mapping. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/include/asm/guest_pt.h | 5 +++++ xen/arch/x86/include/asm/hvm/hvm.h | 3 +++ xen/arch/x86/mm/guest_walk.c | 9 +++++---- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/include/asm/guest_pt.h b/xen/arch/x86/include/asm/guest_pt.h index 6647ccfb8520..6802db2a415a 100644 --- a/xen/arch/x86/include/asm/guest_pt.h +++ b/xen/arch/x86/include/asm/guest_pt.h @@ -282,6 +282,11 @@ static always_inline bool guest_pku_enabled(const struct vcpu *v) return !is_pv_vcpu(v) && hvm_pku_enabled(v); } +static always_inline bool guest_pks_enabled(const struct vcpu *v) +{ + return !is_pv_vcpu(v) && hvm_pks_enabled(v); +} + /* Helpers for identifying whether guest entries have reserved bits set. */ /* Bits reserved because of maxphysaddr, and (lack of) EFER.NX */ diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 93254651f2f5..65768c797ea7 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -407,6 +407,8 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); ((v)->arch.hvm.guest_efer & EFER_NXE) #define hvm_pku_enabled(v) \ (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKE)) +#define hvm_pks_enabled(v) \ + (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKS)) /* Can we use superpages in the HAP p2m table? */ #define hap_has_1gb (!!(hvm_funcs.hap_capabilities & HVM_HAP_SUPERPAGE_1GB)) @@ -911,6 +913,7 @@ static inline void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) #define hvm_smap_enabled(v) ((void)(v), false) #define hvm_nx_enabled(v) ((void)(v), false) #define hvm_pku_enabled(v) ((void)(v), false) +#define hvm_pks_enabled(v) ((void)(v), false) #define arch_vcpu_block(v) ((void)(v)) diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index 161a61b8f5ca..76b4e0425887 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -406,16 +406,17 @@ guest_walk_tables(const struct vcpu *v, struct p2m_domain *p2m, #if GUEST_PAGING_LEVELS >= 4 /* 64-bit only... */ /* * If all access checks are thus far ok, check Protection Key for 64bit - * data accesses to user mappings. + * data accesses. * * N.B. In the case that the walk ended with a superpage, the fabricated * gw->l1e contains the appropriate leaf pkey. */ - if ( (ar & _PAGE_USER) && !(walk & PFEC_insn_fetch) && - guest_pku_enabled(v) ) + if ( !(walk & PFEC_insn_fetch) && + ((ar & _PAGE_USER) ? guest_pku_enabled(v) + : guest_pks_enabled(v)) ) { unsigned int pkey = guest_l1e_get_pkey(gw->l1e); - unsigned int pkr = rdpkru(); + unsigned int pkr = (ar & _PAGE_USER) ? rdpkru() : rdpkrs(); unsigned int pk_ar = (pkr >> (pkey * PKEY_WIDTH)) & (PKEY_AD | PKEY_WD); if ( (pk_ar & PKEY_AD) || From patchwork Tue Jan 10 17:18:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13095393 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B68DAC678D7 for ; Tue, 10 Jan 2023 17:19:12 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.474882.736363 (Exim 4.92) (envelope-from ) id 1pFIHA-0005XK-6d; Tue, 10 Jan 2023 17:19:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 474882.736363; Tue, 10 Jan 2023 17:19:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH9-0005VV-UW; Tue, 10 Jan 2023 17:19:03 +0000 Received: by outflank-mailman (input) for mailman id 474882; Tue, 10 Jan 2023 17:19:01 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH7-0003S0-Qg for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:19:01 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc65418a-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:57 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc65418a-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371137; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=C9gSfgX+9i+r0YwgaULSxlIhX07TJ2xDDOE7SZdYeBY=; b=NcvoAQWciyRAbIkLgnVc9iNEg66rZ8SSLjF+pZfL9Jrh7hkPNp6lxqUY bYP+y1xr8nUp/gEAkT41lPMFLhjhROGEj1HDBlIs6O1msHSW/mE//WDif MLY3PPmyM3n7ftk0GMRlrPawHgfYBEMU2+Wc/Ao0xPPGmMUFbfiFRf1n9 o=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91967753 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:YwnKM6zuo4bG75SfPt16t+ckxirEfRIJ4+MujC+fZmUNrF6WrkUPz mRKUWzXPK2MajSnet0lYY7k8ktS6MDUxoNjG1ZvqCAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTbaeYUidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+U0HUMja4mtC5QRnPKgT5zcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KW1y8 985EjkAUhfdhPm38ZGfYM9Fpct2eaEHPKtH0p1h5TTQDPJgSpHfWaTao9Rf2V/chOgXQ6yYP ZBAL2MyMlKQOHWjOX9OYH46tM6uimPybHtzr1WNqLBsy2PS0BZwwP7mN9+9ltmiFJwEwBnH+ zmuE2LRWw9HLfnHxCK8o1mR3/bFsgy8A49CG+jtnhJtqALKnTFCYPEMbnOkpdGph0j4XMhQQ 2QE9yxroaUs+UiDStjmQwb+sHOCpgQbWddbD6s98g7l4oj+7hudB2MEZiVcc9Fgv8gzLQHGz XfQwYmvX2Y29uTIFzTNrd94sA9eJwAZEWkhRBUNQDcCvdr4obAQqjjpZ/VsRfvdYsLOJRn8x DWDrS4bjroVjNIW26jTwW0rkw5AtbCSEFdru1y/snaNq1ogOdX7P9DABU3zt64oEWqPcrWWU JHoceC65ftGM5yCnTflrA4lTODwvKbt3NExbDdS83gdG9aFoSXLkWN4umsWyKJV3iEsJ1fUj Lf741852XOqFCLCgVVLS4ywEd826qPrCM7oUPvZBvIXPMcqLl/WpH4zOBfKt4wIrKTKuftnU Xt8WZ/yZUv29Iw9lGbmLwvj+eNDKt8CKZP7GsmgkkXPPUu2b3+JU7YVWGZinchghJ5oVD79q o4FX+PTkkU3bQELSnWPmWLlBQxQfCdT6FGfg5A/S9Nv1SI9RD1wWq6MnO16E2Gn9owM/tr1E riGchcw4DLCabfvcG1mtlgLhGvTYKtC IronPort-HdrOrdr: A9a23:H2/ClqFyTJLFRUOopLqELMeALOsnbusQ8zAXPiBKJCC9E/bo8v xG+c5w6faaslkssR0b9+xoW5PwI080l6QU3WB5B97LMDUO0FHCEGgI1/qA/9SPIUzDHu4279 YbT0B9YueAcGSTW6zBkXWF+9VL+qj5zEix792uq0uE1WtRGtldBwESMHf9LmRGADNoKLAeD5 Sm6s9Ot1ObCA8qhpTSPAhiYwDbzee77a7bXQ== X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="91967753" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 8/8] x86/hvm: Support PKS for HAP guests Date: Tue, 10 Jan 2023 17:18:45 +0000 Message-ID: <20230110171845.20542-9-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 With all infrastructure in place, advertise the PKS CPUID bit to HAP guests, and let them set CR4.PKS. Experiment with a tweak to the layout of hvm_cr4_guest_valid_bits() so future additions will be just a single added line. The current context switching behaviour is tied to how VT-x works, so leave a safety check in the short term. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/cpuid.c | 9 +++++++++ xen/arch/x86/hvm/hvm.c | 4 +++- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index acc2f606cea8..b22725c492e7 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -579,6 +579,15 @@ static void __init calculate_hvm_max_policy(void) __clear_bit(X86_FEATURE_XSAVES, hvm_featureset); } + /* + * Xen doesn't use PKS, so the guest support for it has opted to not use + * the VMCS load/save controls for efficiency reasons. This depends on + * the exact vmentry/exit behaviour, so don't expose PKS in other + * situations until someone has cross-checked the behaviour for safety. + */ + if ( !cpu_has_vmx ) + __clear_bit(X86_FEATURE_PKS, hvm_featureset); + guest_common_feature_adjustments(hvm_featureset); sanitise_featureset(hvm_featureset); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index c6c1eea18003..606f0e864981 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -969,7 +969,9 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d) (p->feat.smep ? X86_CR4_SMEP : 0) | (p->feat.smap ? X86_CR4_SMAP : 0) | (p->feat.pku ? X86_CR4_PKE : 0) | - (cet ? X86_CR4_CET : 0)); + (cet ? X86_CR4_CET : 0) | + (p->feat.pks ? X86_CR4_PKS : 0) | + 0); } static int cf_check hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 5444bc5d8374..3b85bcca1537 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -227,7 +227,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE instruction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ -XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor */ +XEN_CPUFEATURE(PKS, 6*32+31) /*H Protection Key for Supervisor */ /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */