From: George Dunlap <george.dunlap@citrix.com>
To: Huaitong Han <huaitong.han@intel.com>,
jbeulich@suse.com, andrew.cooper3@citrix.com,
jun.nakajima@intel.com, eddie.dong@intel.com,
kevin.tian@intel.com, george.dunlap@eu.citrix.com,
ian.jackson@eu.citrix.com, stefano.stabellini@eu.citrix.com,
ian.campbell@citrix.com, wei.liu2@citrix.com, keir@xen.org
Cc: xen-devel@lists.xen.org
Subject: Re: [V3 PATCH 1/9] x86/hvm: pkeys, add the flag to enable Memory Protection Keys
Date: Thu, 10 Dec 2015 15:37:49 +0000 [thread overview]
Message-ID: <56699C4D.6050105@citrix.com> (raw)
In-Reply-To: <1449479780-19146-2-git-send-email-huaitong.han@intel.com>
On 07/12/15 09:16, Huaitong Han wrote:
> This patch adds the flag to enable Memory Protection Keys.
>
> Signed-off-by: Huaitong Han <huaitong.han@intel.com>
> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> docs/misc/xen-command-line.markdown | 21 +++++++++++++++++++++
> xen/arch/x86/cpu/common.c | 10 +++++++++-
> xen/include/asm-x86/cpufeature.h | 6 +++++-
> 3 files changed, 35 insertions(+), 2 deletions(-)
>
> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
> index c103894..ef5ef6c 100644
> --- a/docs/misc/xen-command-line.markdown
> +++ b/docs/misc/xen-command-line.markdown
> @@ -1177,6 +1177,27 @@ This option can be specified more than once (up to 8 times at present).
> ### ple\_window
> > `= <integer>`
>
> +### pku
> +> `= <boolean>`
> +
> +> Default: `true`
> +
> +Flag to enable Memory Protection Keys.
> +
> +The protection-key feature provides an additional mechanism by which IA-32e
> +paging controls access to usermode addresses.
> +
> +When CR4.PKE = 1, every linear address is associated with the 4-bit protection
> +key located in bits 62:59 of the paging-structure entry that mapped the page
> +containing the linear address. The PKRU register determines, for each
> +protection key, whether user-mode addresses with that protection key may be
> +read or written.
> +
> +The PKRU register (protection key rights for user pages) is a 32-bit register
> +with the following format: for each i (0 ≤ i ≤ 15), PKRU[2i] is the
> +access-disable bit for protection key i (ADi); PKRU[2i+1] is the write-disable
> +bit for protection key i (WDi).
These last two paragraphs are awfully technically detailed for a
command-line reference. I think the first two paragraphs would be
sufficient.
-George
> +
> ### psr (Intel)
> > `= List of ( cmt:<boolean> | rmid_max:<integer> | cat:<boolean> | cos_max:<integer> | cdp:<boolean> )`
>
> diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
> index 310ec85..7d03e52 100644
> --- a/xen/arch/x86/cpu/common.c
> +++ b/xen/arch/x86/cpu/common.c
> @@ -22,6 +22,10 @@ boolean_param("xsave", use_xsave);
> bool_t opt_arat = 1;
> boolean_param("arat", opt_arat);
>
> +/* pku: Flag to enable Memory Protection Keys (default on). */
> +bool_t opt_pku = 1;
> +boolean_param("pku", opt_pku);
> +
> unsigned int opt_cpuid_mask_ecx = ~0u;
> integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx);
> unsigned int opt_cpuid_mask_edx = ~0u;
> @@ -270,7 +274,8 @@ static void __cpuinit generic_identify(struct cpuinfo_x86 *c)
> if ( c->cpuid_level >= 0x00000007 )
> cpuid_count(0x00000007, 0, &tmp,
> &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)],
> - &tmp, &tmp);
> + &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)],
> + &tmp);
> }
>
> /*
> @@ -323,6 +328,9 @@ void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
> if ( cpu_has_xsave )
> xstate_init(c);
>
> + if ( !opt_pku )
> + setup_clear_cpu_cap(X86_FEATURE_PKU);
> +
> /*
> * The vendor-specific functions might have changed features. Now
> * we do "generic changes."
> diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h
> index af127cf..ef96514 100644
> --- a/xen/include/asm-x86/cpufeature.h
> +++ b/xen/include/asm-x86/cpufeature.h
> @@ -11,7 +11,7 @@
>
> #include <xen/const.h>
>
> -#define NCAPINTS 8 /* N 32-bit words worth of info */
> +#define NCAPINTS 9 /* N 32-bit words worth of info */
>
> /* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */
> #define X86_FEATURE_FPU (0*32+ 0) /* Onboard FPU */
> @@ -163,6 +163,10 @@
> #define X86_FEATURE_ADX (7*32+19) /* ADCX, ADOX instructions */
> #define X86_FEATURE_SMAP (7*32+20) /* Supervisor Mode Access Prevention */
>
> +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 8 */
> +#define X86_FEATURE_PKU (8*32+ 3) /* Protection Keys for Userspace */
> +#define X86_FEATURE_OSPKE (8*32+ 4) /* OS Protection Keys Enable */
> +
> #define cpufeat_word(idx) ((idx) / 32)
> #define cpufeat_bit(idx) ((idx) % 32)
> #define cpufeat_mask(idx) (_AC(1, U) << cpufeat_bit(idx))
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2015-12-10 15:37 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-07 9:16 [V3 PATCH 0/9] x86/hvm: pkeys, add memory protection-key support Huaitong Han
2015-12-07 9:16 ` [V3 PATCH 1/9] x86/hvm: pkeys, add the flag to enable Memory Protection Keys Huaitong Han
2015-12-10 15:37 ` George Dunlap [this message]
2015-12-07 9:16 ` [V3 PATCH 2/9] x86/hvm: pkeys, add pkeys support when setting CR4 Huaitong Han
2015-12-07 9:16 ` [V3 PATCH 3/9] x86/hvm: pkeys, disable pkeys for guests in non-paging mode Huaitong Han
2015-12-07 9:16 ` [V3 PATCH 4/9] x86/hvm: pkeys, add functions to get pkeys value from PTE Huaitong Han
2015-12-10 15:48 ` George Dunlap
2015-12-10 18:47 ` Andrew Cooper
2015-12-07 9:16 ` [V3 PATCH 5/9] x86/hvm: pkeys, add functions to support PKRU access Huaitong Han
2015-12-10 18:48 ` Andrew Cooper
2015-12-07 9:16 ` [V3 PATCH 6/9] x86/hvm: pkeys, add xstate support for pkeys Huaitong Han
2015-12-10 17:39 ` George Dunlap
2015-12-10 18:57 ` Andrew Cooper
2015-12-11 9:36 ` Jan Beulich
2015-12-07 9:16 ` [V3 PATCH 7/9] x86/hvm: pkeys, add pkeys support for guest_walk_tables Huaitong Han
2015-12-10 18:19 ` George Dunlap
2015-12-11 9:16 ` Wu, Feng
2015-12-11 9:23 ` Jan Beulich
2015-12-16 15:36 ` George Dunlap
2015-12-16 16:28 ` Tim Deegan
2015-12-16 16:34 ` Andrew Cooper
2015-12-16 17:33 ` Tim Deegan
2015-12-16 16:50 ` George Dunlap
2015-12-16 17:21 ` Tim Deegan
2015-12-18 8:21 ` Han, Huaitong
2015-12-18 10:03 ` George Dunlap
2015-12-18 11:46 ` Tim Deegan
2015-12-11 9:23 ` Han, Huaitong
2015-12-11 9:50 ` Jan Beulich
2015-12-11 9:26 ` Jan Beulich
2015-12-15 8:14 ` Han, Huaitong
2015-12-15 9:02 ` Jan Beulich
2015-12-16 8:16 ` Han, Huaitong
2015-12-16 8:32 ` Jan Beulich
2015-12-16 9:03 ` Han, Huaitong
2015-12-16 9:12 ` Jan Beulich
2015-12-17 9:18 ` Han, Huaitong
2015-12-17 10:05 ` Jan Beulich
2015-12-10 18:59 ` Andrew Cooper
2015-12-11 7:18 ` Han, Huaitong
2015-12-11 8:48 ` Andrew Cooper
2015-12-07 9:16 ` [V3 PATCH 8/9] x86/hvm: pkeys, add pkeys support for gva2gfn funcitons Huaitong Han
2015-12-07 9:16 ` [V3 PATCH 9/9] x86/hvm: pkeys, add pkeys support for cpuid handling Huaitong Han
2015-12-11 9:47 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56699C4D.6050105@citrix.com \
--to=george.dunlap@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=eddie.dong@intel.com \
--cc=george.dunlap@eu.citrix.com \
--cc=huaitong.han@intel.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.