From: Binbin Wu <binbin.wu@linux.intel.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: seanjc@google.com, pbonzini@redhat.com, chao.gao@intel.com,
kai.huang@intel.com, David.Laight@ACULAB.COM,
robert.hu@linux.intel.com, guang.zeng@intel.com,
binbin.wu@linux.intel.com
Subject: [PATCH v11 16/16] KVM: x86: Advertise LASS CPUID to user space
Date: Wed, 13 Sep 2023 20:42:27 +0800 [thread overview]
Message-ID: <20230913124227.12574-17-binbin.wu@linux.intel.com> (raw)
In-Reply-To: <20230913124227.12574-1-binbin.wu@linux.intel.com>
From: Zeng Guang <guang.zeng@intel.com>
Linear address space separation (LASS) is an independent mechanism
to enforce the mode-based protection that can prevent user-mode
accesses to supervisor-mode addresses, and vice versa. Because the
LASS protections are applied before paging, malicious software can
not acquire any paging-based timing information to compromise the
security of system.
The CPUID bit definition to support LASS:
CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6]
Advertise LASS to user space to support LASS virtualization.
Note: KVM LASS feature exposure also depends on cpuid capability
held by host kernel. It will be masked to guest if host vsyscall
is in emulate mode which actually disables LASS.
Signed-off-by: Zeng Guang <guang.zeng@intel.com>
Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
Tested-by: Xuelian Guo <xuelian.guo@intel.com>
---
arch/x86/kvm/cpuid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index a0db266bab73..81a52218c20f 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -675,7 +675,7 @@ void kvm_set_cpu_caps(void)
kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD);
kvm_cpu_cap_mask(CPUID_7_1_EAX,
- F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) |
+ F(AVX_VNNI) | F(AVX512_BF16) | F(LASS) | F(CMPCCXADD) |
F(FZRM) | F(FSRS) | F(FSRC) |
F(AMX_FP16) | F(AVX_IFMA) | F(LAM)
);
--
2.25.1
next prev parent reply other threads:[~2023-09-13 15:41 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 12:42 [PATCH v11 00/16] LAM and LASS KVM Enabling Binbin Wu
2023-09-13 12:42 ` [PATCH v11 01/16] KVM: x86: Consolidate flags for __linearize() Binbin Wu
2023-09-13 12:42 ` [PATCH v11 02/16] KVM: x86: Use a new flag for branch targets Binbin Wu
2023-10-23 16:20 ` Sean Christopherson
2023-09-13 12:42 ` [PATCH v11 03/16] KVM: x86: Add an emulation flag for implicit system access Binbin Wu
2023-09-13 12:42 ` [PATCH v11 04/16] KVM: x86: Add X86EMUL_F_INVLPG and pass it in em_invlpg() Binbin Wu
2023-09-13 12:42 ` [PATCH v11 05/16] KVM: x86/mmu: Drop non-PA bits when getting GFN for guest's PGD Binbin Wu
2023-09-13 12:42 ` [PATCH v11 06/16] KVM: x86: Add & use kvm_vcpu_is_legal_cr3() to check CR3's legality Binbin Wu
2023-09-13 12:42 ` [PATCH v11 07/16] KVM: x86: Remove kvm_vcpu_is_illegal_gpa() Binbin Wu
2023-09-13 12:42 ` [PATCH v11 08/16] KVM: x86: Introduce get_untagged_addr() in kvm_x86_ops and call it in emulator Binbin Wu
2023-10-23 23:14 ` Sean Christopherson
2023-10-23 23:30 ` Sean Christopherson
2023-09-13 12:42 ` [PATCH v11 09/16] KVM: x86: Untag address for vmexit handlers when LAM applicable Binbin Wu
2023-09-13 12:42 ` [PATCH v11 10/16] KVM: x86: Virtualize LAM for supervisor pointer Binbin Wu
2023-09-13 12:42 ` [PATCH v11 11/16] KVM: x86: Virtualize LAM for user pointer Binbin Wu
2023-09-13 12:42 ` [PATCH v11 12/16] KVM: x86: Advertise and enable LAM (user and supervisor) Binbin Wu
2023-09-13 12:42 ` [PATCH v11 13/16] KVM: x86: Use KVM-governed feature framework to track "LAM enabled" Binbin Wu
2023-09-13 12:42 ` [PATCH v11 14/16] KVM: emulator: Add emulation of LASS violation checks on linear address Binbin Wu
2023-09-13 12:42 ` [PATCH v11 15/16] KVM: VMX: Virtualize LASS Binbin Wu
2023-09-13 12:42 ` Binbin Wu [this message]
2023-10-08 9:37 ` [PATCH v11 00/16] LAM and LASS KVM Enabling Binbin Wu
2023-10-10 23:48 ` Sean Christopherson
2023-10-21 0:26 ` Sean Christopherson
2023-10-21 0:34 ` Sean Christopherson
2023-10-22 12:35 ` Binbin Wu
2023-10-23 23:43 ` Sean Christopherson
2023-10-24 8:31 ` Binbin Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230913124227.12574-17-binbin.wu@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=David.Laight@ACULAB.COM \
--cc=chao.gao@intel.com \
--cc=guang.zeng@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=robert.hu@linux.intel.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox