From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 29/29] target-i386: implement PKE for TCG
Date: Tue, 22 Mar 2016 15:17:09 +0100 [thread overview]
Message-ID: <1458656229-32043-30-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1458656229-32043-1-git-send-email-pbonzini@redhat.com>
Tested with kvm-unit-tests.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target-i386/cpu.c | 13 ++++++++++---
target-i386/cpu.h | 6 +++++-
target-i386/fpu_helper.c | 27 +++++++++++++++++++++++++++
target-i386/helper.c | 22 ++++++++++++++++++++++
target-i386/helper.h | 2 ++
target-i386/misc_helper.c | 27 +++++++++++++++++++++++++++
target-i386/translate.c | 18 +++++++++++++++++-
7 files changed, 110 insertions(+), 5 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index eee00d6..ddae932 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -361,7 +361,7 @@ static const char *cpuid_6_feature_name[] = {
CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2,
CPUID_7_0_EBX_ERMS, CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM,
CPUID_7_0_EBX_RDSEED */
-#define TCG_7_0_ECX_FEATURES 0
+#define TCG_7_0_ECX_FEATURES (CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE)
#define TCG_APM_FEATURES 0
#define TCG_6_EAX_FEATURES CPUID_6_EAX_ARAT
#define TCG_XSAVE_FEATURES (CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1)
@@ -2426,6 +2426,9 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
*eax = 0; /* Maximum ECX value for sub-leaves */
*ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */
*ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */
+ if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) {
+ *ecx |= CPUID_7_0_ECX_OSPKE;
+ }
*edx = 0; /* Reserved */
} else {
*eax = 0;
@@ -2733,9 +2736,13 @@ static void x86_cpu_reset(CPUState *s)
if (env->features[FEAT_1_EDX] & CPUID_SSE) {
xcr0 |= XSTATE_SSE_MASK;
}
- if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_MPX) {
- xcr0 |= XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK;
+ for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
+ const ExtSaveArea *esa = &x86_ext_save_areas[i];
+ if ((env->features[esa->feature] & esa->bits) == esa->bits) {
+ xcr0 |= 1ull << i;
+ }
}
+
if (env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE) {
cr4 |= CR4_OSFXSR_MASK | CR4_OSXSAVE_MASK;
}
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 5148c82..732eb6d 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -232,6 +232,7 @@
#define CR4_OSXSAVE_MASK (1U << 18)
#define CR4_SMEP_MASK (1U << 20)
#define CR4_SMAP_MASK (1U << 21)
+#define CR4_PKE_MASK (1U << 22)
#define DR6_BD (1 << 13)
#define DR6_BS (1 << 14)
@@ -260,6 +261,7 @@
#define PG_PSE_BIT 7
#define PG_GLOBAL_BIT 8
#define PG_PSE_PAT_BIT 12
+#define PG_PKRU_BIT 59
#define PG_NX_BIT 63
#define PG_PRESENT_MASK (1 << PG_PRESENT_BIT)
@@ -275,7 +277,8 @@
#define PG_ADDRESS_MASK 0x000ffffffffff000LL
#define PG_HI_RSVD_MASK (PG_ADDRESS_MASK & ~PHYS_ADDR_MASK)
#define PG_HI_USER_MASK 0x7ff0000000000000LL
-#define PG_NX_MASK (1LL << PG_NX_BIT)
+#define PG_PKRU_MASK (15ULL << PG_PKRU_BIT)
+#define PG_NX_MASK (1ULL << PG_NX_BIT)
#define PG_ERROR_W_BIT 1
@@ -284,6 +287,7 @@
#define PG_ERROR_U_MASK 0x04
#define PG_ERROR_RSVD_MASK 0x08
#define PG_ERROR_I_D_MASK 0x10
+#define PG_ERROR_PK_MASK 0x20
#define MCG_CTL_P (1ULL<<8) /* MCG_CAP register available */
#define MCG_SER_P (1ULL<<24) /* MCA recovery/new status bits */
diff --git a/target-i386/fpu_helper.c b/target-i386/fpu_helper.c
index d1a7f4c..fee5573 100644
--- a/target-i386/fpu_helper.c
+++ b/target-i386/fpu_helper.c
@@ -1184,6 +1184,11 @@ static void do_xsave_bndcsr(CPUX86State *env, target_ulong addr, uintptr_t ra)
cpu_stq_data_ra(env, addr + 8, env->bndcs_regs.sts, ra);
}
+static void do_xsave_pkru(CPUX86State *env, target_ulong addr, uintptr_t ra)
+{
+ cpu_stq_data_ra(env, addr, env->pkru, ra);
+}
+
void helper_fxsave(CPUX86State *env, target_ulong ptr)
{
uintptr_t ra = GETPC();
@@ -1257,6 +1262,10 @@ static void do_xsave(CPUX86State *env, target_ulong ptr, uint64_t rfbm,
target_ulong off = x86_ext_save_areas[XSTATE_BNDCSR_BIT].offset;
do_xsave_bndcsr(env, ptr + off, ra);
}
+ if (opt & XSTATE_PKRU_MASK) {
+ target_ulong off = x86_ext_save_areas[XSTATE_PKRU_BIT].offset;
+ do_xsave_pkru(env, ptr + off, ra);
+ }
/* Update the XSTATE_BV field. */
old_bv = cpu_ldq_data_ra(env, ptr + 512, ra);
@@ -1339,6 +1348,11 @@ static void do_xrstor_bndcsr(CPUX86State *env, target_ulong addr, uintptr_t ra)
env->bndcs_regs.sts = cpu_ldq_data_ra(env, addr + 8, ra);
}
+static void do_xrstor_pkru(CPUX86State *env, target_ulong addr, uintptr_t ra)
+{
+ env->pkru = cpu_ldq_data_ra(env, addr, ra);
+}
+
void helper_fxrstor(CPUX86State *env, target_ulong ptr)
{
uintptr_t ra = GETPC();
@@ -1438,6 +1452,19 @@ void helper_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm)
}
cpu_sync_bndcs_hflags(env);
}
+ if (rfbm & XSTATE_PKRU_MASK) {
+ uint64_t old_pkru = env->pkru;
+ if (xstate_bv & XSTATE_PKRU_MASK) {
+ target_ulong off = x86_ext_save_areas[XSTATE_PKRU_BIT].offset;
+ do_xrstor_pkru(env, ptr + off, ra);
+ } else {
+ env->pkru = 0;
+ }
+ if (env->pkru != old_pkru) {
+ CPUState *cs = CPU(x86_env_get_cpu(env));
+ tlb_flush(cs, 1);
+ }
+ }
}
uint64_t helper_xgetbv(CPUX86State *env, uint32_t ecx)
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 3f60ec6..5755839 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -676,6 +676,10 @@ void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4)
hflags |= HF_SMAP_MASK;
}
+ if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKU)) {
+ new_cr4 &= ~CR4_PKE_MASK;
+ }
+
env->cr[4] = new_cr4;
env->hflags = hflags;
@@ -920,6 +924,24 @@ do_check_protect_pse36:
goto do_fault_protect;
}
+ if ((env->cr[4] & CR4_PKE_MASK) && (env->hflags & HF_LMA_MASK) &&
+ (ptep & PG_USER_MASK) && env->pkru) {
+ uint32_t pk = (pte & PG_PKRU_MASK) >> PG_PKRU_BIT;
+ uint32_t pkru_ad = (env->pkru >> pk * 2) & 1;
+ uint32_t pkru_wd = (env->pkru >> pk * 2) & 2;
+
+ if (pkru_ad) {
+ prot &= ~(PAGE_READ | PAGE_WRITE);
+ } else if (pkru_wd && (is_user || env->cr[0] & CR0_WP_MASK)) {
+ prot &= ~PAGE_WRITE;
+ }
+ if ((prot & (1 << is_write1)) == 0) {
+ assert(is_write1 != 2);
+ error_code |= PG_ERROR_PK_MASK;
+ goto do_fault_protect;
+ }
+ }
+
/* yes, it can! */
is_dirty = is_write && !(pte & PG_DIRTY_MASK);
if (!(pte & PG_ACCESSED_MASK) || is_dirty) {
diff --git a/target-i386/helper.h b/target-i386/helper.h
index e33451a..1320edc 100644
--- a/target-i386/helper.h
+++ b/target-i386/helper.h
@@ -198,6 +198,8 @@ DEF_HELPER_FLAGS_3(xsaveopt, TCG_CALL_NO_WG, void, env, tl, i64)
DEF_HELPER_FLAGS_3(xrstor, TCG_CALL_NO_WG, void, env, tl, i64)
DEF_HELPER_FLAGS_2(xgetbv, TCG_CALL_NO_WG, i64, env, i32)
DEF_HELPER_FLAGS_3(xsetbv, TCG_CALL_NO_WG, void, env, i32, i64)
+DEF_HELPER_FLAGS_2(rdpkru, TCG_CALL_NO_WG, i64, env, i32)
+DEF_HELPER_FLAGS_3(wrpkru, TCG_CALL_NO_WG, void, env, i32, i64)
DEF_HELPER_FLAGS_1(clz, TCG_CALL_NO_RWG_SE, tl, tl)
DEF_HELPER_FLAGS_1(ctz, TCG_CALL_NO_RWG_SE, tl, tl)
diff --git a/target-i386/misc_helper.c b/target-i386/misc_helper.c
index 5fbab8f..e31ec97 100644
--- a/target-i386/misc_helper.c
+++ b/target-i386/misc_helper.c
@@ -609,3 +609,30 @@ void helper_debug(CPUX86State *env)
cs->exception_index = EXCP_DEBUG;
cpu_loop_exit(cs);
}
+
+uint64_t helper_rdpkru(CPUX86State *env, uint32_t ecx)
+{
+ if ((env->cr[4] & CR4_PKE_MASK) == 0) {
+ raise_exception_err_ra(env, EXCP06_ILLOP, 0, GETPC());
+ }
+ if (ecx != 0) {
+ raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC());
+ }
+
+ return env->pkru;
+}
+
+void helper_wrpkru(CPUX86State *env, uint32_t ecx, uint64_t val)
+{
+ CPUState *cs = CPU(x86_env_get_cpu(env));
+
+ if ((env->cr[4] & CR4_PKE_MASK) == 0) {
+ raise_exception_err_ra(env, EXCP06_ILLOP, 0, GETPC());
+ }
+ if (ecx != 0 || (val & 0xFFFFFFFF00000000ull)) {
+ raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC());
+ }
+
+ env->pkru = val;
+ tlb_flush(cs, 1);
+}
diff --git a/target-i386/translate.c b/target-i386/translate.c
index dd8d5cc..1a1214d 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7322,7 +7322,23 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
}
gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
break;
-
+ case 0xee: /* rdpkru */
+ if (prefixes & PREFIX_LOCK) {
+ goto illegal_op;
+ }
+ tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
+ gen_helper_rdpkru(cpu_tmp1_i64, cpu_env, cpu_tmp2_i32);
+ tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], cpu_tmp1_i64);
+ break;
+ case 0xef: /* wrpkru */
+ if (prefixes & PREFIX_LOCK) {
+ goto illegal_op;
+ }
+ tcg_gen_concat_tl_i64(cpu_tmp1_i64, cpu_regs[R_EAX],
+ cpu_regs[R_EDX]);
+ tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
+ gen_helper_wrpkru(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
+ break;
CASE_MODRM_OP(6): /* lmsw */
if (s->cpl != 0) {
gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
--
2.5.0
next prev parent reply other threads:[~2016-03-22 14:18 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-22 14:16 [Qemu-devel] [PULL 00/29] Miscellaneous changes for 2016-03-22 Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 01/29] include/qemu/osdep.h: Don't include qapi/error.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 02/29] Use scripts/clean-includes to drop redundant qemu/typedefs.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 03/29] Clean up includes some more Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 04/29] fw_cfg: Split fw_cfg_keys.h off fw_cfg.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 05/29] include/qemu/iov.h: Don't include qemu-common.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 06/29] include/hw/hw.h: " Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 07/29] hw/pci/pci.h: " Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 08/29] Move HOST_LONG_BITS from qemu-common.h to qemu/osdep.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 09/29] Move QEMU_ALIGN_*() " Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 10/29] Move ParallelIOArg from qemu-common.h to sysemu/char.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 11/29] isa: Move DMA_transfer_handler from qemu-common.h to hw/isa/isa.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 12/29] include/crypto: Include qapi-types.h or qemu/bswap.h instead of qemu-common.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 13/29] hw: explicitly include qemu-common.h and cpu.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 14/29] Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 15/29] util: move declarations out of qemu-common.h Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 16/29] tcg: pass down TranslationBlock to tcg_code_gen Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 17/29] qemu-log: correct help text for -d cpu Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 18/29] qemu-log: Avoid function call for disabled qemu_log_mask logging Paolo Bonzini
2016-03-22 14:16 ` [Qemu-devel] [PULL 19/29] qemu-log: Improve the "exec" TB execution logging Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 20/29] qemu-log: new option -dfilter to limit output Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 21/29] qemu-log: dfilter-ise exec, out_asm, op and opt_op Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 22/29] target-arm: dfilter support for in_asm Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 23/29] qemu-log: support simple pid substitution for logs Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 24/29] cputlb: modernise the debug support Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 25/29] exec: fix error handling in file_ram_alloc Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 26/29] char: translate from QIOChannel error to errno Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 27/29] char: ensure all clients are in non-blocking mode Paolo Bonzini
2016-03-22 14:17 ` [Qemu-devel] [PULL 28/29] config.status: Pass extra parameters Paolo Bonzini
2016-03-22 14:17 ` Paolo Bonzini [this message]
2016-03-22 20:27 ` [Qemu-devel] [PULL 00/29] Miscellaneous changes for 2016-03-22 Peter Maydell
2016-03-22 21:26 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1458656229-32043-30-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).