[PATCH 0/2] Remaining work for PKS Implementation

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 0/2] Remaining work for PKS Implementation
@ 2021-02-05  8:33 Chenyi Qiang
  2021-02-05  8:33 ` [PATCH 1/2] target/i386: Add support for save/load IA32_PKRS MSR Chenyi Qiang
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Chenyi Qiang @ 2021-02-05  8:33 UTC (permalink / raw)
  To: Paolo Bonzini, Richard Henderson, Eduardo Habkost, Xiaoyao Li; +Cc: qemu-devel

Protection Keys for Supervisor Pages (PKS) is a feature that extends the
Protection Keys architecture to support thread-specific permission
restrictions on superviosr pages, which works similar to an existing
feature named PKU (protecting user-mode pages).

Thanks Paolo to send out the PKS QEMU implemention at:
https://lore.kernel.org/qemu-devel/20210127093540.472624-1-pbonzini@redhat.com/

This patch series is just to add the remaining part, i.e. the support
for save/load PKRS and expose the vmx entry/exit load controls to guest.

Chenyi Qiang (2):
  target/i386: Add support for save/load IA32_PKRS MSR
  target/i386: Expose VMX entry/exit load pkrs control bits

 target/i386/cpu.c     |  4 ++--
 target/i386/cpu.h     |  2 ++
 target/i386/kvm/kvm.c | 13 +++++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

-- 
2.17.1

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] target/i386: Add support for save/load IA32_PKRS MSR
  2021-02-05  8:33 [PATCH 0/2] Remaining work for PKS Implementation Chenyi Qiang
@ 2021-02-05  8:33 ` Chenyi Qiang
  2021-02-05  8:33 ` [PATCH 2/2] target/i386: Expose VMX entry/exit load pkrs control bits Chenyi Qiang
  2021-02-05 10:56 ` [PATCH 0/2] Remaining work for PKS Implementation Paolo Bonzini
  2 siblings, 0 replies; 4+ messages in thread
From: Chenyi Qiang @ 2021-02-05  8:33 UTC (permalink / raw)
  To: Paolo Bonzini, Richard Henderson, Eduardo Habkost, Xiaoyao Li; +Cc: qemu-devel

PKS introduces MSR IA32_PKRS(0x6e1) to manage the supervisor protection
key rights. Page access and writes can be managed via the MSR update
without TLB flushes when permissions change.

Add the support to save/load IA32_PKRS MSR in guest.

Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
---
 target/i386/kvm/kvm.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 6dc1ee052d..1aa4b8ca51 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -112,6 +112,7 @@ static bool has_msr_vmx_vmfunc;
 static bool has_msr_ucode_rev;
 static bool has_msr_vmx_procbased_ctls2;
 static bool has_msr_perf_capabs;
+static bool has_msr_pkrs;
 
 static uint32_t has_architectural_pmu_version;
 static uint32_t num_architectural_pmu_gp_counters;
@@ -2086,6 +2087,9 @@ static int kvm_get_supported_msrs(KVMState *s)
             case MSR_IA32_VMX_PROCBASED_CTLS2:
                 has_msr_vmx_procbased_ctls2 = true;
                 break;
+            case MSR_IA32_PKRS:
+                has_msr_pkrs = true;
+                break;
             }
         }
     }
@@ -2794,6 +2798,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
     if (has_msr_smi_count) {
         kvm_msr_entry_add(cpu, MSR_SMI_COUNT, env->msr_smi_count);
     }
+    if (has_msr_pkrs) {
+        kvm_msr_entry_add(cpu, MSR_IA32_PKRS, env->pkrs);
+    }
     if (has_msr_bndcfgs) {
         kvm_msr_entry_add(cpu, MSR_IA32_BNDCFGS, env->msr_bndcfgs);
     }
@@ -3185,6 +3192,9 @@ static int kvm_get_msrs(X86CPU *cpu)
     if (has_msr_feature_control) {
         kvm_msr_entry_add(cpu, MSR_IA32_FEATURE_CONTROL, 0);
     }
+    if (has_msr_pkrs) {
+        kvm_msr_entry_add(cpu, MSR_IA32_PKRS, 0);
+    }
     if (has_msr_bndcfgs) {
         kvm_msr_entry_add(cpu, MSR_IA32_BNDCFGS, 0);
     }
@@ -3455,6 +3465,9 @@ static int kvm_get_msrs(X86CPU *cpu)
         case MSR_IA32_UMWAIT_CONTROL:
             env->umwait = msrs[i].data;
             break;
+        case MSR_IA32_PKRS:
+            env->pkrs = msrs[i].data;
+            break;
         default:
             if (msrs[i].index >= MSR_MC0_CTL &&
                 msrs[i].index < MSR_MC0_CTL + (env->mcg_cap & 0xff) * 4) {
-- 
2.17.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] target/i386: Expose VMX entry/exit load pkrs control bits
  2021-02-05  8:33 [PATCH 0/2] Remaining work for PKS Implementation Chenyi Qiang
  2021-02-05  8:33 ` [PATCH 1/2] target/i386: Add support for save/load IA32_PKRS MSR Chenyi Qiang
@ 2021-02-05  8:33 ` Chenyi Qiang
  2021-02-05 10:56 ` [PATCH 0/2] Remaining work for PKS Implementation Paolo Bonzini
  2 siblings, 0 replies; 4+ messages in thread
From: Chenyi Qiang @ 2021-02-05  8:33 UTC (permalink / raw)
  To: Paolo Bonzini, Richard Henderson, Eduardo Habkost, Xiaoyao Li; +Cc: qemu-devel

Expose the VMX exit/entry load pkrs control bits in
VMX_TRUE_EXIT_CTLS/VMX_TRUE_ENTRY_CTLS MSRs to guest, which supports the
PKS in nested VM.

Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
---
 target/i386/cpu.c | 4 ++--
 target/i386/cpu.h | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 21136c61a8..0de67bbbb2 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1215,7 +1215,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "vmx-exit-save-efer", "vmx-exit-load-efer",
                 "vmx-exit-save-preemption-timer", "vmx-exit-clear-bndcfgs",
             NULL, "vmx-exit-clear-rtit-ctl", NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            NULL, "vmx-exit-load-pkrs", NULL, NULL,
         },
         .msr = {
             .index = MSR_IA32_VMX_TRUE_EXIT_CTLS,
@@ -1230,7 +1230,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             NULL, "vmx-entry-ia32e-mode", NULL, NULL,
             NULL, "vmx-entry-load-perf-global-ctrl", "vmx-entry-load-pat", "vmx-entry-load-efer",
             "vmx-entry-load-bndcfgs", NULL, "vmx-entry-load-rtit-ctl", NULL,
-            NULL, NULL, NULL, NULL,
+            NULL, NULL, "vmx-entry-load-pkrs", NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
         },
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index d7f3ef99d1..fbf65db4db 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -969,6 +969,7 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
 #define VMX_VM_EXIT_CLEAR_BNDCFGS                   0x00800000
 #define VMX_VM_EXIT_PT_CONCEAL_PIP                  0x01000000
 #define VMX_VM_EXIT_CLEAR_IA32_RTIT_CTL             0x02000000
+#define VMX_VM_EXIT_LOAD_IA32_PKRS                  0x20000000
 
 #define VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS            0x00000004
 #define VMX_VM_ENTRY_IA32E_MODE                     0x00000200
@@ -980,6 +981,7 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
 #define VMX_VM_ENTRY_LOAD_BNDCFGS                   0x00010000
 #define VMX_VM_ENTRY_PT_CONCEAL_PIP                 0x00020000
 #define VMX_VM_ENTRY_LOAD_IA32_RTIT_CTL             0x00040000
+#define VMX_VM_ENTRY_LOAD_IA32_PKRS                 0x00400000
 
 /* Supported Hyper-V Enlightenments */
 #define HYPERV_FEAT_RELAXED             0
-- 
2.17.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 0/2] Remaining work for PKS Implementation
  2021-02-05  8:33 [PATCH 0/2] Remaining work for PKS Implementation Chenyi Qiang
  2021-02-05  8:33 ` [PATCH 1/2] target/i386: Add support for save/load IA32_PKRS MSR Chenyi Qiang
  2021-02-05  8:33 ` [PATCH 2/2] target/i386: Expose VMX entry/exit load pkrs control bits Chenyi Qiang
@ 2021-02-05 10:56 ` Paolo Bonzini
  2 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2021-02-05 10:56 UTC (permalink / raw)
  To: Chenyi Qiang, Richard Henderson, Eduardo Habkost, Xiaoyao Li; +Cc: qemu-devel

On 05/02/21 09:33, Chenyi Qiang wrote:
> Protection Keys for Supervisor Pages (PKS) is a feature that extends the
> Protection Keys architecture to support thread-specific permission
> restrictions on superviosr pages, which works similar to an existing
> feature named PKU (protecting user-mode pages).
> 
> Thanks Paolo to send out the PKS QEMU implemention at:
> https://lore.kernel.org/qemu-devel/20210127093540.472624-1-pbonzini@redhat.com/
> 
> This patch series is just to add the remaining part, i.e. the support
> for save/load PKRS and expose the vmx entry/exit load controls to guest.
> 
> Chenyi Qiang (2):
>    target/i386: Add support for save/load IA32_PKRS MSR
>    target/i386: Expose VMX entry/exit load pkrs control bits
> 
>   target/i386/cpu.c     |  4 ++--
>   target/i386/cpu.h     |  2 ++
>   target/i386/kvm/kvm.c | 13 +++++++++++++
>   3 files changed, 17 insertions(+), 2 deletions(-)
> 

Queued, thanks.

Paolo



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-02-05 10:58 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-02-05  8:33 [PATCH 0/2] Remaining work for PKS Implementation Chenyi Qiang
2021-02-05  8:33 ` [PATCH 1/2] target/i386: Add support for save/load IA32_PKRS MSR Chenyi Qiang
2021-02-05  8:33 ` [PATCH 2/2] target/i386: Expose VMX entry/exit load pkrs control bits Chenyi Qiang
2021-02-05 10:56 ` [PATCH 0/2] Remaining work for PKS Implementation Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).