[PATCH v3 0/2] target/i386: add support for LAM

[PATCH v3 0/2] target/i386: add support for LAM

[Binbin Wu]

Linear-address masking (LAM) [1], modifies the checking that is applied to
*64-bit* linear addresses, allowing software to use of the untranslated address
bits for metadata and masks the metadata bits before using them as linear 
addresses to access memory.

When the feature is virtualized and exposed to guest, it can be used for 
efficient
address sanitizers (ASAN) implementation and for optimizations in JITs and 
virtual
machines.

[1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368
    Chapter Linear Address Masking (LAM)

---
Changelog
v3:
- Some change in commit message.
- Add handling of LAM control bits. (Xiaoyao)

v2:
- https://lists.gnu.org/archive/html/qemu-devel/2023-05/msg07842.html


Binbin Wu (1):
  target/i386: add control bits support for LAM

Robert Hoo (1):
  target/i386: add support for LAM in CPUID enumeration

 target/i386/cpu.c | 2 +-
 target/i386/cpu.h | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

-- 
2.25.1

[PATCH v3 1/2] target/i386: add support for LAM in CPUID enumeration

[Binbin Wu]

From: Robert Hoo <robert.hu@linux.intel.com>

Linear Address Masking (LAM) is a new Intel CPU feature, which allows software
to use of the untranslated address bits for metadata.

The bit definition:
CPUID.(EAX=7,ECX=1):EAX[26]

Add CPUID definition for LAM.

Note LAM feature is not supported for TCG of target-386, LAM CPIUD bit will not
be added to TCG_7_1_EAX_FEATURES.

More info can be found in Intel ISE Chapter "LINEAR ADDRESS MASKING (LAM)"
https://cdrdv2.intel.com/v1/dl/getContent/671368

Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
Co-developed-by: Binbin Wu <binbin.wu@linux.intel.com>
Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
---
 target/i386/cpu.c | 2 +-
 target/i386/cpu.h | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 97ad229d8b..3a42340730 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -965,7 +965,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "fsrc", NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, "amx-fp16", NULL, "avx-ifma",
-            NULL, NULL, NULL, NULL,
+            NULL, NULL, "lam", NULL,
             NULL, NULL, NULL, NULL,
         },
         .cpuid = {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e0771a1043..4db97899fe 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -925,6 +925,8 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
 #define CPUID_7_1_EAX_AMX_FP16          (1U << 21)
 /* Support for VPMADD52[H,L]UQ */
 #define CPUID_7_1_EAX_AVX_IFMA          (1U << 23)
+/* Linear Address Masking */
+#define CPUID_7_1_EAX_LAM               (1U << 26)
 
 /* Support for VPDPB[SU,UU,SS]D[,S] */
 #define CPUID_7_1_EDX_AVX_VNNI_INT8     (1U << 4)
-- 
2.25.1

[PATCH v3 2/2] target/i386: add control bits support for LAM

[Binbin Wu]

LAM uses CR3[61] and CR3[62] to configure/enable LAM on user pointers.
LAM uses CR4[28] to configure/enable LAM on supervisor pointers.

For CR3 LAM bits, no additional handling needed:
- TCG
  LAM is not supported for TCG of target-i386.  helper_write_crN() and helper_vmrun()
  check max physical address bits before calling cpu_x86_update_cr3(), no change needed,
  i.e. CR3 LAM bits are not allowed to be set in TCG.
- gdbstub
  x86_cpu_gdb_write_register() will call cpu_x86_update_cr3() to update cr3. Allow gdb
  to set the LAM bit(s) to CR3, if vcpu doesn't support LAM, KVM_SET_SREGS will fail as
  other CR3 reserved bits.

For CR4 LAM bit, its reservation depends on vcpu supporting LAM feature or not.
- TCG
  LAM is not supported for TCG of target-i386.  helper_write_crN() and helper_vmrun()
  check CR4 reserved bit before calling cpu_x86_update_cr4(), i.e. CR4 LAM bit is not
  allowed to be set in TCG.
- gdbstub
  x86_cpu_gdb_write_register() will call cpu_x86_update_cr4() to update cr4. Allow gdb
  to set the LAM bit to CR4, if vcpu doesn't support LAM, KVM_SET_SREGS will fail.
- x86_cpu_reset_hold() doesn't need special handling.

Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
---
 target/i386/cpu.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 4db97899fe..710fadf550 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -261,6 +261,7 @@ typedef enum X86Seg {
 #define CR4_SMAP_MASK   (1U << 21)
 #define CR4_PKE_MASK   (1U << 22)
 #define CR4_PKS_MASK   (1U << 24)
+#define CR4_LAM_SUP_MASK (1U << 28)
 
 #define CR4_RESERVED_MASK \
 (~(target_ulong)(CR4_VME_MASK | CR4_PVI_MASK | CR4_TSD_MASK \
@@ -269,7 +270,8 @@ typedef enum X86Seg {
                 | CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK | CR4_UMIP_MASK \
                 | CR4_LA57_MASK \
                 | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \
-                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK))
+                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK \
+                | CR4_LAM_SUP_MASK))
 
 #define DR6_BD          (1 << 13)
 #define DR6_BS          (1 << 14)
@@ -2478,6 +2480,9 @@ static inline uint64_t cr4_reserved_bits(CPUX86State *env)
     if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS)) {
         reserved_bits |= CR4_PKS_MASK;
     }
+    if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) {
+        reserved_bits |= CR4_LAM_SUP_MASK;
+    }
     return reserved_bits;
 }
 
-- 
2.25.1

Re: [PATCH v3 2/2] target/i386: add control bits support for LAM

[Xiaoyao Li]

On 7/21/2023 4:08 PM, Binbin Wu wrote:
> LAM uses CR3[61] and CR3[62] to configure/enable LAM on user pointers.
> LAM uses CR4[28] to configure/enable LAM on supervisor pointers.
> 
> For CR3 LAM bits, no additional handling needed:
> - TCG
>    LAM is not supported for TCG of target-i386.  helper_write_crN() and helper_vmrun()
>    check max physical address bits before calling cpu_x86_update_cr3(), no change needed,
>    i.e. CR3 LAM bits are not allowed to be set in TCG.
> - gdbstub
>    x86_cpu_gdb_write_register() will call cpu_x86_update_cr3() to update cr3. Allow gdb
>    to set the LAM bit(s) to CR3, if vcpu doesn't support LAM, KVM_SET_SREGS will fail as
>    other CR3 reserved bits.
> 
> For CR4 LAM bit, its reservation depends on vcpu supporting LAM feature or not.
> - TCG
>    LAM is not supported for TCG of target-i386.  helper_write_crN() and helper_vmrun()
>    check CR4 reserved bit before calling cpu_x86_update_cr4(), i.e. CR4 LAM bit is not
>    allowed to be set in TCG.
> - gdbstub
>    x86_cpu_gdb_write_register() will call cpu_x86_update_cr4() to update cr4. Allow gdb
>    to set the LAM bit to CR4, if vcpu doesn't support LAM, KVM_SET_SREGS will fail.

I would go follow the current code, to mask out LAM bit if no CPUID.

> - x86_cpu_reset_hold() doesn't need special handling.
> 
> Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
> ---
>   target/i386/cpu.h | 7 ++++++-
>   1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index 4db97899fe..710fadf550 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -261,6 +261,7 @@ typedef enum X86Seg {
>   #define CR4_SMAP_MASK   (1U << 21)
>   #define CR4_PKE_MASK   (1U << 22)
>   #define CR4_PKS_MASK   (1U << 24)
> +#define CR4_LAM_SUP_MASK (1U << 28)
>   
>   #define CR4_RESERVED_MASK \
>   (~(target_ulong)(CR4_VME_MASK | CR4_PVI_MASK | CR4_TSD_MASK \
> @@ -269,7 +270,8 @@ typedef enum X86Seg {
>                   | CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK | CR4_UMIP_MASK \
>                   | CR4_LA57_MASK \
>                   | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \
> -                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK))
> +                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK \
> +                | CR4_LAM_SUP_MASK))
>   
>   #define DR6_BD          (1 << 13)
>   #define DR6_BS          (1 << 14)
> @@ -2478,6 +2480,9 @@ static inline uint64_t cr4_reserved_bits(CPUX86State *env)
>       if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS)) {
>           reserved_bits |= CR4_PKS_MASK;
>       }
> +    if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) {
> +        reserved_bits |= CR4_LAM_SUP_MASK;
> +    }
>       return reserved_bits;
>   }
>   

Re: [PATCH v3 1/2] target/i386: add support for LAM in CPUID enumeration

[Xiaoyao Li]

On 7/21/2023 4:07 PM, Binbin Wu wrote:
> From: Robert Hoo <robert.hu@linux.intel.com>
> 
> Linear Address Masking (LAM) is a new Intel CPU feature, which allows software
> to use of the untranslated address bits for metadata.
> 
> The bit definition:
> CPUID.(EAX=7,ECX=1):EAX[26]
> 
> Add CPUID definition for LAM.
> 
> Note LAM feature is not supported for TCG of target-386, LAM CPIUD bit will not
> be added to TCG_7_1_EAX_FEATURES.
> 
> More info can be found in Intel ISE Chapter "LINEAR ADDRESS MASKING (LAM)"
> https://cdrdv2.intel.com/v1/dl/getContent/671368
> 
> Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
> Co-developed-by: Binbin Wu <binbin.wu@linux.intel.com>
> Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   target/i386/cpu.c | 2 +-
>   target/i386/cpu.h | 2 ++
>   2 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 97ad229d8b..3a42340730 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -965,7 +965,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
>               "fsrc", NULL, NULL, NULL,
>               NULL, NULL, NULL, NULL,
>               NULL, "amx-fp16", NULL, "avx-ifma",
> -            NULL, NULL, NULL, NULL,
> +            NULL, NULL, "lam", NULL,
>               NULL, NULL, NULL, NULL,
>           },
>           .cpuid = {
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index e0771a1043..4db97899fe 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -925,6 +925,8 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
>   #define CPUID_7_1_EAX_AMX_FP16          (1U << 21)
>   /* Support for VPMADD52[H,L]UQ */
>   #define CPUID_7_1_EAX_AVX_IFMA          (1U << 23)
> +/* Linear Address Masking */
> +#define CPUID_7_1_EAX_LAM               (1U << 26)
>   
>   /* Support for VPDPB[SU,UU,SS]D[,S] */
>   #define CPUID_7_1_EDX_AVX_VNNI_INT8     (1U << 4)

Re: [PATCH v3 2/2] target/i386: add control bits support for LAM

[Binbin Wu]

On 12/28/2023 4:51 PM, Xiaoyao Li wrote:
> On 7/21/2023 4:08 PM, Binbin Wu wrote:
>> LAM uses CR3[61] and CR3[62] to configure/enable LAM on user pointers.
>> LAM uses CR4[28] to configure/enable LAM on supervisor pointers.
>>
>> For CR3 LAM bits, no additional handling needed:
>> - TCG
>>    LAM is not supported for TCG of target-i386. helper_write_crN() 
>> and helper_vmrun()
>>    check max physical address bits before calling 
>> cpu_x86_update_cr3(), no change needed,
>>    i.e. CR3 LAM bits are not allowed to be set in TCG.
>> - gdbstub
>>    x86_cpu_gdb_write_register() will call cpu_x86_update_cr3() to 
>> update cr3. Allow gdb
>>    to set the LAM bit(s) to CR3, if vcpu doesn't support LAM, 
>> KVM_SET_SREGS will fail as
>>    other CR3 reserved bits.
>>
>> For CR4 LAM bit, its reservation depends on vcpu supporting LAM 
>> feature or not.
>> - TCG
>>    LAM is not supported for TCG of target-i386. helper_write_crN() 
>> and helper_vmrun()
>>    check CR4 reserved bit before calling cpu_x86_update_cr4(), i.e. 
>> CR4 LAM bit is not
>>    allowed to be set in TCG.
>> - gdbstub
>>    x86_cpu_gdb_write_register() will call cpu_x86_update_cr4() to 
>> update cr4. Allow gdb
>>    to set the LAM bit to CR4, if vcpu doesn't support LAM, 
>> KVM_SET_SREGS will fail.
>
> I would go follow the current code, to mask out LAM bit if no CPUID.

I can do it in the next version.

But I am curious what's the rule of masking out a CR4 bit if no CPUID
in cpu_x86_update_cr4()?
e.g. current code checks SMAP but not SMEP.


>
>> - x86_cpu_reset_hold() doesn't need special handling.
>>
>> Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
>> ---
>>   target/i386/cpu.h | 7 ++++++-
>>   1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
>> index 4db97899fe..710fadf550 100644
>> --- a/target/i386/cpu.h
>> +++ b/target/i386/cpu.h
>> @@ -261,6 +261,7 @@ typedef enum X86Seg {
>>   #define CR4_SMAP_MASK   (1U << 21)
>>   #define CR4_PKE_MASK   (1U << 22)
>>   #define CR4_PKS_MASK   (1U << 24)
>> +#define CR4_LAM_SUP_MASK (1U << 28)
>>     #define CR4_RESERVED_MASK \
>>   (~(target_ulong)(CR4_VME_MASK | CR4_PVI_MASK | CR4_TSD_MASK \
>> @@ -269,7 +270,8 @@ typedef enum X86Seg {
>>                   | CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK | 
>> CR4_UMIP_MASK \
>>                   | CR4_LA57_MASK \
>>                   | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | 
>> CR4_OSXSAVE_MASK \
>> -                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | 
>> CR4_PKS_MASK))
>> +                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | 
>> CR4_PKS_MASK \
>> +                | CR4_LAM_SUP_MASK))
>>     #define DR6_BD          (1 << 13)
>>   #define DR6_BS          (1 << 14)
>> @@ -2478,6 +2480,9 @@ static inline uint64_t 
>> cr4_reserved_bits(CPUX86State *env)
>>       if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS)) {
>>           reserved_bits |= CR4_PKS_MASK;
>>       }
>> +    if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) {
>> +        reserved_bits |= CR4_LAM_SUP_MASK;
>> +    }
>>       return reserved_bits;
>>   }
>

Re: [PATCH v3 2/2] target/i386: add control bits support for LAM

[Xiaoyao Li]

On 1/3/2024 5:25 PM, Binbin Wu wrote:
> 
> 
> On 12/28/2023 4:51 PM, Xiaoyao Li wrote:
>> On 7/21/2023 4:08 PM, Binbin Wu wrote:
>>> LAM uses CR3[61] and CR3[62] to configure/enable LAM on user pointers.
>>> LAM uses CR4[28] to configure/enable LAM on supervisor pointers.
>>>
>>> For CR3 LAM bits, no additional handling needed:
>>> - TCG
>>>    LAM is not supported for TCG of target-i386. helper_write_crN() 
>>> and helper_vmrun()
>>>    check max physical address bits before calling 
>>> cpu_x86_update_cr3(), no change needed,
>>>    i.e. CR3 LAM bits are not allowed to be set in TCG.
>>> - gdbstub
>>>    x86_cpu_gdb_write_register() will call cpu_x86_update_cr3() to 
>>> update cr3. Allow gdb
>>>    to set the LAM bit(s) to CR3, if vcpu doesn't support LAM, 
>>> KVM_SET_SREGS will fail as
>>>    other CR3 reserved bits.
>>>
>>> For CR4 LAM bit, its reservation depends on vcpu supporting LAM 
>>> feature or not.
>>> - TCG
>>>    LAM is not supported for TCG of target-i386. helper_write_crN() 
>>> and helper_vmrun()
>>>    check CR4 reserved bit before calling cpu_x86_update_cr4(), i.e. 
>>> CR4 LAM bit is not
>>>    allowed to be set in TCG.
>>> - gdbstub
>>>    x86_cpu_gdb_write_register() will call cpu_x86_update_cr4() to 
>>> update cr4. Allow gdb
>>>    to set the LAM bit to CR4, if vcpu doesn't support LAM, 
>>> KVM_SET_SREGS will fail.
>>
>> I would go follow the current code, to mask out LAM bit if no CPUID.
> 
> I can do it in the next version.
> 
> But I am curious what's the rule of masking out a CR4 bit if no CPUID
> in cpu_x86_update_cr4()?
> e.g. current code checks SMAP but not SMEP.
> 

Frankly, I don't know. As you explained in commit message, missing the 
check doesn't cause any functional issue because the function is only 
called for tcg code and LAM is not enabled for tcg.

But personally, I think adding the check does no harm and the logic is 
straightforward, while not adding the check looks not intuitive and begs 
a comment to explain.

So my preference is to add the check.