[PATCH 01/10] x86/hvm: pkeys, add pkeys support for cpuid handling

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Huaitong Han <huaitong.han@intel.com>
To: jbeulich@suse.com, andrew.cooper3@citrix.com,
	jun.nakajima@intel.com, eddie.dong@intel.com,
	kevin.tian@intel.com, george.dunlap@eu.citrix.com,
	ian.jackson@eu.citrix.com, stefano.stabellini@eu.citrix.com,
	ian.campbell@citrix.com, wei.liu2@citrix.com, keir@xen.org
Cc: Huaitong Han <huaitong.han@intel.com>, xen-devel@lists.xen.org
Subject: [PATCH 01/10] x86/hvm: pkeys, add pkeys support for cpuid handling
Date: Mon, 16 Nov 2015 18:31:48 +0800	[thread overview]
Message-ID: <1447669917-17939-2-git-send-email-huaitong.han@intel.com> (raw)
In-Reply-To: <1447669917-17939-1-git-send-email-huaitong.han@intel.com>

This patch adds pkeys support for cpuid handing.

Pkeys hardware support is CPUID.7.0.ECX[3]:PKU. software support is
CPUID.7.0.ECX[4]:OSPKE and it reflects the support setting of CR4.PKE.

Signed-off-by: Huaitong Han <huaitong.han@intel.com>

diff --git a/tools/libxc/xc_cpufeature.h b/tools/libxc/xc_cpufeature.h
index c3ddc80..f6a9778 100644
--- a/tools/libxc/xc_cpufeature.h
+++ b/tools/libxc/xc_cpufeature.h
@@ -141,5 +141,7 @@
 #define X86_FEATURE_ADX         19 /* ADCX, ADOX instructions */
 #define X86_FEATURE_SMAP        20 /* Supervisor Mode Access Protection */
 
+/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx) */
+#define X86_FEATURE_PKU     3
 
 #endif /* __LIBXC_CPUFEATURE_H */
diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c
index e146a3e..34bb964 100644
--- a/tools/libxc/xc_cpuid_x86.c
+++ b/tools/libxc/xc_cpuid_x86.c
@@ -367,9 +367,11 @@ static void xc_cpuid_hvm_policy(
                         bitmaskof(X86_FEATURE_ADX)  |
                         bitmaskof(X86_FEATURE_SMAP) |
                         bitmaskof(X86_FEATURE_FSGSBASE));
+            regs[2] &= bitmaskof(X86_FEATURE_PKU);
         } else
-            regs[1] = 0;
-        regs[0] = regs[2] = regs[3] = 0;
+            regs[1] = regs[2] = 0;
+
+        regs[0] = regs[3] = 0;
         break;
 
     case 0x0000000d:
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 615fa89..66917ff 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4518,6 +4518,12 @@ void hvm_cpuid(unsigned int input, unsigned int *eax, unsigned int *ebx,
         /* Don't expose INVPCID to non-hap hvm. */
         if ( (count == 0) && !hap_enabled(d) )
             *ebx &= ~cpufeat_mask(X86_FEATURE_INVPCID);
+
+        if ( (count == 0) && !(cpu_has_pku && hap_enabled(d)) )
+            *ecx &= ~cpufeat_mask(X86_FEATURE_PKU);
+        if ( (count == 0) && cpu_has_pku )
+            *ecx |= (v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_PKE) ?
+                     cpufeat_mask(X86_FEATURE_OSPKE) : 0;
         break;
     case 0xb:
         /* Fix the x2APIC identifier. */
diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h
index 9a01563..3c3b95f 100644
--- a/xen/include/asm-x86/cpufeature.h
+++ b/xen/include/asm-x86/cpufeature.h
@@ -154,6 +154,10 @@
 #define X86_FEATURE_ADX		(7*32+19) /* ADCX, ADOX instructions */
 #define X86_FEATURE_SMAP	(7*32+20) /* Supervisor Mode Access Prevention */
 
+/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 8 */
+#define X86_FEATURE_PKU	(8*32+ 3) /* Protection Keys for Userspace */
+#define X86_FEATURE_OSPKE	(8*32+ 4) /* OS Protection Keys Enable */
+
 #if !defined(__ASSEMBLY__) && !defined(X86_FEATURES_ONLY)
 #include <xen/bitops.h>
 
@@ -193,6 +197,7 @@
 
 #define cpu_has_smep            boot_cpu_has(X86_FEATURE_SMEP)
 #define cpu_has_smap            boot_cpu_has(X86_FEATURE_SMAP)
+#define cpu_has_pku             boot_cpu_has(X86_FEATURE_PKU)
 #define cpu_has_fpu_sel         (!boot_cpu_has(X86_FEATURE_NO_FPU_SEL))
 
 #define cpu_has_ffxsr           ((boot_cpu_data.x86_vendor == X86_VENDOR_AMD) \
-- 
2.4.3

next prev parent reply	other threads:[~2015-11-16 10:31 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-16 10:31 [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support Huaitong Han
2015-11-16 10:31 ` Huaitong Han [this message]
2015-11-16 12:00   ` [PATCH 01/10] x86/hvm: pkeys, add pkeys support for cpuid handling Andrew Cooper
2015-11-19 14:39     ` Wu, Feng
2015-11-16 16:58   ` Wei Liu
2015-11-16 10:31 ` [PATCH 02/10] x86/hvm: pkeys, add pku support for x86_capability Huaitong Han
2015-11-16 13:35   ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 03/10] x86/hvm: pkeys, add the flag to enable Memory Protection Keys Huaitong Han
2015-11-16 13:56   ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 04/10] x86/hvm: pkeys, add pkeys support when setting CR4 Huaitong Han
2015-11-16 14:02   ` Andrew Cooper
2015-11-20  1:16   ` Wu, Feng
2015-11-20 10:41     ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 05/10] x86/hvm: pkeys, disable pkeys for guests in non-paging mode Huaitong Han
2015-11-16 14:03   ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 06/10] x86/hvm: pkeys, add functions to get pkeys value from PTE Huaitong Han
2015-11-16 14:16   ` Andrew Cooper
2015-11-16 14:42     ` Jan Beulich
2015-11-16 10:31 ` [PATCH 07/10] x86/hvm: pkeys, add functions to support PKRU access/write Huaitong Han
2015-11-16 15:09   ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 08/10] x86/hvm: pkeys, add pkeys support for do_page_fault Huaitong Han
2015-11-16 15:25   ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 09/10] x86/hvm: pkeys, add pkeys support for guest_walk_tables Huaitong Han
2015-11-16 16:52   ` Andrew Cooper
2015-11-16 16:59   ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 10/10] x86/hvm: pkeys, add xstate support for pkeys Huaitong Han
2015-11-16 16:52   ` Andrew Cooper
2015-11-16 17:45 ` [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support Andrew Cooper
2015-11-17 10:26   ` Jan Beulich
2015-11-17 16:24     ` Andrew Cooper
2015-11-17 16:36       ` Jan Beulich
2015-11-18  9:12     ` Wu, Feng
2015-11-18 10:10       ` Andrew Cooper
2015-11-19  7:44         ` Wu, Feng
2015-11-19  8:44           ` Jan Beulich
2015-11-19  8:49             ` Wu, Feng

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c3ddc80 dfblob:f6a9778 dfblob:e146a3e dfblob:34bb964
dfblob:615fa89 dfblob:66917ff dfblob:9a01563 dfblob:3c3b95f )
 OR (
bs:"[PATCH 01/10] x86/hvm: pkeys, add pkeys support for cpuid handling" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1447669917-17939-2-git-send-email-huaitong.han@intel.com \
    --to=huaitong.han@intel.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=eddie.dong@intel.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=ian.campbell@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jun.nakajima@intel.com \
    --cc=keir@xen.org \
    --cc=kevin.tian@intel.com \
    --cc=stefano.stabellini@eu.citrix.com \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).