From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Huaitong Han <huaitong.han@intel.com>,
jbeulich@suse.com, jun.nakajima@intel.com, eddie.dong@intel.com,
kevin.tian@intel.com, george.dunlap@eu.citrix.com,
ian.jackson@eu.citrix.com, stefano.stabellini@eu.citrix.com,
ian.campbell@citrix.com, wei.liu2@citrix.com, keir@xen.org
Cc: xen-devel@lists.xen.org
Subject: Re: [PATCH 01/10] x86/hvm: pkeys, add pkeys support for cpuid handling
Date: Mon, 16 Nov 2015 12:00:54 +0000 [thread overview]
Message-ID: <5649C576.8000903@citrix.com> (raw)
In-Reply-To: <1447669917-17939-2-git-send-email-huaitong.han@intel.com>
On 16/11/15 10:31, Huaitong Han wrote:
> This patch adds pkeys support for cpuid handing.
>
> Pkeys hardware support is CPUID.7.0.ECX[3]:PKU. software support is
> CPUID.7.0.ECX[4]:OSPKE and it reflects the support setting of CR4.PKE.
>
> Signed-off-by: Huaitong Han <huaitong.han@intel.com>
>
> diff --git a/tools/libxc/xc_cpufeature.h b/tools/libxc/xc_cpufeature.h
> index c3ddc80..f6a9778 100644
> --- a/tools/libxc/xc_cpufeature.h
> +++ b/tools/libxc/xc_cpufeature.h
> @@ -141,5 +141,7 @@
> #define X86_FEATURE_ADX 19 /* ADCX, ADOX instructions */
> #define X86_FEATURE_SMAP 20 /* Supervisor Mode Access Protection */
>
> +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx) */
> +#define X86_FEATURE_PKU 3
>
> #endif /* __LIBXC_CPUFEATURE_H */
> diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c
> index e146a3e..34bb964 100644
> --- a/tools/libxc/xc_cpuid_x86.c
> +++ b/tools/libxc/xc_cpuid_x86.c
> @@ -367,9 +367,11 @@ static void xc_cpuid_hvm_policy(
> bitmaskof(X86_FEATURE_ADX) |
> bitmaskof(X86_FEATURE_SMAP) |
> bitmaskof(X86_FEATURE_FSGSBASE));
> + regs[2] &= bitmaskof(X86_FEATURE_PKU);
> } else
> - regs[1] = 0;
> - regs[0] = regs[2] = regs[3] = 0;
> + regs[1] = regs[2] = 0;
> +
> + regs[0] = regs[3] = 0;
> break;
>
> case 0x0000000d:
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index 615fa89..66917ff 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -4518,6 +4518,12 @@ void hvm_cpuid(unsigned int input, unsigned int *eax, unsigned int *ebx,
> /* Don't expose INVPCID to non-hap hvm. */
> if ( (count == 0) && !hap_enabled(d) )
> *ebx &= ~cpufeat_mask(X86_FEATURE_INVPCID);
> +
> + if ( (count == 0) && !(cpu_has_pku && hap_enabled(d)) )
> + *ecx &= ~cpufeat_mask(X86_FEATURE_PKU);
> + if ( (count == 0) && cpu_has_pku )
> + *ecx |= (v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_PKE) ?
> + cpufeat_mask(X86_FEATURE_OSPKE) : 0;
This logic (all being gated on count == 0 && !hap_enabled() ) should
extend the INVPCID if() statement.
Setting OSPKE should be gated on *ecx having PKU and guest CR4 alone.
As it currently stands, a guest could end up observing OSPKE but not PKU.
> break;
> case 0xb:
> /* Fix the x2APIC identifier. */
> diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h
> index 9a01563..3c3b95f 100644
> --- a/xen/include/asm-x86/cpufeature.h
> +++ b/xen/include/asm-x86/cpufeature.h
> @@ -154,6 +154,10 @@
> #define X86_FEATURE_ADX (7*32+19) /* ADCX, ADOX instructions */
> #define X86_FEATURE_SMAP (7*32+20) /* Supervisor Mode Access Prevention */
>
> +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 8 */
> +#define X86_FEATURE_PKU (8*32+ 3) /* Protection Keys for Userspace */
> +#define X86_FEATURE_OSPKE (8*32+ 4) /* OS Protection Keys Enable */
> +
> #if !defined(__ASSEMBLY__) && !defined(X86_FEATURES_ONLY)
> #include <xen/bitops.h>
>
> @@ -193,6 +197,7 @@
>
> #define cpu_has_smep boot_cpu_has(X86_FEATURE_SMEP)
> #define cpu_has_smap boot_cpu_has(X86_FEATURE_SMAP)
> +#define cpu_has_pku boot_cpu_has(X86_FEATURE_PKU)
This read overflows c->x86_capabilities, as you didn't bump NCAPINTs
I see that you bump it in the following patch, but you must move that
hunk forwards to this patch.
~Andrew
next prev parent reply other threads:[~2015-11-16 12:00 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-16 10:31 [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support Huaitong Han
2015-11-16 10:31 ` [PATCH 01/10] x86/hvm: pkeys, add pkeys support for cpuid handling Huaitong Han
2015-11-16 12:00 ` Andrew Cooper [this message]
2015-11-19 14:39 ` Wu, Feng
2015-11-16 16:58 ` Wei Liu
2015-11-16 10:31 ` [PATCH 02/10] x86/hvm: pkeys, add pku support for x86_capability Huaitong Han
2015-11-16 13:35 ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 03/10] x86/hvm: pkeys, add the flag to enable Memory Protection Keys Huaitong Han
2015-11-16 13:56 ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 04/10] x86/hvm: pkeys, add pkeys support when setting CR4 Huaitong Han
2015-11-16 14:02 ` Andrew Cooper
2015-11-20 1:16 ` Wu, Feng
2015-11-20 10:41 ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 05/10] x86/hvm: pkeys, disable pkeys for guests in non-paging mode Huaitong Han
2015-11-16 14:03 ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 06/10] x86/hvm: pkeys, add functions to get pkeys value from PTE Huaitong Han
2015-11-16 14:16 ` Andrew Cooper
2015-11-16 14:42 ` Jan Beulich
2015-11-16 10:31 ` [PATCH 07/10] x86/hvm: pkeys, add functions to support PKRU access/write Huaitong Han
2015-11-16 15:09 ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 08/10] x86/hvm: pkeys, add pkeys support for do_page_fault Huaitong Han
2015-11-16 15:25 ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 09/10] x86/hvm: pkeys, add pkeys support for guest_walk_tables Huaitong Han
2015-11-16 16:52 ` Andrew Cooper
2015-11-16 16:59 ` Andrew Cooper
2015-11-16 10:31 ` [PATCH 10/10] x86/hvm: pkeys, add xstate support for pkeys Huaitong Han
2015-11-16 16:52 ` Andrew Cooper
2015-11-16 17:45 ` [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support Andrew Cooper
2015-11-17 10:26 ` Jan Beulich
2015-11-17 16:24 ` Andrew Cooper
2015-11-17 16:36 ` Jan Beulich
2015-11-18 9:12 ` Wu, Feng
2015-11-18 10:10 ` Andrew Cooper
2015-11-19 7:44 ` Wu, Feng
2015-11-19 8:44 ` Jan Beulich
2015-11-19 8:49 ` Wu, Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5649C576.8000903@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=eddie.dong@intel.com \
--cc=george.dunlap@eu.citrix.com \
--cc=huaitong.han@intel.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).