From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371159; cv=none; d=zohomail.com; s=zohoarc; b=LumrANOv0poPnzdvsx3jw9bl4GPjs/9n59axp31GRfrx4zfqUTitvpe7ynY3aOwqKlSqGyzb+eT9ce3/MuGnaqFqBG+iBZAQnGjInTcnMsMAXAEo4UEqZWbkwqJZh8zcYw9DXGpkP07p42MpPpN7bvS3nXqSuKJ+IfZLTDo4byc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371159; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qx2Qwms5JZYbKt93+HsEGG8z6cnJG75o0ji/03PUmI4=; b=ejTbL0gsplsoW3WWnlIkH4kbjpo4lxG3+uzIh8H1/SfCCkHg74xSLo0/9wG0u6M4Jtx67/4GuNU2oZ1up/sGm6vNpPrcFhHxluCb0h0TfNmLlaSdAdubMNmid+dXfNLayl4dn91/bFU8hY1RWcrgKKOsl2FKSqIO7Cpxa+qYhxk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673371159354317.75166200300407; Tue, 10 Jan 2023 09:19:19 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474875.736283 (Exim 4.92) (envelope-from ) id 1pFIH2-0003VX-EV; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (output) from mailman id 474875.736283; Tue, 10 Jan 2023 17:18:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH2-0003Ur-8v; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (input) for mailman id 474875; Tue, 10 Jan 2023 17:18:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH1-0003S0-01 for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:55 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dab2f6fd-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:53 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dab2f6fd-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371133; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eCREFamTt0EoYJNm1E/bfKdghUubXSF6+VcYofNVBO0=; b=Y4HzCWa3dNjZ8nxtp9pKn19MxQtoCOFlnOVfbf91miE0xYt0OBdnuYED 8fs3uZeiaJ58vRpQCII3FnCMDgHcAynLeXWJId7RivDyRbDRoRwkxKQyE WyVXlfaWKtu+T/HWI0hcdfpQJF8aZV6n4nAHCvHAu3ycgam7XSrgtQzQQ I=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908184 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:HlOFja6Ym/vZ55ltzfpHKgxRtCvHchMFZxGqfqrLsTDasY5as4F+v jFNX2rQPanbMDDzKdp0OYni8UlSu5XSyIBhGwtk/i40Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraBYnoqLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+4pwehBtC5gZlPakS5AeF/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m6 NwkEiJWUw+/gLyV+ZSaQKpXh/8uI5y+VG8fkikIITDxCP8nRdbIQrnQ5M8e1zA17ixMNa+AP YxDM2MpNUmeJU0UUrsUIMtWcOOAr3/zaTBH7nmSorI6+TP7xw1tyrn9dtHSf7RmQO0ExhfA9 juWowwVBDkhHs7B0iOU0kixubGMsTzjCaxNBuOno6sCbFq7mTVIVUx+uUGAiea9ol6zXZRYM UN80jojq+0++VKmSvH5XgakuziUsxgEQd1SHuYmrgaXxcL8wSyUG2wFRT5pc8E9uYk9QjlC6 7OSt4q3X3o16uTTEC/DsOfPxd+vBcQLBXIiWRUWFjYa3969g7gVrxiMdddYHaHg27UZBgrM6 zyNqSE/gZAagsgKy7i38Dj7vt68mnTaZlVrv1uKBwpJ+is8Pdf4PNLwtTA3+N4adO6kok+9U G/ociR0xMQHFtmzmSOEW43h95n5tq/eYFUwbbOCdqTNFghBGVb5Jui8Axkkfi+F1/ronhe3C HI/QSsLuPdu0IKCNMebmb6ZBcUw1rTHHt/4TP3SZdcmSsEvK1TdrHA2OhPNhjqFfK0QfUcXY 8/znSGEVChyNEia5GDuG7d1PUEDmkjSOl8/tbiklk/6gNJylVaeSKsfMUvmUwzKxPrsnekhy P4Gb5Hi40wGAIXDjtz/rdZ7waYicSJqWvgbaqV/Koa+H+aRMDp9V66AkO58JdcNcmY8vr6gw 0xRk3RwkDLX7UAr4y3WApy/QNsDhapCkE8= IronPort-HdrOrdr: A9a23:VNaTBao4kH69+E0mjWyyoxkaV5oleYIsimQD101hICG9E/b1qy nKpp8mPHDP5wr5NEtPpTnjAsm9qALnlKKdiLN5Vd3OYOCMghrKEGgN1/qG/xTQXwH46+5Bxe NBXsFFebnN5IFB/KTH3DU= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908184" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 1/8] x86/boot: Sanitise PKRU on boot Date: Tue, 10 Jan 2023 17:18:38 +0000 Message-ID: <20230110171845.20542-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371160444100001 While the reset value of the register is 0, it might not be after kexec/etc. If PKEY0.{WD,AD} have leaked in from an earlier context, construction of a = PV dom0 will explode. Sequencing wise, this must come after setting CR4.PKE, and before we touch = any user mappings. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu For sequencing, it could also come after setting XCR0.PKRU too, but then we= 'd need to construct an empty XSAVE area to XRSTOR from, and that would be even more horrible to arrange. --- xen/arch/x86/cpu/common.c | 3 +++ xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/setup.c | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0412dbc915e5..fe92f29c2dc6 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -936,6 +936,9 @@ void cpu_init(void) write_debugreg(6, X86_DR6_DEFAULT); write_debugreg(7, X86_DR7_DEFAULT); =20 + if (cpu_has_pku) + wrpkru(0); + /* * If the platform is performing a Secure Launch via SKINIT, GIF is * clear to prevent external interrupts interfering with Secure diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/a= sm/cpufeature.h index a3ad9ebee4e9..044cfd9f882d 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -109,6 +109,7 @@ =20 /* CPUID level 0x00000007:0.ecx */ #define cpu_has_avx512_vbmi boot_cpu_has(X86_FEATURE_AVX512_VBMI) +#define cpu_has_pku boot_cpu_has(X86_FEATURE_PKU) #define cpu_has_avx512_vbmi2 boot_cpu_has(X86_FEATURE_AVX512_VBMI2) #define cpu_has_gfni boot_cpu_has(X86_FEATURE_GFNI) #define cpu_has_vaes boot_cpu_has(X86_FEATURE_VAES) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 566422600d94..6deadcf74763 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1798,7 +1798,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( boot_cpu_has(X86_FEATURE_FSGSBASE) ) set_in_cr4(X86_CR4_FSGSBASE); =20 - if ( boot_cpu_has(X86_FEATURE_PKU) ) + if ( cpu_has_pku ) set_in_cr4(X86_CR4_PKE); =20 if ( opt_invpcid && cpu_has_invpcid ) --=20 2.11.0 From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371165; cv=none; d=zohomail.com; s=zohoarc; b=WHObPRDBZra6MW11Eg682UaW99Cda+zzWBjz6oPJjWo88ZWJPwxiEhLl6YatdBMC1N6vqnuGmVvphnPwBBZIVx1TpvuvfAdPg1BUaC/iS/5jilJZf37UyeKblhx/oYq6dBRKoJVwxWFkRaLAN7nzQ10cbiwEERd3RPfdt9geSGc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371165; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=seO3tVPeLYBoLRnin+lcGOdfm+TMUxr87CZWSrTpXWU=; b=n6zr4RN5/oClYeJZCe0lCgkvRWZ7/vQgZkLbcJpi5i1f02B3hKPamPDrUCX6quvo29ucc4tqXil9WCE9ApErOV6mQchiPQ2ab1t/omYC9lnFK3w6U5EA7GABWXExc9wS5keQcum7i47agjPz7KFI0jrFOH7ANU5bOwz7OZE2X8g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673371165769233.144314900808; Tue, 10 Jan 2023 09:19:25 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474878.736322 (Exim 4.92) (envelope-from ) id 1pFIH5-0004TH-D0; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (output) from mailman id 474878.736322; Tue, 10 Jan 2023 17:18:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH5-0004T2-8v; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (input) for mailman id 474878; Tue, 10 Jan 2023 17:18:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH3-0003S0-Pt for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:57 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc1f739e-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:55 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc1f739e-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371135; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OplqtOF2TCVepI2xNnGz4FHobV4vVNUxy+l935bIbyE=; b=N6+J8k6yv34EOg1DTFfVyosztgSqztT/sVz7NenGSHSyAiebnS15G7Nt 18xjxRWzaXgQxzqBICXtTxTS/30NvvzrBbnbfFHbHETeQK/v0EgLRGclq YVYUl/biioriDNNaAyyP2OZQMO+JwmxcdNggiqGoza2oc4MStePNxPYUt A=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91449594 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:POXL86vAUteEsYTc3GrAQvmQR+fnVEVeMUV32f8akzHdYApBsoF/q tZmKTuEa/+PZDf9f4wjaoSw8R8D7JPTmNRiGlRrrn8zQStD+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj5lv0gnRkPaoQ5AaHzyFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwBBsARw+D3s2Nz+yWZ8hpjIc4CPLxI9ZK0p1g5Wmx4fcORJnCR+PB5MNC3Sd2jcdLdRrcT 5NHM3w1Nk2GOkARfAdMYH49tL7Aan3XWjtUsl+K44Ew5HDe1ldZ27nxKtvFPNeNQK25m27J/ z6arjmoXnn2MvTD6QSq+0i1v9X9gArDaNgrKZGU3Nx11Qj7Kms7V0RNCArTTeOColG6c8JSL QoT4CVGhYoY+VGvT9L9dwalu3PCtRkZM/JAHut/5AyTx6785weCGnNCXjNHcMYhtsI9WXotz FDhoj/yLWUx6vvPEyvbr+rK62PpUcQIEYMcTQMvQCIa44DMm45toz/uS9wgC4qOlMKgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gKu1mSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZo3o0NR/IgD2wyRJEfUQD1 XGzK57E4ZEyUPoP8dZLb71Fje9DKt4WmQs/uqwXPzz4iOHDNRZ5uJ8OMUeUb/BR0U93iFy9z jqrDOPTk083eLSnMkHqHXs7cQhiwY4TWcqn9KS6t4erfmJbJY3WI6SNneJwKtE4wf89eyWh1 ijVZ3K0AWHX3RXvQThmoFg4AF8zdf6TdU4GABE= IronPort-HdrOrdr: A9a23:YMCwkqysP/VV8RpyfE9PKrPw6L1zdoMgy1knxilNoHxuH/Bw9v re+cjzsCWftN9/Yh4dcLy7VpVoIkmsl6Kdg7NwAV7KZmCP1FdARLsI0WKI+UyCJ8SRzI9gPa cLSdkFNDXzZ2IK8PoTNmODYqodKNrsytHWuQ/HpU0dKT2D88tbnn9E4gDwKDwQeCB2QaAXOb C7/cR9qz+paR0sH7+G7ilsZZmkmzXT/qiWGCI7Ow== X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="91449594" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 2/8] x86/prot-key: Enumeration for Protection Key Supervisor Date: Tue, 10 Jan 2023 17:18:39 +0000 Message-ID: <20230110171845.20542-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371166426100004 Protection Key Supervisor works in a very similar way to Protection Key Use= r, except that instead of a PKRU register used by the {RD,WR}PKRU instructions, the supervisor protection settings live in MSR_PKRS and is accessed using normal {RD,WR}MSR instructions. PKS has the same problematic interactions with PV guests as PKU (more infac= t, given the guest kernel's CPL), so we'll only support this for HVM guests for now. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/msr-index.h | 2 ++ xen/arch/x86/include/asm/x86-defns.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 6 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 2aa23225f42c..cbd4e511e8ab 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -211,6 +211,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *c= puid, const char* str) {"avx512-vpopcntdq",0x00000007,0,CPUID_REG_ECX, 14, 1}, {"rdpid", 0x00000007, 0, CPUID_REG_ECX, 22, 1}, {"cldemote", 0x00000007, 0, CPUID_REG_ECX, 25, 1}, + {"pks", 0x00000007, 0, CPUID_REG_ECX, 31, 1}, =20 {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d5833e9ce879..ea7ff320e0e4 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -134,7 +134,7 @@ static const char *const str_7c0[32] =3D /* 24 */ [25] =3D "cldemote", /* 26 */ [27] =3D "movdiri", [28] =3D "movdir64b", [29] =3D "enqcmd", - [30] =3D "sgx-lc", + [30] =3D "sgx-lc", [31] =3D "pks", }; =20 static const char *const str_e7d[32] =3D diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/a= sm/cpufeature.h index 044cfd9f882d..0a301013c3d9 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -121,6 +121,7 @@ #define cpu_has_movdiri boot_cpu_has(X86_FEATURE_MOVDIRI) #define cpu_has_movdir64b boot_cpu_has(X86_FEATURE_MOVDIR64B) #define cpu_has_enqcmd boot_cpu_has(X86_FEATURE_ENQCMD) +#define cpu_has_pks boot_cpu_has(X86_FEATURE_PKS) =20 /* CPUID level 0x80000007.edx */ #define cpu_has_hw_pstate boot_cpu_has(X86_FEATURE_HW_PSTATE) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/as= m/msr-index.h index 0a8852f3c246..7615d8087f46 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -148,6 +148,8 @@ #define MSR_PL3_SSP 0x000006a7 #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 =20 +#define MSR_PKRS 0x000006e1 + #define MSR_X2APIC_FIRST 0x00000800 #define MSR_X2APIC_LAST 0x000008ff =20 diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/as= m/x86-defns.h index 42b5f382d438..fe1caba6f819 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -74,6 +74,7 @@ #define X86_CR4_SMAP 0x00200000 /* enable SMAP */ #define X86_CR4_PKE 0x00400000 /* enable PKE */ #define X86_CR4_CET 0x00800000 /* Control-flow Enforcement Technolo= gy */ +#define X86_CR4_PKS 0x01000000 /* Protection Key Supervisor */ =20 /* * XSTATE component flags in XCR0 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 7915f5826f57..ad7e89dd4c40 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -227,6 +227,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE in= struction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ +XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor = */ =20 /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */ --=20 2.11.0 From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371163; cv=none; d=zohomail.com; s=zohoarc; b=Tl6mLfvJE0vAjhBOsarmPHZFt0JFqaSZupYyCVfOJJXbJqWrcBaYJoBql3nAXWONxqjquLXXe9SGN39QfxsH4tMU1tF0DFAI/UVyZSmpYOskuGj3tNirCzZlB0Y/SABlWI9M94WuLJ2qFytBVjFQQZQrJP3xGU7xVq+P59RIY0s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371163; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=c4wZ94CD84eii1I1JHE50KBEPkCZze/hAKjUKiUXTsc=; b=DNMAxKj7AjFD0R3qPmUXrBsafMI0AbKJkyNR1r7ydoEs2sY8qyE24t6O3oUATM7Czlze9ih0Q6UjDiUm24VvvGYwHjFY/N9g1PAyX7xvZUM46c/Af9s8sxd+xLGAjGHwrVRmn3Ddn6VL31sOFDyxBk0apNCz3I2QMkyvUBabplM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673371163496202.11414124390785; Tue, 10 Jan 2023 09:19:23 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474879.736328 (Exim 4.92) (envelope-from ) id 1pFIH5-0004a2-Tm; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (output) from mailman id 474879.736328; Tue, 10 Jan 2023 17:18:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH5-0004ZF-OP; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (input) for mailman id 474879; Tue, 10 Jan 2023 17:18:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH4-0003S0-QI for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:58 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dcb2fe24-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:56 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dcb2fe24-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371135; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4kWQkYSpiZBIu90gQLV1EYaENe8mysfk1fvV+p0jEtY=; b=Yy5cNSMLA2BR3bxYAt0zSwq51NKtyLIYeE98unOEo508TO38foAnpOGp tOIk6YKcKalQe75FEFbDOhDrp+Cb3/NyztHQN0AW2xSlTGIFBBpxSr4T6 0kpwFEHhYjiCtEpvh2H1l8XKsmfQ6miYMpHX6aGZ4KCcO2D4wxnGnVRy9 Q=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908186 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:9XpW9q/pwj6N3yVagW41DrUDk36TJUtcMsCJ2f8bNWPcYEJGY0x3n DRLCzuFbK2IZjH9eIoiO9nk8E5TsJLTyYM1GQI6+3g8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKucYHsZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIx1BjOkGlA5AdmPKkT5AS2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklx/ t0ZL2ASSCyIxKG0/o+cUbcvg+kKeZyD0IM34hmMzBncBPciB5vCX7/L9ZlT2zJYasJmRKiEI ZBDMHw2MUqGM0Yn1lQ/UfrSmM+BgHXlfiIeg1WSvactuEDYzRBr0airO93QEjCPbZQNzx7I/ zKYl4j/Kg4aKMSwwheMyVSPts3erR/yfoItPrLto5aGh3XMnzdOWXX6T2CTvv2RmkO4HdVFJ CQ86ico6KQ/6kGvZt38RAGj5m6JuAYGXNhdGPF87xuCooL2yQuEAmkPThZadccr8sQxQFQXO kShxo2zQ2Y16fvMFCzbpuz8QS6O1TY9EmQjZChUUi056Jqgor8OqQmRDdNOOfvg5jHqIg3Yz zePpSk4orwci88Xyqm2lWz6byKQSovhFVBsuFiONo6xxkYgPdP+OdT0gbTOxawYRLt1WGVtq 5TtdyK2yOkVRa+AmyWWKAnmNOH4vq3VWNEwbLMGInXAy9hP0yT4FWyzyGskTKuMDirjUWGBX aMrkVkNjKK/xVPzBUONX6q/Ct4x0Y/rHsn/W/bfY7JmO8YuL1XXrXkxOBPJhQgBdXTAd4llY f93lu71Ux4n5VlPlmLqF4/xL5d3rszB+Y8jbc+ilEn2uVZvTHWUVa0EIDOzghMRtcu5TPHu2 48HbaOikkwPONASlwGLqeb/23hWdylkbX03wuQLHtO+zv1OQz19Wq6AnO5/IOSIXc19z4/1w 510YWcAoHKXuJENAV7ihqxLAF83YatCkA== IronPort-HdrOrdr: A9a23:dyl0+a9aSWYSd8IC7FZuk+DWI+orL9Y04lQ7vn2ZKCY4TiX8ra uTdZsguiMc5Ax+ZJhDo7C90di7IE80nKQdieN9AV7IZniEhILHFvAG0aLShxHmBi3i5qp8+M 5bAsxD4QTLfDpHsfo= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908186" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 3/8] x86/prot-key: Split PKRU infrastructure out of asm/processor.h Date: Tue, 10 Jan 2023 17:18:40 +0000 Message-ID: <20230110171845.20542-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371164318100007 asm/processor.h is in desperate need of splitting up, and protection key functionality in only used in the emulator and pagewalk. Introduce a new asm/prot-key.h and move the relevant content over. Rename the PKRU_* constants to drop the user part and to use the architectu= ral terminology. Drop the read_pkru_{ad,wd}() helpers entirely. The pkru infix is about to become wrong, and the sole user is shorter and easier to follow without the helpers. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu v2: * Mask pk_ar --- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/include/asm/processor.h | 38 --------------------------------= ---- xen/arch/x86/include/asm/prot-key.h | 31 +++++++++++++++++++++++++++++ xen/arch/x86/mm/guest_walk.c | 9 ++++++--- xen/arch/x86/x86_emulate.c | 2 ++ 5 files changed, 40 insertions(+), 41 deletions(-) create mode 100644 xen/arch/x86/include/asm/prot-key.h diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index fe92f29c2dc6..2bcdd08b2fb5 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/as= m/processor.h index 60b902060914..b95d2483212a 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -374,44 +374,6 @@ static always_inline void set_in_cr4 (unsigned long ma= sk) write_cr4(read_cr4() | mask); } =20 -static inline unsigned int rdpkru(void) -{ - unsigned int pkru; - - asm volatile (".byte 0x0f,0x01,0xee" - : "=3Da" (pkru) : "c" (0) : "dx"); - - return pkru; -} - -static inline void wrpkru(unsigned int pkru) -{ - asm volatile ( ".byte 0x0f, 0x01, 0xef" - :: "a" (pkru), "d" (0), "c" (0) ); -} - -/* Macros for PKRU domain */ -#define PKRU_READ (0) -#define PKRU_WRITE (1) -#define PKRU_ATTRS (2) - -/* - * PKRU defines 32 bits, there are 16 domains and 2 attribute bits per - * domain in pkru, pkeys is index to a defined domain, so the value of - * pte_pkeys * PKRU_ATTRS + R/W is offset of a defined domain attribute. - */ -static inline bool_t read_pkru_ad(uint32_t pkru, unsigned int pkey) -{ - ASSERT(pkey < 16); - return (pkru >> (pkey * PKRU_ATTRS + PKRU_READ)) & 1; -} - -static inline bool_t read_pkru_wd(uint32_t pkru, unsigned int pkey) -{ - ASSERT(pkey < 16); - return (pkru >> (pkey * PKRU_ATTRS + PKRU_WRITE)) & 1; -} - static always_inline void __monitor(const void *eax, unsigned long ecx, unsigned long edx) { diff --git a/xen/arch/x86/include/asm/prot-key.h b/xen/arch/x86/include/asm= /prot-key.h new file mode 100644 index 000000000000..63a2e22f3fa0 --- /dev/null +++ b/xen/arch/x86/include/asm/prot-key.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef ASM_PROT_KEY_H +#define ASM_PROT_KEY_H + +#include + +#define PKEY_AD 1 /* Access Disable */ +#define PKEY_WD 2 /* Write Disable */ + +#define PKEY_WIDTH 2 /* Two bits per protection key */ + +static inline uint32_t rdpkru(void) +{ + uint32_t pkru; + + asm volatile ( ".byte 0x0f,0x01,0xee" + : "=3Da" (pkru) : "c" (0) : "dx" ); + + return pkru; +} + +static inline void wrpkru(uint32_t pkru) +{ + asm volatile ( ".byte 0x0f,0x01,0xef" + :: "a" (pkru), "d" (0), "c" (0) ); +} + +#endif /* ASM_PROT_KEY_H */ diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index 70dacc477f9a..161a61b8f5ca 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -26,7 +26,9 @@ #include #include #include + #include +#include #include #include =20 @@ -413,10 +415,11 @@ guest_walk_tables(const struct vcpu *v, struct p2m_do= main *p2m, guest_pku_enabled(v) ) { unsigned int pkey =3D guest_l1e_get_pkey(gw->l1e); - unsigned int pkru =3D rdpkru(); + unsigned int pkr =3D rdpkru(); + unsigned int pk_ar =3D (pkr >> (pkey * PKEY_WIDTH)) & (PKEY_AD | P= KEY_WD); =20 - if ( read_pkru_ad(pkru, pkey) || - ((walk & PFEC_write_access) && read_pkru_wd(pkru, pkey) && + if ( (pk_ar & PKEY_AD) || + ((walk & PFEC_write_access) && (pk_ar & PKEY_WD) && ((walk & PFEC_user_mode) || guest_wp_enabled(v))) ) { gw->pfec |=3D PFEC_prot_key; diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 720740f29b84..8c7d18521807 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -12,8 +12,10 @@ #include #include #include + #include #include /* current_cpu_info */ +#include #include #include /* cpu_has_amd_erratum() */ #include --=20 2.11.0 From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371161; cv=none; d=zohomail.com; s=zohoarc; b=ke54Mlt1FkQIAJ6vv5Mhbfqhn/2a2Jb+cSD6k9d6ymfypKEaxuNDl8x322eop/RDOuexlHAE8HPMN/g9MvMeMyRQJ8hyckB7lR9XZk2scEdwvaG2HtNjUZa7MY+KtYEN1dKNYbOsRP6yItXjuW3uVyjyNjOJmb30ExRXlRzeKms= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371161; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=shPAxSxdPmIG4NScSfwzIBSyqfkhWFW/RhagPBSngAk=; b=EV3+Z0PSid9sDhfb1/3gq/41vYk4VIdlm1F+zjd2PCeoDq/B1as5eUFqGWFAjiOAyrgBWcFNp4KDyDcgWcMvFDtdy9uwlJ7bISgt6pJ04QauZbsCjbrpysybk4UEqO396xYinQZNsTEkNJd5Jff3i0rAen5SM4ktvpO7DuRoKig= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 167337116192446.08661878226212; Tue, 10 Jan 2023 09:19:21 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474874.736278 (Exim 4.92) (envelope-from ) id 1pFIH2-0003SN-5B; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (output) from mailman id 474874.736278; Tue, 10 Jan 2023 17:18:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH2-0003SG-2G; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (input) for mailman id 474874; Tue, 10 Jan 2023 17:18:54 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH0-0003Rz-Lx for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:54 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d99b1fde-910a-11ed-b8d0-410ff93cb8f0; Tue, 10 Jan 2023 18:18:52 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d99b1fde-910a-11ed-b8d0-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371131; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nlcu1l1czYrvkQ6yAjB0ab/hxX/LNf+c8nxTwGFVhRM=; b=arkGuz02Y/TSqhJka3P0D7BPkhsPmZs/BAcU4ELfx/tMfyrNSAYwtAH+ mXEiN9eQtMeNPCPEYSHLQIlBuVbnSthuw50vp8dc3IKpPcK+mncDFmETz x1y4EObzV/TGWZcgj5NTNIqtSxLkl+ka6NYRMftbZt9Tce9sGQhh+OUD/ I=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 92390969 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:MnqQCa2gwGaBC4Zd3vbD5cBxkn2cJEfYwER7XKvMYLTBsI5bp2QGy WEfCDiCMq2JZzP1L9siPo6z/ENU78fcndRmSVNlpC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK5ULSfUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS9nuDgNyo4GlD5gVnPagQ1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfDX112 tcoER00TxmDgfu9y5eUT8pHr5F2RCXrFNt3VnBIyDjYCbAtQIzZQrWM7thdtNsyrpkQR7CEP ZNfMGcxKkSbC/FMEg5/5JYWteGknHTgNRZfr0qYv/Ef6GnP1g1hlrPqNbI5f/TbH54ExhfG9 woq+UzFJAxEHtu5xQGdsW+pg8LQuRK4eKM7QejQGvlC3wTImz175ActfUS/iem0jAi5Qd03A 24+9zcqrKMy3Fe2VdS7VBq9yFaUsxhZV9dOHukS7ACW1rGS8wufHnIDTDNKdJohrsBeeNAx/ gbXxZWzX2Up6eDLDyLGnluJkd+sESQJFkApVRYpdCoM49/6q4oWoRfsZf82RcZZkebJMT33x jmLqg03iLMSkdMH2s2HwLzXv96/jsOXF1Bov207Skrgt1okP9D9O+RE/HCBtZ59wJClok5tV ZTus+yX96gwAJ6Ej0Rhq81dTejyt55p3NAx6GOD/qXNFRz3oBZPnqgKulmSwXuF1e5aEQIFm GeJ5WtsCGZ7ZRNGl5NfbYOrENgNxqP9D9njXf28RoMQPcMrJF7fo3wzPBT4M4XRfK4Ey/lX1 XCzKJjEMJrnIf4/kGreqxk1jdfHORzSNUuMHMumnnxLIJKVZWKPSKdtDbd9RrlR0U9wmy2Mq 4w3H5LTm31ivBjWPnG/HXg7cQpbchDWxPne96RqSwJ0ClE6RDBwWqKMn+hJlk4Mt/09q9okN 0qVAidwoGcTT1WeQelWQhiPsI/SYKs= IronPort-HdrOrdr: A9a23:Xj6syKk04uxO5DNMXQHtoTXZa7XpDfIi3DAbv31ZSRFFG/Fw9v rDoB1/73TJYVkqN03I9ervBEDjexPhHO9OgLX5VI3KNGOKhILCFvAA0WKN+UyEJwTOssJbyK d8Y+xfJbTLfDxHZB/BkWuFL+o= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="92390969" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 4/8] x86: Initial support for WRMSRNS Date: Tue, 10 Jan 2023 17:18:41 +0000 Message-ID: <20230110171845.20542-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371162433100004 WRMSR Non-Serialising is an optimisation intended for cases where an MSR ne= eds updating, but architectural serialising properties are not needed. In is anticipated that this will apply to most if not all MSRs modified on context switch paths. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu v2: * New --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 1 + xen/arch/x86/include/asm/msr.h | 12 ++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 1 + 4 files changed, 15 insertions(+) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index cbd4e511e8ab..8da78773a886 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -235,6 +235,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *c= puid, const char* str) {"fzrm", 0x00000007, 1, CPUID_REG_EAX, 10, 1}, {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, + {"wrmsrns", 0x00000007, 1, CPUID_REG_EAX, 19, 1}, =20 {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, {"mcdt-no", 0x00000007, 2, CPUID_REG_EDX, 5, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index ea7ff320e0e4..f482c4e28f30 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -189,6 +189,7 @@ static const char *const str_7a1[32] =3D =20 [10] =3D "fzrm", [11] =3D "fsrs", [12] =3D "fsrcs", + /* 18 */ [19] =3D "wrmsrns", }; =20 static const char *const str_e21a[32] =3D diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index dd1eee04a637..191e54068856 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -38,6 +38,18 @@ static inline void wrmsrl(unsigned int msr, __u64 val) wrmsr(msr, lo, hi); } =20 +/* Non-serialising WRMSR, when available. Falls back to a serialising WRM= SR. */ +static inline void wrmsr_ns(uint32_t msr, uint32_t lo, uint32_t hi) +{ + /* + * WRMSR is 2 bytes. WRMSRNS is 3 bytes. Pad WRMSR with a redundant = CS + * prefix to avoid a trailing NOP. + */ + alternative_input(".byte 0x2e; wrmsr", + ".byte 0x0f,0x01,0xc6", X86_FEATURE_WRMSRNS, + "c" (msr), "a" (lo), "d" (hi)); +} + /* rdmsr with exception handling */ #define rdmsr_safe(msr,val) ({\ int rc_; \ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index ad7e89dd4c40..5444bc5d8374 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -281,6 +281,7 @@ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFlo= at16 Instructions */ XEN_CPUFEATURE(FZRM, 10*32+10) /*A Fast Zero-length REP MOVSB */ XEN_CPUFEATURE(FSRS, 10*32+11) /*A Fast Short REP STOSB */ XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */ +XEN_CPUFEATURE(WRMSRNS, 10*32+19) /* WRMSR Non-Serialising */ =20 /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializin= g */ --=20 2.11.0 From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371165; cv=none; d=zohomail.com; s=zohoarc; b=fpjr5AOvekslRShJXqFcrPon/GfMQtIvQDArg5nJk4+N6uot60OhflSv+iiI9mBgHkTx1Wj72yyUFGtkYrOoxWhXyi47lFf4J8DNFZH3aFeXV/SaYRTkh4rWLfRcmYvVmInT02LEImjn4HOduFrAT28p+/+a2Ot9XBn43N7Pp4Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371165; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QzCAFgCoeU0UMlwG4qkZIcDPCjv450/w1qaFAyW6PTg=; b=NZOztGiyyHS5fussLd3NpBPoC8r4zPuf3+eja8RNPR/NPledBMt68z4l0cacJrClG8OheyT9RtB8luEoKn3ASGmsoZgye2udbhBcOEYz46QNt6VmopP/liYXthddThoB3VSoWrk3KSgegVFsYck5tyEb+8gcomgD3Pn8LxEfpgU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 16733711653571002.6154087499165; Tue, 10 Jan 2023 09:19:25 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474880.736344 (Exim 4.92) (envelope-from ) id 1pFIH8-00054l-8N; Tue, 10 Jan 2023 17:19:02 +0000 Received: by outflank-mailman (output) from mailman id 474880.736344; Tue, 10 Jan 2023 17:19:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH8-00054T-1o; Tue, 10 Jan 2023 17:19:02 +0000 Received: by outflank-mailman (input) for mailman id 474880; Tue, 10 Jan 2023 17:19:00 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH5-0003S0-QM for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:59 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc27791f-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:56 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc27791f-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371136; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nq9rxCSKOSFBwm6aWpKwYZFwQDRPg+/dlW9R5ZTrDnU=; b=f3zU8CdTxfe1VDbWjgv1M/n1ISXt4fe0NTFDgM9gE5MStm3U/n75NAwu uYYujmpeJKHSQpshSWyrRt1PFYzxKFj0CRZdUlsoOzJf6dIdqm8OWsFlP ydJwQF+39MnP+dkfs3U7e+cqLulfWC5VDhEYVDmJ9QZMTzzcqMc3hUDBc A=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908188 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:58OJS6qHUup8gnBYIg57y4Gp9bdeBmIxZRIvgKrLsJaIsI4StFCzt garIBmHOK2LNjDxc4wkYNm2oB8Dv8CGzYIxTAc5/HsxES4Qp5uZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpAFc+E0/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06W1wUmAWP6gR5weHziFNV/rzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXADoqVkCypc3s+72Ed7FGqdocF9S0EapK7xmMzRmBZRonaZXKQqGM7t5ExjYgwMtJGJ4yZ eJAN2ApNk6ZJUQSZBFHU/rSn8/x7pX7WxRepEiYuuwc5G/LwRYq+LPsLMDUapqBQsA9ckOw9 zqXpzSgUkFy2Nq3kDmB0H+jmLD2hirZBN09C562yuJRjwjGroAUIEJPDgbqyRWjsWahX/pPJ kpS/TAhxYAx+VKqSJ/hXhS+iH+CohMYHdFXFoUS+AyLj6bZ/QudLmwFVSJaLswrstcsQj4n3 UPPmMnmbRRNmrCITXOW9p+PsCi/fyMSKAc/iTQsFFVfpYO5+cdq00yJHo0L/LOJYsPdExbIk wGog3IFiIou1eQkyZqA4A/qqmf5znTWdTId6gLSV2Ojywp2Yo+5eoClgWTmAeZ8wJWxFQfY4 iVd8ySKxKVXVMzWynTRKAkYNOvxj8tpJgEwlrKG83MJ0z22s0CucolLiN2VDBc4a51UEdMFj aK6hO+w2HOxFCHxBUOUS9jrYyjP8UQHPYqNaxwsRoASCqWdjSfelM2UWWae3nr2jG8nmrwlN JGQfK6EVChFUv43nWLpGrpEi9fHIxzSI0uJHfgXKDz+j9KjiIO9E+9ZYDNikMhlhE97nOkl2 4kGbJbbo/mueOb/fjPW4eYuwaMidBAG6WTNg5UPLIare1M2cFzN/teNmdvNjaQ5xfUK/goJl 1nhMnJlJK3X3iGbeFTbNy09M9sCn/9X9BoGAMDlBn7ws1BLXGplxPl3m0cfFVX/yNFe8A== IronPort-HdrOrdr: A9a23:ZLPzHar/LmCAuSlV/CUVsGkaV5rveYIsimQD101hICG9Evb0qy nOpoV/6faQslwssR4b9uxoVJPvfZq+z+8W3WByB9eftWDd0QPFEGgL1+DfKlbbak7DH4BmtJ uJc8JFeafN5VoRt7eG3OFveexQvOVu88qT9JjjJ28Gd3APV0n5hT0JcjpyFCdNNW57LKt8Lr WwzOxdqQGtfHwGB/7LfUXsD4D41rv2fIuNW29+OyIa X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908188" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu , Kevin Tian Subject: [PATCH v2 5/8] x86/hvm: Context switch MSR_PKRS Date: Tue, 10 Jan 2023 17:18:42 +0000 Message-ID: <20230110171845.20542-6-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371166401100001 Under PKS, MSR_PKRS is available and based on the CPUID policy alone, and usable independently of CR4.PKS. See the large comment in prot-key.h for details of the context switching arrangement. Use WRMSRNS right away, as we don't care about serialsing properties for context switching this MSR. Sanitise MSR_PKRS on boot. In anticipation of wanting to use PKS for Xen in the future, arrange for the sanitisation to occur prior to potentially sett= ing CR4.PKS; if PKEY0.{AD,WD} leak in from a previous context, we will triple fault immediately on setting CR4.PKS. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu CC: Kevin Tian v2: * Use WRMSRNS * Sanitise MSR_PKS on boot. --- xen/arch/x86/cpu/common.c | 2 ++ xen/arch/x86/hvm/vmx/vmx.c | 9 +++++++ xen/arch/x86/include/asm/msr.h | 9 +++++++ xen/arch/x86/include/asm/prot-key.h | 54 +++++++++++++++++++++++++++++++++= ++++ xen/arch/x86/setup.c | 4 +++ xen/arch/x86/smpboot.c | 4 +++ 6 files changed, 82 insertions(+) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 2bcdd08b2fb5..f44c907e8a43 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -58,6 +58,8 @@ static unsigned int forced_caps[NCAPINTS]; =20 DEFINE_PER_CPU(bool, full_gdt_loaded); =20 +DEFINE_PER_CPU(uint32_t, pkrs); + void __init setup_clear_cpu_cap(unsigned int cap) { const uint32_t *dfs; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 43a4865d1c76..b1f493f009fd 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include =20 static bool_t __initdata opt_force_ept; @@ -536,6 +537,7 @@ static void vmx_restore_host_msrs(void) =20 static void vmx_save_guest_msrs(struct vcpu *v) { + const struct cpuid_policy *cp =3D v->domain->arch.cpuid; struct vcpu_msrs *msrs =3D v->arch.msrs; =20 /* @@ -549,10 +551,14 @@ static void vmx_save_guest_msrs(struct vcpu *v) rdmsrl(MSR_RTIT_OUTPUT_MASK, msrs->rtit.output_mask); rdmsrl(MSR_RTIT_STATUS, msrs->rtit.status); } + + if ( cp->feat.pks ) + msrs->pkrs =3D rdpkrs_and_cache(); } =20 static void vmx_restore_guest_msrs(struct vcpu *v) { + const struct cpuid_policy *cp =3D v->domain->arch.cpuid; const struct vcpu_msrs *msrs =3D v->arch.msrs; =20 write_gs_shadow(v->arch.hvm.vmx.shadow_gs); @@ -569,6 +575,9 @@ static void vmx_restore_guest_msrs(struct vcpu *v) wrmsrl(MSR_RTIT_OUTPUT_MASK, msrs->rtit.output_mask); wrmsrl(MSR_RTIT_STATUS, msrs->rtit.status); } + + if ( cp->feat.pks ) + wrpkrs(msrs->pkrs); } =20 void vmx_update_cpu_exec_control(struct vcpu *v) diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 191e54068856..7946b6b24c11 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -373,6 +373,15 @@ struct vcpu_msrs }; } rtit; =20 + /* + * 0x000006e1 - MSR_PKRS - Protection Key Supervisor. + * + * Exposed R/W to guests. Xen doesn't use PKS yet, so only context + * switched per vcpu. When in current context, live value is in hardw= are, + * and this value is stale. + */ + uint32_t pkrs; + /* 0x00000da0 - MSR_IA32_XSS */ struct { uint64_t raw; diff --git a/xen/arch/x86/include/asm/prot-key.h b/xen/arch/x86/include/asm= /prot-key.h index 63a2e22f3fa0..0dcd31b7ea68 100644 --- a/xen/arch/x86/include/asm/prot-key.h +++ b/xen/arch/x86/include/asm/prot-key.h @@ -5,8 +5,11 @@ #ifndef ASM_PROT_KEY_H #define ASM_PROT_KEY_H =20 +#include #include =20 +#include + #define PKEY_AD 1 /* Access Disable */ #define PKEY_WD 2 /* Write Disable */ =20 @@ -28,4 +31,55 @@ static inline void wrpkru(uint32_t pkru) :: "a" (pkru), "d" (0), "c" (0) ); } =20 +/* + * Xen does not use PKS. + * + * Guest kernel use is expected to be one default key, except for tiny win= dows + * with a double write to switch to a non-default key in a permitted criti= cal + * section. + * + * As such, we want MSR_PKRS un-intercepted. Furthermore, as we only need= it + * in Xen for emulation or migration purposes (i.e. possibly never in a + * domain's lifetime), we don't want to re-sync the hardware value on every + * vmexit. + * + * Therefore, we read and cache the guest value in ctxt_switch_from(), in = the + * expectation that we can short-circuit the write in ctxt_switch_to(). + * During regular operations in current context, the guest value is in + * hardware and the per-cpu cache is stale. + */ +DECLARE_PER_CPU(uint32_t, pkrs); + +static inline uint32_t rdpkrs(void) +{ + uint32_t pkrs, tmp; + + rdmsr(MSR_PKRS, pkrs, tmp); + + return pkrs; +} + +static inline uint32_t rdpkrs_and_cache(void) +{ + return this_cpu(pkrs) =3D rdpkrs(); +} + +static inline void wrpkrs(uint32_t pkrs) +{ + uint32_t *this_pkrs =3D &this_cpu(pkrs); + + if ( *this_pkrs !=3D pkrs ) + { + *this_pkrs =3D pkrs; + + wrmsr_ns(MSR_PKRS, pkrs, 0); + } +} + +static inline void wrpkrs_and_cache(uint32_t pkrs) +{ + this_cpu(pkrs) =3D pkrs; + wrmsr_ns(MSR_PKRS, pkrs, 0); +} + #endif /* ASM_PROT_KEY_H */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 6deadcf74763..567a0a42ac50 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -54,6 +54,7 @@ #include #include #include +#include #include =20 /* opt_nosmp: If true, secondary processors are ignored. */ @@ -1804,6 +1805,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( opt_invpcid && cpu_has_invpcid ) use_invpcid =3D true; =20 + if ( cpu_has_pks ) + wrpkrs_and_cache(0); /* Must be before setting CR4.PKS */ + init_speculation_mitigations(); =20 init_idle_domain(); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 52beed9d8d6d..b26758c2c89f 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -364,6 +365,9 @@ void start_secondary(void *unused) =20 /* Full exception support from here on in. */ =20 + if ( cpu_has_pks ) + wrpkrs_and_cache(0); /* Must be before setting CR4.PKS */ + /* Safe to enable feature such as CR4.MCE with the IDT set up now. */ write_cr4(mmu_cr4_features); =20 --=20 2.11.0 From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371160; cv=none; d=zohomail.com; s=zohoarc; b=nZFpPnHijN+GY2qPIjeAQOQ8QRIOxOEI/AZKiqIjdPvw5LHcONSnlP1b8phcWzdk2zpXwJoricXnHPDM/QsfVsIHQh7n8eSpPKIWuxwCy4C7RNnCwe5sk4BZgYCSeTP/QoPqYSlXP7Cf9rxcHuGYwMIOtODmtnO0OsoQP2AknXA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371160; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=OAJLhDuBElP6UWe6XMpAq/FuJQo3ygCUjsZkzc2LnX0=; b=CbzxcKfjHXB+k6raT+I8rq57AT03AlOvTKF2x9BzlAamyEIseeBNNm9bdbsOqjJmgJbWvjivX4Xr3D81TGwonfAsafVs7TkrQRMsji9CdlZu/f2UxzEWu0B/DfVHiumMiExDjdT6rbbrzcyj8K3a8c1wjEhTyPZ58D1xV2rRRHE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673371160607223.19568283934382; Tue, 10 Jan 2023 09:19:20 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474876.736290 (Exim 4.92) (envelope-from ) id 1pFIH2-0003cI-Ny; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (output) from mailman id 474876.736290; Tue, 10 Jan 2023 17:18:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH2-0003Zm-I0; Tue, 10 Jan 2023 17:18:56 +0000 Received: by outflank-mailman (input) for mailman id 474876; Tue, 10 Jan 2023 17:18:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH1-0003S0-PK for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:55 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id da896568-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:53 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: da896568-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371133; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QpOw3C6VwM8FcX6hHOXRu7/mibwXlAuu3I7T3tZcU2Y=; b=OgrY0uZ3A7NGVTz6QwsutsL1L79JMqEB2hMV9187F5tbW+a/OlZmv5t5 NLWm93VR+G3t7qjJsM9cL2EvgEtahExvhYQNHh+i684lJd0oZS7agFOg0 Z5XBmBlqnpF43xvsQlNNcA9cvzx1ZwhM0GJknMX3Z/iCIWngK4NAs+MdM I=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91449590 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:Li9XpKpB6kbN4mSMqhYPLdNVOKZeBmIxZRIvgKrLsJaIsI4StFCzt garIBnTaavYajekfdp3b4u+908H7JHdzNUwSws4/y0xFH8T9puZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpAFc+E0/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06W1wUmAWP6gR5weHziFNV/rzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXAB9TV1egpr+4++rlWuQ2i8lyHOW3M7pK7xmMzRmBZRonaZXKQqGM7t5ExjYgwMtJGJ4yZ eJAN2ApNk6ZJUQSZBFHU/rSn8/x7pX7WxRepEiYuuwc5G/LwRYq+LPsLMDUapqBQsA9ckOw9 zuaozWkU0ly2Nq3wDi7wFCsjNHzrxj3UpgYMLL7r65YuQjGroAUIEJPDgbqyRWjsWahX/pPJ kpS/TAhxYAx+VKqSJ/hXhS+iH+CohMYHdFXFoUS+AyLj6bZ/QudLmwFVSJaLswrstcsQj4n3 UPPmMnmbRRNmrCITXOW9p+PsCi/fyMSKAc/iTQsFFVfpYO5+cdq00yJHo0L/LOJYsPdNm/Jh BOr8SYF3+sDgJQG2vSL0QzIumf5znTWdTId6gLSV2Ojywp2Yo+5eoClgWTmAeZ8wJWxFQfY4 iVd8ySKxKVXVMzWynTRKAkYNOvxj8tpJgEwlrKG83MJ0z22s0CucolLiN2VDBc4a51UEdMFj aK6hO+w2HOxFCHxBUOUS9jrYyjP8UQHPYqNaxwsRoASCqWdjSfelM2UWWae3nr2jG8nmrwlN JGQfK6EVChFUv43nWLpGrpEi9fHIxzSI0uJHfgXKDz+j9KjiIO9E+9ZYDNikMhlhE97nOkl2 4kGbJbbo/mueOb/fjPW4eYuwaMidBAG6WTNg5UPLIare1M2cFzN/teNmdvNjaQ5xfUK/goJl 1nhMnJlJK3X3iGbeFTbNy09M9sCn/9X9BoGAMDlBn7ws1BLXGplxP13m0cfFVX/yNFe8A== IronPort-HdrOrdr: A9a23:oTZoiq3aFgb5AX9qgrmu5gqjBHYkLtp133Aq2lEZdPU0SKGlfq GV7ZEmPHrP4gr5N0tOpTntAse9qBDnhPxICOsqXYtKNTOO0AeVxelZhrcKqAeQeBEWmNQ96U 9hGZIOcuEZDzJB/LvHCN/TKadd/DGFmprY+ts31x1WPGVXgzkL1XYANu6ceHcGIzVuNN4CO7 e3wNFInDakcWR/VLXBOpFUN9KzweEijfjdEGc7OyI= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="91449590" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu , Kevin Tian Subject: [PATCH v2 6/8] x86/hvm: Enable guest access to MSR_PKRS Date: Tue, 10 Jan 2023 17:18:43 +0000 Message-ID: <20230110171845.20542-7-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371162391100003 Have guest_{rd,wr}msr(), via hvm_{get,set}_reg(), access either the live register, or stashed state, depending on context. Include MSR_PKRS for migration, and let the guest have full access. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu CC: Kevin Tian v2: * Rebase over the get/set_reg() infrastructure. --- xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/msr.c | 10 ++++++++++ 3 files changed, 28 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 927a221660e8..c6c1eea18003 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1333,6 +1333,7 @@ static int cf_check hvm_load_cpu_xsave_states( static const uint32_t msrs_to_send[] =3D { MSR_SPEC_CTRL, MSR_INTEL_MISC_FEATURES_ENABLES, + MSR_PKRS, MSR_IA32_BNDCFGS, MSR_IA32_XSS, MSR_VIRT_SPEC_CTRL, diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index b1f493f009fd..57827779c305 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -657,6 +657,11 @@ static void cf_check vmx_cpuid_policy_changed(struct v= cpu *v) else vmx_set_msr_intercept(v, MSR_FLUSH_CMD, VMX_MSR_RW); =20 + if ( cp->feat.pks ) + vmx_clear_msr_intercept(v, MSR_PKRS, VMX_MSR_RW); + else + vmx_set_msr_intercept(v, MSR_PKRS, VMX_MSR_RW); + out: vmx_vmcs_exit(v); =20 @@ -2455,6 +2460,7 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, = unsigned int reg) { const struct vcpu *curr =3D current; struct domain *d =3D v->domain; + const struct vcpu_msrs *msrs =3D v->arch.msrs; uint64_t val =3D 0; int rc; =20 @@ -2471,6 +2477,9 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, = unsigned int reg) } return val; =20 + case MSR_PKRS: + return (v =3D=3D curr) ? rdpkrs() : msrs->pkrs; + case MSR_SHADOW_GS_BASE: if ( v !=3D curr ) return v->arch.hvm.vmx.shadow_gs; @@ -2499,6 +2508,8 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, = unsigned int reg) =20 static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_= t val) { + const struct vcpu *curr =3D current; + struct vcpu_msrs *msrs =3D v->arch.msrs; struct domain *d =3D v->domain; int rc; =20 @@ -2514,6 +2525,12 @@ static void cf_check vmx_set_reg(struct vcpu *v, uns= igned int reg, uint64_t val) domain_crash(d); } return; + + case MSR_PKRS: + msrs->pkrs =3D val; + if ( v =3D=3D curr ) + wrpkrs(val); + return; } =20 /* Logic which maybe requires remote VMCS acquisition. */ diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 317b154d244d..7ddf0078c3a2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -325,6 +325,11 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t= *val) *val =3D 0; break; =20 + case MSR_PKRS: + if ( !cp->feat.pks ) + goto gp_fault; + goto get_reg; + case MSR_X2APIC_FIRST ... MSR_X2APIC_LAST: if ( !is_hvm_domain(d) || v !=3D curr ) goto gp_fault; @@ -616,6 +621,11 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t= val) break; goto gp_fault; =20 + case MSR_PKRS: + if ( !cp->feat.pks || val !=3D (uint32_t)val ) + goto gp_fault; + goto set_reg; + case MSR_X2APIC_FIRST ... MSR_X2APIC_LAST: if ( !is_hvm_domain(d) || v !=3D curr ) goto gp_fault; --=20 2.11.0 From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371165; cv=none; d=zohomail.com; s=zohoarc; b=Zg9W2DSaLuFATZ+ViHTrVz67R+LplzeA9JMTj07Ii8bGgKaa/h8IScdijPsvCJkcmKaAYX6lgXWdpu3HAizxk/RKAEpJdlyhOrHl64+XRph0z4dmqA02oBEXKaXjOCry5GSGO1oMi0PY6P/Xe2s3xnQLrjg2y4xcs1i0eR4Jz9M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371165; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mAQiyChwEE9pVmcXwN/8Pv2a4RlHCbWXLhtRd2Mt8dM=; b=nYL08ae3ZL1Ru0T/BPvMUdp/tThY0wrJG1fN8fYVMwR3O41cM7j1AYICM+P7pv/j1yK5keghrgumvFQsz842UsH2Xa4/WNOiPZ76k+wKmzQlyf9iJaIWXK3YBNY0WGXJqbVtOLHvXIto3H9dzwOMnRNBkkX+rLnLypRJkfucUz8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673371165538215.9971486419015; Tue, 10 Jan 2023 09:19:25 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474881.736350 (Exim 4.92) (envelope-from ) id 1pFIH8-000580-SC; Tue, 10 Jan 2023 17:19:02 +0000 Received: by outflank-mailman (output) from mailman id 474881.736350; Tue, 10 Jan 2023 17:19:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH8-00057K-EC; Tue, 10 Jan 2023 17:19:02 +0000 Received: by outflank-mailman (input) for mailman id 474881; Tue, 10 Jan 2023 17:19:00 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH6-0003S0-Qe for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:19:00 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dd6eb98c-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:57 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dd6eb98c-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371137; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JEFM5DgSMIlHdoI6Ogj3/3vP8p3vve1BuSmFbdoNBC0=; b=CkJfXtGAuvEjg0fSpmAQpDOtb+a/xGUkfpEjtXNssU8v2WwoUpN+LrCE BNOR5fBNcTNCMEstQpPOj5d3C70hhJSospZ6FMmPZN1MGoOCOjdcAwMs0 VZh3zUeU+0rARogkOGXgh5OrojteeuIrFnL764w/j/A4VGfx9gRiSjdmy k=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 90908190 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:DbCNyqvq0Vx5DDVZ2p/52hYuvufnVEVeMUV32f8akzHdYApBsoF/q tZmKTuAP66DZWHwLt5yYYq+p0gAvZXSy4VnQQQ4+Ho2Ri4T+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj5lv0gnRkPaoQ5AaHzyFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwIhc1PiGhqLiNz42GEsNDmPsYMZbGFdZK0p1g5Wmx4fcORJnCR+PB5MNC3Sd2jcdLdRrcT 5NHM3w1Nk2GOkARfAdMYH49tL7Aan3XWjtUsl+K44Ew5HDe1ldZ27nxKtvFPNeNQK25m27J/ jOerz2oWnn2MvSE1ziV0WuHhdbzoiH3V78oL7aa5NBD1Qj7Kms7V0RNCArTTeOColG6c8JSL QoT4CVGhbg/8gmnQ8fwWzW8oWWYpVgMVtxICeo45QqRjK3O7G6xJEIJUzpAY9wOr9ItSHoh0 Vrhoj/yLWUx6vvPEyvbr+rK62PpUcQIEYMcTSUjdVs0wfa5m44Ms0rlYchcK7Pqo/SgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gKu1mSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZo3o0NR/IgD2wyRJEfUQD1 XGzK57E4ZEyUPoP8dZLb71Fje9DKt4WmQs/uqwXPzz4iOHDNRZ5uJ8OMUeUb/BR0U93iFy9z jqrDOPTk083eLSnMkHqHXs7cQhiwY4TWcqn9KS6t4erfmJbJY3WI6SNneJwKtE4wf89eyWh1 ijVZ3K0AWHX3RXvQThmoFg9AF8zdf6TdU4GABE= IronPort-HdrOrdr: A9a23:oRLJXKi0dBOuc7/fiMW0v9kprnBQXh4ji2hC6mlwRA09TyX5ra 2TdZUgpHrJYVMqMk3I9uruBEDtex3hHP1OkOss1NWZPDUO0VHARO1fBOPZqAEIcBeOldK1u5 0AT0B/YueAd2STj6zBkXSF+wBL+qj6zEiq792usEuEVWtRGsVdB58SMHfiLqVxLjM2YqYRJd 6nyedsgSGvQngTZtTTPAh/YwCSz+e78q4PeHQ9dmca1DU= X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="90908190" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 7/8] x86/pagewalk: Support PKS Date: Tue, 10 Jan 2023 17:18:44 +0000 Message-ID: <20230110171845.20542-8-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371166407100002 PKS is very similar to the existing PKU behaviour, operating on pagewalks f= or any supervisor mapping. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- xen/arch/x86/include/asm/guest_pt.h | 5 +++++ xen/arch/x86/include/asm/hvm/hvm.h | 3 +++ xen/arch/x86/mm/guest_walk.c | 9 +++++---- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/include/asm/guest_pt.h b/xen/arch/x86/include/asm= /guest_pt.h index 6647ccfb8520..6802db2a415a 100644 --- a/xen/arch/x86/include/asm/guest_pt.h +++ b/xen/arch/x86/include/asm/guest_pt.h @@ -282,6 +282,11 @@ static always_inline bool guest_pku_enabled(const stru= ct vcpu *v) return !is_pv_vcpu(v) && hvm_pku_enabled(v); } =20 +static always_inline bool guest_pks_enabled(const struct vcpu *v) +{ + return !is_pv_vcpu(v) && hvm_pks_enabled(v); +} + /* Helpers for identifying whether guest entries have reserved bits set. */ =20 /* Bits reserved because of maxphysaddr, and (lack of) EFER.NX */ diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/= hvm/hvm.h index 93254651f2f5..65768c797ea7 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -407,6 +407,8 @@ int hvm_get_param(struct domain *d, uint32_t index, uin= t64_t *value); ((v)->arch.hvm.guest_efer & EFER_NXE) #define hvm_pku_enabled(v) \ (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKE)) +#define hvm_pks_enabled(v) \ + (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKS)) =20 /* Can we use superpages in the HAP p2m table? */ #define hap_has_1gb (!!(hvm_funcs.hap_capabilities & HVM_HAP_SUPERPAGE_1GB= )) @@ -911,6 +913,7 @@ static inline void hvm_set_reg(struct vcpu *v, unsigned= int reg, uint64_t val) #define hvm_smap_enabled(v) ((void)(v), false) #define hvm_nx_enabled(v) ((void)(v), false) #define hvm_pku_enabled(v) ((void)(v), false) +#define hvm_pks_enabled(v) ((void)(v), false) =20 #define arch_vcpu_block(v) ((void)(v)) =20 diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index 161a61b8f5ca..76b4e0425887 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -406,16 +406,17 @@ guest_walk_tables(const struct vcpu *v, struct p2m_do= main *p2m, #if GUEST_PAGING_LEVELS >=3D 4 /* 64-bit only... */ /* * If all access checks are thus far ok, check Protection Key for 64bit - * data accesses to user mappings. + * data accesses. * * N.B. In the case that the walk ended with a superpage, the fabricat= ed * gw->l1e contains the appropriate leaf pkey. */ - if ( (ar & _PAGE_USER) && !(walk & PFEC_insn_fetch) && - guest_pku_enabled(v) ) + if ( !(walk & PFEC_insn_fetch) && + ((ar & _PAGE_USER) ? guest_pku_enabled(v) + : guest_pks_enabled(v)) ) { unsigned int pkey =3D guest_l1e_get_pkey(gw->l1e); - unsigned int pkr =3D rdpkru(); + unsigned int pkr =3D (ar & _PAGE_USER) ? rdpkru() : rdpkrs(); unsigned int pk_ar =3D (pkr >> (pkey * PKEY_WIDTH)) & (PKEY_AD | P= KEY_WD); =20 if ( (pk_ar & PKEY_AD) || --=20 2.11.0 From nobody Tue May 7 14:17:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371164; cv=none; d=zohomail.com; s=zohoarc; b=DKPqPVSAMP+xUAomfwRwaMLNSDrGeDd5ttj4Ur02kktiNTaguStCwiGIy5Ue8UMnYZWYUzY/9ZYyfqnhoFkPBelq6BmLtHY67PfEtSOh0j8FNtXSCppOYMv2o2iczjsyPSBrjQnQJ4zKVXdhm9ERn8qOF0X5WO8ROCjHwo6rnlM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371164; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=hAisJCjgB3W1++btT6CHykph3t0qg6zpFubqKoQ73ys=; b=boX4xsfnMShrCdsJQuUFvIZJ5yfcXs3QE6n7jBe0KCF775ILZveqVG6cRU5AJXqSRv7jYJIVx1QHUgzfwEpGvydvmZfeH/vYtggz+IXVa3pqBdurHET+Q2e41PZJ3T0yjVdeXKk5U2sM0ymcAd3r+48kxhd9b0k433+i2fNBsig= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673371164724531.0235266471133; Tue, 10 Jan 2023 09:19:24 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474882.736363 (Exim 4.92) (envelope-from ) id 1pFIHA-0005XK-6d; Tue, 10 Jan 2023 17:19:04 +0000 Received: by outflank-mailman (output) from mailman id 474882.736363; Tue, 10 Jan 2023 17:19:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH9-0005VV-UW; Tue, 10 Jan 2023 17:19:03 +0000 Received: by outflank-mailman (input) for mailman id 474882; Tue, 10 Jan 2023 17:19:01 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH7-0003S0-Qg for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:19:01 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc65418a-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:57 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc65418a-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371137; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=C9gSfgX+9i+r0YwgaULSxlIhX07TJ2xDDOE7SZdYeBY=; b=NcvoAQWciyRAbIkLgnVc9iNEg66rZ8SSLjF+pZfL9Jrh7hkPNp6lxqUY bYP+y1xr8nUp/gEAkT41lPMFLhjhROGEj1HDBlIs6O1msHSW/mE//WDif MLY3PPmyM3n7ftk0GMRlrPawHgfYBEMU2+Wc/Ao0xPPGmMUFbfiFRf1n9 o=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91967753 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:YwnKM6zuo4bG75SfPt16t+ckxirEfRIJ4+MujC+fZmUNrF6WrkUPz mRKUWzXPK2MajSnet0lYY7k8ktS6MDUxoNjG1ZvqCAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTbaeYUidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+U0HUMja4mtC5QRnPKgT5zcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KW1y8 985EjkAUhfdhPm38ZGfYM9Fpct2eaEHPKtH0p1h5TTQDPJgSpHfWaTao9Rf2V/chOgXQ6yYP ZBAL2MyMlKQOHWjOX9OYH46tM6uimPybHtzr1WNqLBsy2PS0BZwwP7mN9+9ltmiFJwEwBnH+ zmuE2LRWw9HLfnHxCK8o1mR3/bFsgy8A49CG+jtnhJtqALKnTFCYPEMbnOkpdGph0j4XMhQQ 2QE9yxroaUs+UiDStjmQwb+sHOCpgQbWddbD6s98g7l4oj+7hudB2MEZiVcc9Fgv8gzLQHGz XfQwYmvX2Y29uTIFzTNrd94sA9eJwAZEWkhRBUNQDcCvdr4obAQqjjpZ/VsRfvdYsLOJRn8x DWDrS4bjroVjNIW26jTwW0rkw5AtbCSEFdru1y/snaNq1ogOdX7P9DABU3zt64oEWqPcrWWU JHoceC65ftGM5yCnTflrA4lTODwvKbt3NExbDdS83gdG9aFoSXLkWN4umsWyKJV3iEsJ1fUj Lf741852XOqFCLCgVVLS4ywEd826qPrCM7oUPvZBvIXPMcqLl/WpH4zOBfKt4wIrKTKuftnU Xt8WZ/yZUv29Iw9lGbmLwvj+eNDKt8CKZP7GsmgkkXPPUu2b3+JU7YVWGZinchghJ5oVD79q o4FX+PTkkU3bQELSnWPmWLlBQxQfCdT6FGfg5A/S9Nv1SI9RD1wWq6MnO16E2Gn9owM/tr1E riGchcw4DLCabfvcG1mtlgLhGvTYKtC IronPort-HdrOrdr: A9a23:H2/ClqFyTJLFRUOopLqELMeALOsnbusQ8zAXPiBKJCC9E/bo8v xG+c5w6faaslkssR0b9+xoW5PwI080l6QU3WB5B97LMDUO0FHCEGgI1/qA/9SPIUzDHu4279 YbT0B9YueAcGSTW6zBkXWF+9VL+qj5zEix792uq0uE1WtRGtldBwESMHf9LmRGADNoKLAeD5 Sm6s9Ot1ObCA8qhpTSPAhiYwDbzee77a7bXQ== X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="91967753" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 8/8] x86/hvm: Support PKS for HAP guests Date: Tue, 10 Jan 2023 17:18:45 +0000 Message-ID: <20230110171845.20542-9-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371166456100007 With all infrastructure in place, advertise the PKS CPUID bit to HAP guests, and let them set CR4.PKS. Experiment with a tweak to the layout of hvm_cr4_guest_valid_bits() so futu= re additions will be just a single added line. The current context switching behaviour is tied to how VT-x works, so leave= a safety check in the short term. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- xen/arch/x86/cpuid.c | 9 +++++++++ xen/arch/x86/hvm/hvm.c | 4 +++- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index acc2f606cea8..b22725c492e7 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -579,6 +579,15 @@ static void __init calculate_hvm_max_policy(void) __clear_bit(X86_FEATURE_XSAVES, hvm_featureset); } =20 + /* + * Xen doesn't use PKS, so the guest support for it has opted to not u= se + * the VMCS load/save controls for efficiency reasons. This depends on + * the exact vmentry/exit behaviour, so don't expose PKS in other + * situations until someone has cross-checked the behaviour for safety. + */ + if ( !cpu_has_vmx ) + __clear_bit(X86_FEATURE_PKS, hvm_featureset); + guest_common_feature_adjustments(hvm_featureset); =20 sanitise_featureset(hvm_featureset); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index c6c1eea18003..606f0e864981 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -969,7 +969,9 @@ unsigned long hvm_cr4_guest_valid_bits(const struct dom= ain *d) (p->feat.smep ? X86_CR4_SMEP : 0) | (p->feat.smap ? X86_CR4_SMAP : 0) | (p->feat.pku ? X86_CR4_PKE : 0) | - (cet ? X86_CR4_CET : 0)); + (cet ? X86_CR4_CET : 0) | + (p->feat.pks ? X86_CR4_PKS : 0) | + 0); } =20 static int cf_check hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context= _t *h) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 5444bc5d8374..3b85bcca1537 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -227,7 +227,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE in= struction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ -XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor = */ +XEN_CPUFEATURE(PKS, 6*32+31) /*H Protection Key for Supervisor = */ =20 /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */ --=20 2.11.0