From nobody Mon Feb 9 11:33:43 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1673371165; cv=none; d=zohomail.com; s=zohoarc; b=WHObPRDBZra6MW11Eg682UaW99Cda+zzWBjz6oPJjWo88ZWJPwxiEhLl6YatdBMC1N6vqnuGmVvphnPwBBZIVx1TpvuvfAdPg1BUaC/iS/5jilJZf37UyeKblhx/oYq6dBRKoJVwxWFkRaLAN7nzQ10cbiwEERd3RPfdt9geSGc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673371165; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=seO3tVPeLYBoLRnin+lcGOdfm+TMUxr87CZWSrTpXWU=; b=n6zr4RN5/oClYeJZCe0lCgkvRWZ7/vQgZkLbcJpi5i1f02B3hKPamPDrUCX6quvo29ucc4tqXil9WCE9ApErOV6mQchiPQ2ab1t/omYC9lnFK3w6U5EA7GABWXExc9wS5keQcum7i47agjPz7KFI0jrFOH7ANU5bOwz7OZE2X8g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1673371165769233.144314900808; Tue, 10 Jan 2023 09:19:25 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.474878.736322 (Exim 4.92) (envelope-from ) id 1pFIH5-0004TH-D0; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (output) from mailman id 474878.736322; Tue, 10 Jan 2023 17:18:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH5-0004T2-8v; Tue, 10 Jan 2023 17:18:59 +0000 Received: by outflank-mailman (input) for mailman id 474878; Tue, 10 Jan 2023 17:18:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFIH3-0003S0-Pt for xen-devel@lists.xenproject.org; Tue, 10 Jan 2023 17:18:57 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc1f739e-910a-11ed-91b6-6bf2151ebd3b; Tue, 10 Jan 2023 18:18:55 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc1f739e-910a-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673371135; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OplqtOF2TCVepI2xNnGz4FHobV4vVNUxy+l935bIbyE=; b=N6+J8k6yv34EOg1DTFfVyosztgSqztT/sVz7NenGSHSyAiebnS15G7Nt 18xjxRWzaXgQxzqBICXtTxTS/30NvvzrBbnbfFHbHETeQK/v0EgLRGclq YVYUl/biioriDNNaAyyP2OZQMO+JwmxcdNggiqGoza2oc4MStePNxPYUt A=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91449594 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:POXL86vAUteEsYTc3GrAQvmQR+fnVEVeMUV32f8akzHdYApBsoF/q tZmKTuEa/+PZDf9f4wjaoSw8R8D7JPTmNRiGlRrrn8zQStD+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj5lv0gnRkPaoQ5AaHzyFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwBBsARw+D3s2Nz+yWZ8hpjIc4CPLxI9ZK0p1g5Wmx4fcORJnCR+PB5MNC3Sd2jcdLdRrcT 5NHM3w1Nk2GOkARfAdMYH49tL7Aan3XWjtUsl+K44Ew5HDe1ldZ27nxKtvFPNeNQK25m27J/ z6arjmoXnn2MvTD6QSq+0i1v9X9gArDaNgrKZGU3Nx11Qj7Kms7V0RNCArTTeOColG6c8JSL QoT4CVGhYoY+VGvT9L9dwalu3PCtRkZM/JAHut/5AyTx6785weCGnNCXjNHcMYhtsI9WXotz FDhoj/yLWUx6vvPEyvbr+rK62PpUcQIEYMcTQMvQCIa44DMm45toz/uS9wgC4qOlMKgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gKu1mSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZo3o0NR/IgD2wyRJEfUQD1 XGzK57E4ZEyUPoP8dZLb71Fje9DKt4WmQs/uqwXPzz4iOHDNRZ5uJ8OMUeUb/BR0U93iFy9z jqrDOPTk083eLSnMkHqHXs7cQhiwY4TWcqn9KS6t4erfmJbJY3WI6SNneJwKtE4wf89eyWh1 ijVZ3K0AWHX3RXvQThmoFg4AF8zdf6TdU4GABE= IronPort-HdrOrdr: A9a23:YMCwkqysP/VV8RpyfE9PKrPw6L1zdoMgy1knxilNoHxuH/Bw9v re+cjzsCWftN9/Yh4dcLy7VpVoIkmsl6Kdg7NwAV7KZmCP1FdARLsI0WKI+UyCJ8SRzI9gPa cLSdkFNDXzZ2IK8PoTNmODYqodKNrsytHWuQ/HpU0dKT2D88tbnn9E4gDwKDwQeCB2QaAXOb C7/cR9qz+paR0sH7+G7ilsZZmkmzXT/qiWGCI7Ow== X-IronPort-AV: E=Sophos;i="5.96,315,1665460800"; d="scan'208";a="91449594" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 2/8] x86/prot-key: Enumeration for Protection Key Supervisor Date: Tue, 10 Jan 2023 17:18:39 +0000 Message-ID: <20230110171845.20542-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230110171845.20542-1-andrew.cooper3@citrix.com> References: <20230110171845.20542-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1673371166426100004 Protection Key Supervisor works in a very similar way to Protection Key Use= r, except that instead of a PKRU register used by the {RD,WR}PKRU instructions, the supervisor protection settings live in MSR_PKRS and is accessed using normal {RD,WR}MSR instructions. PKS has the same problematic interactions with PV guests as PKU (more infac= t, given the guest kernel's CPL), so we'll only support this for HVM guests for now. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/msr-index.h | 2 ++ xen/arch/x86/include/asm/x86-defns.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 6 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 2aa23225f42c..cbd4e511e8ab 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -211,6 +211,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *c= puid, const char* str) {"avx512-vpopcntdq",0x00000007,0,CPUID_REG_ECX, 14, 1}, {"rdpid", 0x00000007, 0, CPUID_REG_ECX, 22, 1}, {"cldemote", 0x00000007, 0, CPUID_REG_ECX, 25, 1}, + {"pks", 0x00000007, 0, CPUID_REG_ECX, 31, 1}, =20 {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d5833e9ce879..ea7ff320e0e4 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -134,7 +134,7 @@ static const char *const str_7c0[32] =3D /* 24 */ [25] =3D "cldemote", /* 26 */ [27] =3D "movdiri", [28] =3D "movdir64b", [29] =3D "enqcmd", - [30] =3D "sgx-lc", + [30] =3D "sgx-lc", [31] =3D "pks", }; =20 static const char *const str_e7d[32] =3D diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/a= sm/cpufeature.h index 044cfd9f882d..0a301013c3d9 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -121,6 +121,7 @@ #define cpu_has_movdiri boot_cpu_has(X86_FEATURE_MOVDIRI) #define cpu_has_movdir64b boot_cpu_has(X86_FEATURE_MOVDIR64B) #define cpu_has_enqcmd boot_cpu_has(X86_FEATURE_ENQCMD) +#define cpu_has_pks boot_cpu_has(X86_FEATURE_PKS) =20 /* CPUID level 0x80000007.edx */ #define cpu_has_hw_pstate boot_cpu_has(X86_FEATURE_HW_PSTATE) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/as= m/msr-index.h index 0a8852f3c246..7615d8087f46 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -148,6 +148,8 @@ #define MSR_PL3_SSP 0x000006a7 #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 =20 +#define MSR_PKRS 0x000006e1 + #define MSR_X2APIC_FIRST 0x00000800 #define MSR_X2APIC_LAST 0x000008ff =20 diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/as= m/x86-defns.h index 42b5f382d438..fe1caba6f819 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -74,6 +74,7 @@ #define X86_CR4_SMAP 0x00200000 /* enable SMAP */ #define X86_CR4_PKE 0x00400000 /* enable PKE */ #define X86_CR4_CET 0x00800000 /* Control-flow Enforcement Technolo= gy */ +#define X86_CR4_PKS 0x01000000 /* Protection Key Supervisor */ =20 /* * XSTATE component flags in XCR0 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 7915f5826f57..ad7e89dd4c40 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -227,6 +227,7 @@ XEN_CPUFEATURE(CLDEMOTE, 6*32+25) /*A CLDEMOTE in= struction */ XEN_CPUFEATURE(MOVDIRI, 6*32+27) /*a MOVDIRI instruction */ XEN_CPUFEATURE(MOVDIR64B, 6*32+28) /*a MOVDIR64B instruction */ XEN_CPUFEATURE(ENQCMD, 6*32+29) /* ENQCMD{,S} instructions */ +XEN_CPUFEATURE(PKS, 6*32+31) /* Protection Key for Supervisor = */ =20 /* AMD-defined CPU features, CPUID level 0x80000007.edx, word 7 */ XEN_CPUFEATURE(HW_PSTATE, 7*32+ 7) /* Hardware Pstates */ --=20 2.11.0