x86/hvm: Configuration for Linear Address Space Separation

[PATCH] x86/hvm: Configuration for Linear Address Space Separation

Posted by Andrew Cooper 1 week ago

LASS is a feature designed in the aftermath of Meltdown, which codifies the
user/kernel split in address space in order to block entire classes of
sidechanels.  Specifically, it allows the CPU to terminate any memory access
into the wrong half of the address space based on linear address alone and
without needing a pagewalk.

It is available in CPUs starting with Intel Sapphire Rapids (2023).

For now, allow LASS to be opted in to, but leave it off by default.  Some work
in the emulator is going to be needed to enable it by default.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>

This needs rebasing around my correction to the FRED comment.

Abdel is going to look into the emulator side of things, which is going to be
easier with this patch already in place.  I intend to get it fully supported
for 4.22.
---
 xen/arch/x86/hvm/hvm.c                      | 1 +
 xen/arch/x86/include/asm/x86-defns.h        | 1 +
 xen/include/public/arch-x86/cpufeatureset.h | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 4d37a93c57a5..b62b058861c3 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1019,6 +1019,7 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d)
             (p->feat.pku      ? X86_CR4_PKE               : 0) |
             (cet              ? X86_CR4_CET               : 0) |
             (p->feat.pks      ? X86_CR4_PKS               : 0) |
+            (p->feat.lass     ? X86_CR4_LASS              : 0) |
             0);
 }
 
diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/asm/x86-defns.h
index edeb0b4ff95a..51b603bb1a14 100644
--- a/xen/arch/x86/include/asm/x86-defns.h
+++ b/xen/arch/x86/include/asm/x86-defns.h
@@ -82,6 +82,7 @@
 #define X86_CR4_PKE        0x00400000 /* enable PKE */
 #define X86_CR4_CET        0x00800000 /* Control-flow Enforcement Technology */
 #define X86_CR4_PKS        0x01000000 /* Protection Key Supervisor */
+#define X86_CR4_LASS       (_AC(1, ULL) << 27) /* Linear Address Space Separation */
 #define X86_CR4_FRED       (_AC(1, ULL) << 32) /* Fast Return and Event Delivery */
 
 #define X86_CR8_VALID_MASK 0xf
diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
index 9cd778586f10..c0b52e4c9ef9 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -304,7 +304,7 @@ XEN_CPUFEATURE(SM3,          10*32+ 1) /*A  SM3 Instructions */
 XEN_CPUFEATURE(SM4,          10*32+ 2) /*A  SM4 Instructions */
 XEN_CPUFEATURE(AVX_VNNI,     10*32+ 4) /*A  AVX-VNNI Instructions */
 XEN_CPUFEATURE(AVX512_BF16,  10*32+ 5) /*A  AVX512 BFloat16 Instructions */
-XEN_CPUFEATURE(LASS,         10*32+ 6) /*   Linear Address Space Separation */
+XEN_CPUFEATURE(LASS,         10*32+ 6) /*s  Linear Address Space Separation */
 XEN_CPUFEATURE(CMPCCXADD,    10*32+ 7) /*a  CMPccXADD Instructions */
 XEN_CPUFEATURE(ARCH_PERF_MON, 10*32+8) /*   Architectural Perfmon */
 XEN_CPUFEATURE(FZRM,         10*32+10) /*A  Fast Zero-length REP MOVSB */
-- 
2.39.5

Re: [PATCH] x86/hvm: Configuration for Linear Address Space Separation

Posted by Jan Beulich 3 days, 11 hours ago

On 26.03.2026 14:18, Andrew Cooper wrote:
> LASS is a feature designed in the aftermath of Meltdown, which codifies the
> user/kernel split in address space in order to block entire classes of
> sidechanels.  Specifically, it allows the CPU to terminate any memory access
> into the wrong half of the address space based on linear address alone and
> without needing a pagewalk.
> 
> It is available in CPUs starting with Intel Sapphire Rapids (2023).
> 
> For now, allow LASS to be opted in to, but leave it off by default.  Some work
> in the emulator is going to be needed to enable it by default.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>

> Abdel is going to look into the emulator side of things, which is going to be
> easier with this patch already in place.  I intend to get it fully supported
> for 4.22.

It indeed as "as simple as this" if you leave out the emulator part.

Jan

Re: [PATCH] x86/hvm: Configuration for Linear Address Space Separation

Posted by Andrew Cooper 3 days, 10 hours ago

On 30/03/2026 8:52 am, Jan Beulich wrote:
> On 26.03.2026 14:18, Andrew Cooper wrote:
>> LASS is a feature designed in the aftermath of Meltdown, which codifies the
>> user/kernel split in address space in order to block entire classes of
>> sidechanels.  Specifically, it allows the CPU to terminate any memory access
>> into the wrong half of the address space based on linear address alone and
>> without needing a pagewalk.
>>
>> It is available in CPUs starting with Intel Sapphire Rapids (2023).
>>
>> For now, allow LASS to be opted in to, but leave it off by default.  Some work
>> in the emulator is going to be needed to enable it by default.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>

Thanks, although SPR should have been SRF.  I'll fix up on commit.

>
>> Abdel is going to look into the emulator side of things, which is going to be
>> easier with this patch already in place.  I intend to get it fully supported
>> for 4.22.
> It indeed as "as simple as this" if you leave out the emulator part.

Yeah, quite possibly the easiest feature I've encountered.  It's a shame
we need so much plumbing change in the emulator to complete it.

~Andrew