[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [V3 PATCH 1/9] x86/hvm: pkeys, add the flag to enable Memory Protection Keys
This patch adds the flag to enable Memory Protection Keys. Signed-off-by: Huaitong Han <huaitong.han@xxxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- docs/misc/xen-command-line.markdown | 21 +++++++++++++++++++++ xen/arch/x86/cpu/common.c | 10 +++++++++- xen/include/asm-x86/cpufeature.h | 6 +++++- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index c103894..ef5ef6c 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1177,6 +1177,27 @@ This option can be specified more than once (up to 8 times at present). ### ple\_window > `= <integer>` +### pku +> `= <boolean>` + +> Default: `true` + +Flag to enable Memory Protection Keys. + +The protection-key feature provides an additional mechanism by which IA-32e +paging controls access to usermode addresses. + +When CR4.PKE = 1, every linear address is associated with the 4-bit protection +key located in bits 62:59 of the paging-structure entry that mapped the page +containing the linear address. The PKRU register determines, for each +protection key, whether user-mode addresses with that protection key may be +read or written. + +The PKRU register (protection key rights for user pages) is a 32-bit register +with the following format: for each i (0 â i â 15), PKRU[2i] is the +access-disable bit for protection key i (ADi); PKRU[2i+1] is the write-disable +bit for protection key i (WDi). + ### psr (Intel) > `= List of ( cmt:<boolean> | rmid_max:<integer> | cat:<boolean> | > cos_max:<integer> | cdp:<boolean> )` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 310ec85..7d03e52 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -22,6 +22,10 @@ boolean_param("xsave", use_xsave); bool_t opt_arat = 1; boolean_param("arat", opt_arat); +/* pku: Flag to enable Memory Protection Keys (default on). */ +bool_t opt_pku = 1; +boolean_param("pku", opt_pku); + unsigned int opt_cpuid_mask_ecx = ~0u; integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx); unsigned int opt_cpuid_mask_edx = ~0u; @@ -270,7 +274,8 @@ static void __cpuinit generic_identify(struct cpuinfo_x86 *c) if ( c->cpuid_level >= 0x00000007 ) cpuid_count(0x00000007, 0, &tmp, &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)], - &tmp, &tmp); + &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)], + &tmp); } /* @@ -323,6 +328,9 @@ void __cpuinit identify_cpu(struct cpuinfo_x86 *c) if ( cpu_has_xsave ) xstate_init(c); + if ( !opt_pku ) + setup_clear_cpu_cap(X86_FEATURE_PKU); + /* * The vendor-specific functions might have changed features. Now * we do "generic changes." diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index af127cf..ef96514 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -11,7 +11,7 @@ #include <xen/const.h> -#define NCAPINTS 8 /* N 32-bit words worth of info */ +#define NCAPINTS 9 /* N 32-bit words worth of info */ /* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */ #define X86_FEATURE_FPU (0*32+ 0) /* Onboard FPU */ @@ -163,6 +163,10 @@ #define X86_FEATURE_ADX (7*32+19) /* ADCX, ADOX instructions */ #define X86_FEATURE_SMAP (7*32+20) /* Supervisor Mode Access Prevention */ +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 8 */ +#define X86_FEATURE_PKU (8*32+ 3) /* Protection Keys for Userspace */ +#define X86_FEATURE_OSPKE (8*32+ 4) /* OS Protection Keys Enable */ + #define cpufeat_word(idx) ((idx) / 32) #define cpufeat_bit(idx) ((idx) % 32) #define cpufeat_mask(idx) (_AC(1, U) << cpufeat_bit(idx)) -- 2.4.3 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |