[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [V3 PATCH 1/9] x86/hvm: pkeys, add the flag to enable Memory Protection Keys

To: Huaitong Han <huaitong.han@xxxxxxxxx>, <jbeulich@xxxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <jun.nakajima@xxxxxxxxx>, <eddie.dong@xxxxxxxxx>, <kevin.tian@xxxxxxxxx>, <george.dunlap@xxxxxxxxxxxxx>, <ian.jackson@xxxxxxxxxxxxx>, <stefano.stabellini@xxxxxxxxxxxxx>, <ian.campbell@xxxxxxxxxx>, <wei.liu2@xxxxxxxxxx>, <keir@xxxxxxx>
From: George Dunlap <george.dunlap@xxxxxxxxxx>
Date: Thu, 10 Dec 2015 15:37:49 +0000
Cc: xen-devel@xxxxxxxxxxxxx
Delivery-date: Thu, 10 Dec 2015 15:38:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/12/15 09:16, Huaitong Han wrote:
> This patch adds the flag to enable Memory Protection Keys.
> 
> Signed-off-by: Huaitong Han <huaitong.han@xxxxxxxxx>
> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
>  docs/misc/xen-command-line.markdown | 21 +++++++++++++++++++++
>  xen/arch/x86/cpu/common.c           | 10 +++++++++-
>  xen/include/asm-x86/cpufeature.h    |  6 +++++-
>  3 files changed, 35 insertions(+), 2 deletions(-)
> 
> diff --git a/docs/misc/xen-command-line.markdown 
> b/docs/misc/xen-command-line.markdown
> index c103894..ef5ef6c 100644
> --- a/docs/misc/xen-command-line.markdown
> +++ b/docs/misc/xen-command-line.markdown
> @@ -1177,6 +1177,27 @@ This option can be specified more than once (up to 8 
> times at present).
>  ### ple\_window
>  > `= <integer>`
>  
> +### pku
> +> `= <boolean>`
> +
> +> Default: `true`
> +
> +Flag to enable Memory Protection Keys.
> +
> +The protection-key feature provides an additional mechanism by which IA-32e
> +paging controls access to usermode addresses.
> +
> +When CR4.PKE = 1, every linear address is associated with the 4-bit 
> protection
> +key located in bits 62:59 of the paging-structure entry that mapped the page
> +containing the linear address. The PKRU register determines, for each
> +protection key, whether user-mode addresses with that protection key may be
> +read or written.
> +
> +The PKRU register (protection key rights for user pages) is a 32-bit register
> +with the following format: for each i (0 â i â 15), PKRU[2i] is the
> +access-disable bit for protection key i (ADi); PKRU[2i+1] is the 
> write-disable
> +bit for protection key i (WDi).

These last two paragraphs are awfully technically detailed for a
command-line reference.  I think the first two paragraphs would be
sufficient.

 -George

> +
>  ### psr (Intel)
>  > `= List of ( cmt:<boolean> | rmid_max:<integer> | cat:<boolean> | 
> cos_max:<integer> | cdp:<boolean> )`
>  
> diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
> index 310ec85..7d03e52 100644
> --- a/xen/arch/x86/cpu/common.c
> +++ b/xen/arch/x86/cpu/common.c
> @@ -22,6 +22,10 @@ boolean_param("xsave", use_xsave);
>  bool_t opt_arat = 1;
>  boolean_param("arat", opt_arat);
>  
> +/* pku: Flag to enable Memory Protection Keys (default on). */
> +bool_t opt_pku = 1;
> +boolean_param("pku", opt_pku);
> +
>  unsigned int opt_cpuid_mask_ecx = ~0u;
>  integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx);
>  unsigned int opt_cpuid_mask_edx = ~0u;
> @@ -270,7 +274,8 @@ static void __cpuinit generic_identify(struct cpuinfo_x86 
> *c)
>       if ( c->cpuid_level >= 0x00000007 )
>               cpuid_count(0x00000007, 0, &tmp,
>                           
> &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)],
> -                         &tmp, &tmp);
> +                         &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)],
> +                         &tmp);
>  }
>  
>  /*
> @@ -323,6 +328,9 @@ void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
>       if ( cpu_has_xsave )
>               xstate_init(c);
>  
> +     if ( !opt_pku )
> +             setup_clear_cpu_cap(X86_FEATURE_PKU);
> +
>       /*
>        * The vendor-specific functions might have changed features.  Now
>        * we do "generic changes."
> diff --git a/xen/include/asm-x86/cpufeature.h 
> b/xen/include/asm-x86/cpufeature.h
> index af127cf..ef96514 100644
> --- a/xen/include/asm-x86/cpufeature.h
> +++ b/xen/include/asm-x86/cpufeature.h
> @@ -11,7 +11,7 @@
>  
>  #include <xen/const.h>
>  
> -#define NCAPINTS     8       /* N 32-bit words worth of info */
> +#define NCAPINTS     9       /* N 32-bit words worth of info */
>  
>  /* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */
>  #define X86_FEATURE_FPU              (0*32+ 0) /* Onboard FPU */
> @@ -163,6 +163,10 @@
>  #define X86_FEATURE_ADX              (7*32+19) /* ADCX, ADOX instructions */
>  #define X86_FEATURE_SMAP     (7*32+20) /* Supervisor Mode Access Prevention 
> */
>  
> +/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 8 */
> +#define X86_FEATURE_PKU      (8*32+ 3) /* Protection Keys for Userspace */
> +#define X86_FEATURE_OSPKE    (8*32+ 4) /* OS Protection Keys Enable */
> +
>  #define cpufeat_word(idx)    ((idx) / 32)
>  #define cpufeat_bit(idx)     ((idx) % 32)
>  #define cpufeat_mask(idx)    (_AC(1, U) << cpufeat_bit(idx))
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [V3 PATCH 0/9] x86/hvm: pkeys, add memory protection-key support
  - From: Huaitong Han
- [Xen-devel] [V3 PATCH 1/9] x86/hvm: pkeys, add the flag to enable Memory Protection Keys
  - From: Huaitong Han

Prev by Date: [Xen-devel] [OSSTEST PATCH 8/7] Schema: When creating, check that no updates are applied
Next by Date: Re: [Xen-devel] [OSSTEST PATCH 5/7] Schema: Support database schema updates
Previous by thread: [Xen-devel] [V3 PATCH 1/9] x86/hvm: pkeys, add the flag to enable Memory Protection Keys
Next by thread: [Xen-devel] [V3 PATCH 2/9] x86/hvm: pkeys, add pkeys support when setting CR4
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.