[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[UNIKRAFT PATCH v2 0/4] Initial support for Intel PKU

To: minios-devel@xxxxxxxxxxxxxxxxxxxx
From: Hugo Lefeuvre <hle@xxxxxxxxxx>
Date: Fri, 11 Dec 2020 16:35:11 +0000
Cc: Hugo Lefeuvre <hle@xxxxxxxxxx>
Delivery-date: Fri, 11 Dec 2020 16:35:38 +0000
List-id: Mini-os development list <minios-devel.lists.xenproject.org>

Hi,

There is an ongoing work to support memory protection keys (MPK, also referred
to as protection keys userspace -- PKU) in Unikraft.

Full support will be achieved by:
(1) detecting the availability of PKU and enabling it via CR4
(2) enabling XSAVE for the PKRU register
(3) supporting PKU-related protection changes in the page table
(4) supporting PKU-swap during thread context switches
(5) defining an new interface/microlib to facilitate the use of MPKs

This series implements (1) and (2) in KVM and Xen as a first step towards a
full support of memory protection keys in the main tree.

This patch is independent from (3)-(5) and can already be merged as-is.

It has been tested thoroughly: (3)-(5) are already implemented and tested, but
cannot be merged immediately since they are based on top of the yet to come
page table support series.

More details regarding the implementation:

Since we do not want to pay the cost of MPK-related code when MPK is not
enabled, we introduce a new HAVE_X86PKU property; MPK code is compile-guarded
so that it does not get compiled in without HAVE_X86PKU. HAVE_X86PKU will be
set by PKU kernel libraries later on (this is step (5)).

At boot time, if HAVE_X86PKU is enabled, the kernel now checks whether PKU is
advertised by cpuid. If yes, it enables it by setting bit 22 (PKE) in CR4.  If
not, it aborts the boot process (the underlying idea is that images compiled
with HAVE_X86PKU are *specialized* to be executed on PKU-enabled hardware).

Hugo Lefeuvre (4):
  plat/kvm: toggle PKE bit if HAVE_X86PKU is enabled
  plat/xen: toggle PKE bit if HAVE_X86PKU is enabled
  plat/kvm: enable XSAVE for PKRU register
  plat/xen: enable XSAVE for PKRU register

 lib/Config.uk                      |  4 ++++
 plat/common/include/x86/cpu.h      | 15 +++++++++++++++
 plat/common/include/x86/cpu_defs.h |  4 ++++
 plat/kvm/x86/entry64.S             | 29 ++++++++++++++++++++++++++---
 plat/kvm/x86/setup.c               |  4 ++++
 plat/xen/x86/entry64.S             | 26 +++++++++++++++++++++++---
 plat/xen/x86/setup.c               |  4 ++++
 7 files changed, 80 insertions(+), 6 deletions(-)

-- 
2.20.1

Follow-Ups:
- [UNIKRAFT PATCH v2 4/4] plat/xen: enable XSAVE for PKRU register
  - From: Hugo Lefeuvre
- [UNIKRAFT PATCH v2 3/4] plat/kvm: enable XSAVE for PKRU register
  - From: Hugo Lefeuvre
- [UNIKRAFT PATCH v2 2/4] plat/xen: toggle PKE bit if HAVE_X86PKU is enabled
  - From: Hugo Lefeuvre
- [UNIKRAFT PATCH v2 1/4] plat/kvm: toggle PKE bit if HAVE_X86PKU is enabled
  - From: Hugo Lefeuvre

Prev by Date: Re: [UNIKRAFT PATCH 4/5] lib/uktime: Register `clock_gettime` to syscall_shim
Next by Date: [UNIKRAFT PATCH v2 1/4] plat/kvm: toggle PKE bit if HAVE_X86PKU is enabled
Previous by thread: Re: [4/5] lib/uktime: Register `clock_gettime` to syscall_shim
Next by thread: [UNIKRAFT PATCH v2 1/4] plat/kvm: toggle PKE bit if HAVE_X86PKU is enabled
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.