[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86/hvm: a flag to enable Memory Protection Keys



commit 28cf7493488f030be144df8d039ef4c324b8bb61
Author:     Huaitong Han <huaitong.han@xxxxxxxxx>
AuthorDate: Mon Dec 21 17:09:09 2015 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Dec 21 17:09:09 2015 +0100

    x86/hvm: a flag to enable Memory Protection Keys
    
    Signed-off-by: Huaitong Han <huaitong.han@xxxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 docs/misc/xen-command-line.markdown |   10 ++++++++++
 xen/arch/x86/cpu/common.c           |   10 +++++++++-
 xen/include/asm-x86/cpufeature.h    |    6 +++++-
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/docs/misc/xen-command-line.markdown 
b/docs/misc/xen-command-line.markdown
index 3a10432..467dc8f 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1188,6 +1188,16 @@ This option can be specified more than once (up to 8 
times at present).
 ### ple\_window
 > `= <integer>`
 
+### pku
+> `= <boolean>`
+
+> Default: `true`
+
+Flag to enable Memory Protection Keys.
+
+The protection-key feature provides an additional mechanism by which IA-32e
+paging controls access to usermode addresses.
+
 ### psr (Intel)
 > `= List of ( cmt:<boolean> | rmid_max:<integer> | cat:<boolean> | 
 > cos_max:<integer> | cdp:<boolean> )`
 
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index 536a691..335f044 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -22,6 +22,10 @@ boolean_param("xsave", use_xsave);
 bool_t opt_arat = 1;
 boolean_param("arat", opt_arat);
 
+/* pku: Flag to enable Memory Protection Keys (default on). */
+static bool_t opt_pku = 1;
+boolean_param("pku", opt_pku);
+
 unsigned int opt_cpuid_mask_ecx = ~0u;
 integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx);
 unsigned int opt_cpuid_mask_edx = ~0u;
@@ -270,7 +274,8 @@ static void generic_identify(struct cpuinfo_x86 *c)
        if ( c->cpuid_level >= 0x00000007 )
                cpuid_count(0x00000007, 0, &tmp,
                            
&c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)],
-                           &tmp, &tmp);
+                           &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)],
+                           &tmp);
 }
 
 /*
@@ -323,6 +328,9 @@ void identify_cpu(struct cpuinfo_x86 *c)
        if ( cpu_has_xsave )
                xstate_init(c);
 
+       if ( !opt_pku )
+               setup_clear_cpu_cap(X86_FEATURE_PKU);
+
        /*
         * The vendor-specific functions might have changed features.  Now
         * we do "generic changes."
diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h
index af127cf..ef96514 100644
--- a/xen/include/asm-x86/cpufeature.h
+++ b/xen/include/asm-x86/cpufeature.h
@@ -11,7 +11,7 @@
 
 #include <xen/const.h>
 
-#define NCAPINTS       8       /* N 32-bit words worth of info */
+#define NCAPINTS       9       /* N 32-bit words worth of info */
 
 /* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */
 #define X86_FEATURE_FPU                (0*32+ 0) /* Onboard FPU */
@@ -163,6 +163,10 @@
 #define X86_FEATURE_ADX                (7*32+19) /* ADCX, ADOX instructions */
 #define X86_FEATURE_SMAP       (7*32+20) /* Supervisor Mode Access Prevention 
*/
 
+/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 8 */
+#define X86_FEATURE_PKU        (8*32+ 3) /* Protection Keys for Userspace */
+#define X86_FEATURE_OSPKE      (8*32+ 4) /* OS Protection Keys Enable */
+
 #define cpufeat_word(idx)      ((idx) / 32)
 #define cpufeat_bit(idx)       ((idx) % 32)
 #define cpufeat_mask(idx)      (_AC(1, U) << cpufeat_bit(idx))
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.