[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support

To: Huaitong Han <huaitong.han@xxxxxxxxx>, <jbeulich@xxxxxxxx>, <jun.nakajima@xxxxxxxxx>, <eddie.dong@xxxxxxxxx>, <kevin.tian@xxxxxxxxx>, <george.dunlap@xxxxxxxxxxxxx>, <ian.jackson@xxxxxxxxxxxxx>, <stefano.stabellini@xxxxxxxxxxxxx>, <ian.campbell@xxxxxxxxxx>, <wei.liu2@xxxxxxxxxx>, <keir@xxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Mon, 16 Nov 2015 17:45:54 +0000
Cc: xen-devel@xxxxxxxxxxxxx
Delivery-date: Mon, 16 Nov 2015 17:46:16 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 16/11/15 10:31, Huaitong Han wrote:
> The protection-key feature provides an additional mechanism by which IA-32e
> paging controls access to usermode addresses.
>
> Hardware support for protection keys for user pages is enumerated with CPUID
> feature flag CPUID.7.0.ECX[3]:PKU. Software support is CPUID.7.0.ECX[4]:OSPKE
> with the setting of CR4.PKE(bit 22).
>
> When CR4.PKE = 1, every linear address is associated with the 4-bit protection
> key located in bits 62:59 of the paging-structure entry that mapped the page
> containing the linear address. The PKRU register determines, for each
> protection key, whether user-mode addresses with that protection key may be
> read or written.
>
> The PKRU register (protection key rights for user pages) is a 32-bit register
> with the following format: for each i (0 â i â 15), PKRU[2i] is the
> access-disable bit for protection key i (ADi); PKRU[2i+1] is the write-disable
> bit for protection key i (WDi).
>
> Software can use the RDPKRU and WRPKRU instructions with ECX = 0 to read and
> write PKRU. In addition, the PKRU register is XSAVE-managed state and can thus
> be read and written by instructions in the XSAVE feature set.
>
> PFEC.PK (bit 5) is defined as protection key violations.
>
> The specification of Protection Keys can be found at SDM (4.6.2, volume 3)
> http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf.

Thankyou for this series.  On the whole, it is fairly good.

However, a couple of issues have surfaced.  The use of the
software-defined bits are an ABI with PV guests.  (With many things from
those days, nothing is actually written down about this ABI).

As such, it does not appear to be safe to enable PKE in the context of
an unaware PV guest.

Furthermore, it is unclear (given the unwritten ABI) whether it is even
safe to move _PAGE_GNTTAB out of the way, as this is visible to a PV guest.

Finally, do you have some example usecases for PKE?  As WRPKRU lacks a
cpl check, any entity on the system can arbitrarily change the
protection keys, meaning that it can't be used for any system level
enforcement.  I can't currently see a situation where it is actually a
useful feature, but I presume there is one.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support
  - From: Huaitong Han

Prev by Date: Re: [Xen-devel] [PATCH v4 4/4] docs: Introduce xenstore paths for guest network address information
Next by Date: Re: [Xen-devel] [PATCH v4 2/4] docs: Introduce xenstore paths for PV driver information
Previous by thread: Re: [Xen-devel] [PATCH 09/10] x86/hvm: pkeys, add pkeys support for guest_walk_tables
Next by thread: Re: [Xen-devel] [PATCH 00/10] x86/hvm: pkeys, add memory protection-key support
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.