[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH V9 2/5] x86/hvm: pkeys, add pkeys support for guest_walk_tables
> From: Huaitong Han > Sent: Wednesday, February 03, 2016 10:12 PM > > Protection keys define a new 4-bit protection key field(PKEY) in bits 62:59 of > leaf entries of the page tables. > > PKRU register defines 32 bits, there are 16 domains and 2 attribute bits per > domain in pkru, for each i (0 â i â 15), PKRU[2i] is the access-disable bit > for > protection key i (ADi); PKRU[2i+1] is the write-disable bit for protection key > i (WDi). PKEY is index to a defined domain. > > A fault is considered as a PKU violation if all of the following conditions > are > true: > 1.CR4_PKE=1. > 2.EFER_LMA=1. > 3.Page is present with no reserved bit violations. > 4.The access is not an instruction fetch. > 5.The access is to a user page. > 6.PKRU.AD=1 > or The access is a data write and PKRU.WD=1 > and either CR0.WP=1 or it is a user access. > > Signed-off-by: Huaitong Han <huaitong.han@xxxxxxxxx> > Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>, with one minor comment: > --- a/xen/arch/x86/mm/guest_walk.c > +++ b/xen/arch/x86/mm/guest_walk.c > @@ -90,6 +90,54 @@ static uint32_t set_ad_bits(void *guest_p, void *walk_p, > int > set_dirty) > return 0; > } > > +#if GUEST_PAGING_LEVELS >= 4 > +static bool_t pkey_fault(struct vcpu *vcpu, uint32_t pfec, > + uint32_t pte_flags, uint32_t pte_pkey) > +{ > + uint32_t pkru = 0; > + bool_t pkru_ad = 0, pkru_wd = 0; > + > + /* When page isn't present, PKEY isn't checked. */ > + if ( !(pfec & PFEC_page_present) || is_pv_vcpu(vcpu) ) > + return 0; > + > + /* > + * PKU: additional mechanism by which the paging controls > + * access to user-mode addresses based on the value in the > + * PKRU register. A fault is considered as a PKU violation if all > + * of the following conditions are true: > + * 1.CR4_PKE=1. > + * 2.EFER_LMA=1. > + * 3.Page is present with no reserved bit violations. > + * 4.The access is not an instruction fetch. > + * 5.The access is to a user page. > + * 6.PKRU.AD=1 or > + * the access is a data write and PKRU.WD=1 and > + * either CR0.WP=1 or it is a user access. > + */ > + if ( !hvm_pku_enabled(vcpu) || > + !hvm_long_mode_enabled(vcpu) || > + /* The persent bit is guaranteed by the caller. */ actually you do check present bit right before this trunk. Would it be clearer to move earlier check here so to align with the comment? > + (pfec & PFEC_reserved_bit) || > + (pfec & PFEC_insn_fetch) || > + !(pte_flags & _PAGE_USER) ) > + return 0; > + _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |