[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] x86/cpufeatures: Expose UMIP to HVM guest
User-Mode Instruction Prevention (UMIP) is a security feature present in new Intel Processors. With this feature, when the UMIP bit in CR4 set, the following instructions cannot be executed if CPL > 0: SGDT, SIDT, SLDT, SMSW, and STR. An attempt at such execution causes a general- protection exception (#GP). This patch simply adds necessary definitions to expose this feature to hvm guests. Signed-off-by: Boqun Feng (Intel) <boqun.feng@xxxxxxxxx> Cc: Jan Beulich <jbeulich@xxxxxxxx> --- This patch is basically based on Jan Beulich's patch: https://lists.xenproject.org/archives/html/xen-devel/2016-12/msg00552.html I simply picked up exposing bits in that patch and ran some tests on our simics environment. If any SoB adjustion is needed, please let me know. Another patch for XTF is sent out along with this patch, as that patch add a new test for UMIP. xen/arch/x86/hvm/hvm.c | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 2 files changed, 2 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 814538574725..1284460cda8e 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -960,6 +960,7 @@ unsigned long hvm_cr4_guest_valid_bits(const struct vcpu *v, bool restore) (p->basic.xsave ? X86_CR4_OSXSAVE : 0) | (p->feat.smep ? X86_CR4_SMEP : 0) | (p->feat.smap ? X86_CR4_SMAP : 0) | + (p->feat.umip ? X86_CR4_UMIP : 0) | (p->feat.pku ? X86_CR4_PKE : 0)); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 97dd3534c573..0ee3ea350fc9 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -225,6 +225,7 @@ XEN_CPUFEATURE(AVX512VL, 5*32+31) /*A AVX-512 Vector Length Extensions */ /* Intel-defined CPU features, CPUID level 0x00000007:0.ecx, word 6 */ XEN_CPUFEATURE(PREFETCHWT1, 6*32+ 0) /*A PREFETCHWT1 instruction */ XEN_CPUFEATURE(AVX512VBMI, 6*32+ 1) /*A AVX-512 Vector Byte Manipulation Instrs */ +XEN_CPUFEATURE(UMIP, 6*32+ 2) /*S User Mode Instruction Prevention */ XEN_CPUFEATURE(PKU, 6*32+ 3) /*H Protection Keys for Userspace */ XEN_CPUFEATURE(OSPKE, 6*32+ 4) /*! OS Protection Keys Enable */ XEN_CPUFEATURE(AVX512_VPOPCNTDQ, 6*32+14) /*A POPCNT for vectors of DW/QW */ -- 2.13.3 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |