Xen project Mailing List

[PATCH] x86/hvm: Configuration for Linear Address Space Separation

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 26 Mar 2026 13:18:15 +0000

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=citrix.com header.i="@citrix.com" header.h="Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From"

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Thu, 26 Mar 2026 13:18:26 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

LASS is a feature designed in the aftermath of Meltdown, which codifies the user/kernel split in address space in order to block entire classes of sidechanels. Specifically, it allows the CPU to terminate any memory access into the wrong half of the address space based on linear address alone and without needing a pagewalk. It is available in CPUs starting with Intel Sapphire Rapids (2023). For now, allow LASS to be opted in to, but leave it off by default. Some work in the emulator is going to be needed to enable it by default. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> This needs rebasing around my correction to the FRED comment. Abdel is going to look into the emulator side of things, which is going to be easier with this patch already in place. I intend to get it fully supported for 4.22. --- xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/include/asm/x86-defns.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4d37a93c57a5..b62b058861c3 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1019,6 +1019,7 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d) (p->feat.pku ? X86_CR4_PKE : 0) | (cet ? X86_CR4_CET : 0) | (p->feat.pks ? X86_CR4_PKS : 0) | + (p->feat.lass ? X86_CR4_LASS : 0) | 0); } diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/asm/x86-defns.h index edeb0b4ff95a..51b603bb1a14 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -82,6 +82,7 @@ #define X86_CR4_PKE 0x00400000 /* enable PKE */ #define X86_CR4_CET 0x00800000 /* Control-flow Enforcement Technology */ #define X86_CR4_PKS 0x01000000 /* Protection Key Supervisor */ +#define X86_CR4_LASS (_AC(1, ULL) << 27) /* Linear Address Space Separation */ #define X86_CR4_FRED (_AC(1, ULL) << 32) /* Fast Return and Event Delivery */ #define X86_CR8_VALID_MASK 0xf diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 9cd778586f10..c0b52e4c9ef9 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -304,7 +304,7 @@ XEN_CPUFEATURE(SM3, 10*32+ 1) /*A SM3 Instructions */ XEN_CPUFEATURE(SM4, 10*32+ 2) /*A SM4 Instructions */ XEN_CPUFEATURE(AVX_VNNI, 10*32+ 4) /*A AVX-VNNI Instructions */ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ -XEN_CPUFEATURE(LASS, 10*32+ 6) /* Linear Address Space Separation */ +XEN_CPUFEATURE(LASS, 10*32+ 6) /*s Linear Address Space Separation */ XEN_CPUFEATURE(CMPCCXADD, 10*32+ 7) /*a CMPccXADD Instructions */ XEN_CPUFEATURE(ARCH_PERF_MON, 10*32+8) /* Architectural Perfmon */ XEN_CPUFEATURE(FZRM, 10*32+10) /*A Fast Zero-length REP MOVSB */ -- 2.39.5

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.