[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 6/6] x86/hvm: Support PKS


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 9 Jan 2023 17:01:43 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R/0Vk+33U8Ao4aCiSMmv1v9fvlZ/B4rPwFCHz8IDlcc=; b=FNrcjecLDJY5FPR7crHgMFhUY/h16LecuxnqIxHVBjhZ9alkaBKAp+2GL+1R1CjUSM1gFPGau9WBHLybWyl+yCD8lZFrjHLjFWiZu19egpSqMju9NZhdjW83IxN+C2GJP+6iRhRL7/wLqxZPSfYHgx885lLOzXAfNjPKvFacbYVTqolbe/JBgVmhlraa3F5nrvxqOQIXc/vjW9STOZAw0ESqlYjH/Xn/HZ74m1IpUHls19xM2hTra1jrj/u6g1hoA7uaTJf7oyO3Ma2jUGQu1ocDcMgqat9j4p4+rcxllewea6KJd6bWY4qE2zB6CRzvvHWVsLe3j3904YljbwrS0A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lt0DUxG460tfBmNnHh1Q6av9KIRW69CcraKUjYeOM7VIZuKn7HJfJjziwcAWVGSA/qpMdm7eUt0wGa5IcK4tTXiv5oXnaRKBrAkf2Y88tYbFdbfPzOW3uSsj42i4Cm7ImRSCAfmnwlxLYPRb4+IK9d4R8SG9qfw7omZMvtUVzqd/cXVR0t0Eu55yZHiQ1N148yRQAS1NGBhJvQMCykjHd7hM2RywRvtWZcFzVDv7bqwPH7bmxVUBfvHuiZJxpErTCpQWJExXnNnrbyr7dSV7nuSaPY/BuTznfHZeFVmQwo+uP/nrHyXiGNDLTzciATROABpele9+WuD8gabMMDGIBw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 09 Jan 2023 17:01:58 +0000
  • Ironport-data: A9a23:dETh6aA9i9GOJxVW/wriw5YqxClBgxIJ4kV8jS/XYbTApDwr1WZVy GAdDD/XMviONGqkf99zbIi1/UlXsJKGn95nQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nNHuCnYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFtcpvlDs15K6p4GpA7wRlDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIwvaVwKFtCt sEieCkkVzfboce9g56VY7w57igjBJGD0II3nFhFlW2cJ9B2BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTK+exrsgA/zyQouFTpGPPTdsaHWoN+mUGAq 3id12/4HgsbJJqUzj/tHneE17afx3KlB9J6+LuQ6/51g2SOyE8pVDoXX1+ap7rnjBW/YocKQ 6AT0m90xUQoz2SpRNTgWxyzoFafowURHdFXFoUS9wWl2qfSpQGDCQAsXjNHLdArqsIybTgrz UOS2cPkAyR1t7+YQm7b8a2bxQ5eIgAQJG4GICUCHQ0M5oG/pJlp1k6eCNF+DKSyk9v5Xynqx CyHpzQ/gLNVitMX06K8/hbMhDfESoX1czPZLz7/BgqNhj6Vrqb/D2B0wTA3Ncp9Ebs=
  • Ironport-hdrordr: A9a23:jUbozq0uZVY5aAggPg71egqjBLwkLtp133Aq2lEZdPU1SKClfq WV98jzuiWatN98Yh8dcLK7WJVoMEm8yXcd2+B4V9qftWLdyQiVxe9ZnO7f6gylNyri9vNMkY dMGpIObOEY1GIK7/rH3A==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHX8mMBaDBKE3ERDkqjj25vs7mo16w85QUAglvOTAA=
  • Thread-topic: [PATCH 6/6] x86/hvm: Support PKS

On 21/12/2021 12:18 pm, Jan Beulich wrote:
> On 16.12.2021 10:54, Andrew Cooper wrote:
>> With all infrastructure in place, advertise the PKS CPUID bit to guests, and
>> let them set CR4.PKS.
>>
>> Experiment with a tweak to the layout of hvm_cr4_guest_valid_bits() so future
>> additions will be just a single added line.
>>
>> The current context switching behaviour is tied to how VT-x works, so leave a
>> safety check in the short term.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks.

>
> I would like to ask though that you ...
>
>> --- a/xen/include/public/arch-x86/cpufeatureset.h
>> +++ b/xen/include/public/arch-x86/cpufeatureset.h
>> @@ -244,7 +244,7 @@ XEN_CPUFEATURE(CLDEMOTE,      6*32+25) /*A  CLDEMOTE 
>> instruction */
>>  XEN_CPUFEATURE(MOVDIRI,       6*32+27) /*a  MOVDIRI instruction */
>>  XEN_CPUFEATURE(MOVDIR64B,     6*32+28) /*a  MOVDIR64B instruction */
>>  XEN_CPUFEATURE(ENQCMD,        6*32+29) /*   ENQCMD{,S} instructions */
>> -XEN_CPUFEATURE(PKS,           6*32+31) /*   Protection Key for Supervisor */
>> +XEN_CPUFEATURE(PKS,           6*32+31) /*H  Protection Key for Supervisor */
> ... clarify this restriction of not covering shadow mode guests by
> an adjustment to title or description. Aiui the sole reason for
> the restriction is that shadow code doesn't propagate the key bits
> from guest to shadow PTEs?

PKU is only exposed on HAP, so PKS really ought to match.

We indeed don't copy the leaf PKEY into the shadows.  While that ought
to be relatively to adjust, we would then have to make sh_page_fault()
cope with seeing PFEC_prot_key.

But honestly, there are far far more important things to spend time on.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.