[kvm-unit-tests] x86: pkeys: add test for PKEYS

Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/config/config-x86-common.mak b/config/config-x86-common.mak index c2f9908..2ef98cc 100644 --- a/config/config-x86-common.mak +++ b/config/config-x86-common.mak @@ -36,7 +36,8 @@ tests-common = $(TEST_DIR)/vmexit.flat $(TE

[PATCH V2 0/7] KVM, pkeys: add memory protection-key support

-architectures-software-developer-manual-325462.pdf. The kernel native patchset have not yet been merged to upstream, you can found at git://git.kernel.org/pub/scm/linux/kernel/git/daveh/x86-pkeys.git pkeys-v007. Huaitong Han (7): KVM, pkeys: expose CPUID/CR4 to guest KVM, pkeys: disable pkeys for guests

[kvm-unit-tests] x86: smap: add smap check to unittests.cfg

Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/x86/unittests.cfg b/x86/unittests.cfg index 14e36a4..6d3dc89 100644 --- a/x86/unittests.cfg +++ b/x86/unittests.cfg @@ -72,6 +72,10 @@ groups = vmexit file = access.flat arch = x86_64 +[smap] +file = smap.flat +extra_

[PATCH V2 5/7] KVM, pkeys: Add pkeys support for gva_to_gpa funcions

This patch adds pkeys support for gva_to_gpa funcions. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7a84b83..bd942f3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3960,6 +3960,7 @@ gpa_t kvm_mmu_gva_to_gp

[PATCH V2 3/7] KVM, pkeys: update memeory permission bitmask for pkeys

Pkeys define a new status bit in the PFEC. PFEC.PK (bit 5), if some conditions is true, the fault is considered as a PKU violation. This patch updates memeory permission bitmask for pkeys. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/include/asm/kvm_host.h

[PATCH V2 7/7] KVM, pkeys: disable PKU feature without ept

This patch disables CPUID:PKU without ept. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index ece687b..e1113ae 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -447,6 +447,8 @@ static inline int __do_cpuid_ent(

[PATCH V2 0/3] target-i386: add memory protection-key support

Keys can be found at SDM (4.6.2, volume 3) http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf. Huaitong Han (3): target-i386: add pkeys support for cpuid handling target-i386: add pkeys support for xsave state handling

[PATCH V2 1/7] KVM, pkeys: expose CPUID/CR4 to guest

This patch exposes CPUID/CR4 to guest. X86_FEATURE_PKU is referred to as "PKU" in the hardware documentation: CPUID.7.0.ECX[3]:PKU. X86_FEATURE_OSPKE is software support for pkeys, enumerated with CPUID.7.0.ECX[4]:OSPKE, and it reflects the setting of CR4.PKE(bit 22). Signed-off-by: Hu

[PATCH V2 2/3] target-i386: add pkeys support for xsave state handling

This patch adds pkeys support for xsave state handling. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 2ff73ee..f65f785 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -487,6 +487,8 @@ static const ExtSa

[PATCH V2 1/3] target-i386: add pkeys support for cpuid handling

This patch adds pkeys support for cpuid handling. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 4d1b085..2ff73ee 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -264,6 +264,17 @@ static cons

[PATCH V2 4/7] KVM, pkeys: add pkeys support for permission_fault logic

logic need read pkey from page table entries, get pkru value, and deduce the correct result. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index e4202e4..c76e744 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -3,

[PATCH V2 2/7] KVM, pkeys: disable pkeys for guests in non-paging mode

Pkeys is disabled if CPU is in non-paging mode in hardware. However KVM always uses paging mode to emulate guest non-paging, mode with TDP. To emulate this behavior, pkeys needs to be manually disabled when guest switches to non-paging mode. Signed-off-by: Huaitong Han <huaitong@intel.

[PATCH V2 6/7] KVM, pkeys: add pkeys support for xsave state

This patch adds pkeys support for xsave state. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index f2afa5f..0f71d5d 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -182,7 +182,8 @@ bool kvm_mtrr_check_gfn_range_consi

[PATCH V2 3/3] target-i386: add pkeys support for vm migration

This patch adds pkeys support for vm migration. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/target-i386/machine.c b/target-i386/machine.c index a0df64b..1b190c7 100644 --- a/target-i386/machine.c +++ b/target-i386/machine.c @@ -725,6 +725,26 @@ static

[PATCH 1/3] qemu, pkeys: add pkeys support for qemu cpuid handling

This patch adds pkeys support for qemu cpuid handling. Signed-off-by: Huaitong Han <huaitong@intel.com> --- target-i386/cpu.c | 21 - target-i386/cpu.h | 4 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c

[PATCH 0/9] KVM, pkeys: add memory protection-key support

/kernel/git/daveh/x86-pkeys.git pkeys-v007. Huaitong Han (9): KVM, pkeys: expose CPUID:PKU to guest KVM, pkeys: add pkeys support when setting CR4 KVM, pkeys: expose CPUID:OSPKE to guest KVM, pkeys: disable pkeys for guests in non-paging mode KVM, pkeys: update memeory permission bitmask

[PATCH 4/9] KVM, pkeys: disable pkeys for guests in non-paging mode

Pkeys is disabled if CPU is in non-paging mode in hardware. However KVM always uses paging mode to emulate guest non-paging, mode with TDP. To emulate this behavior, pkeys needs to be manually disabled when guest switches to non-paging mode. Signed-off-by: Huaitong Han <huaitong@intel.

[PATCH 3/9] KVM, pkeys: expose CPUID:OSPKE to guest

This patch exposes X86_FEATURE_OSPKE to guest, X86_FEATURE_OSPKE is software support for pkeys, enumerated with CPUID.7.0.ECX[4]:OSPKE, and it reflects the setting of CR4.PKE. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c

[PATCH 2/9] KVM, pkeys: add pkeys support when setting CR4

This patch adds pkeys support when setting CR4.PKE (bit 22). Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index c12e845..3bbc1cb 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/inclu

[PATCH 1/9] KVM, pkeys: expose CPUID:PKU to guest

This patch expose X86_FEATURE_PKU to guest, X86_FEATURE_PKU is referred to as "PKU" in the hardware documentation: CPUID.7.0.ECX[3]:PKU. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 156441b..29e6502 100644 --

[PATCH 0/3] qemu, pkeys: add memory protection-key support

-ia-32-architectures-software-developer-manual-325462.pdf. Huaitong Han (3): qemu, pkeys: add pkeys support for qemu cpuid handling qemu, pkeys: add pkeys support for qemu xsave state handling qemu, pkeys: add pkeys support for qemu migration target-i386/cpu.c | 23

[PATCH 9/9] KVM, pkeys: disable PKU feature without ept

This patch disables CPUID:PKU without ept. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index ece687b..e1113ae 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -447,6 +447,8 @@ static inline int __do_cpuid_ent(

[PATCH 7/9] KVM, pkeys: Add pkeys support for gva_to_gpa funcions

This patch adds pkeys support for gva_to_gpa funcions. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7a84b83..6e9156d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3960,6 +3960,8 @@ gpa_t kvm_mmu_gva_to_gp

[PATCH 2/3] qemu, pkeys: add pkeys support for qemu xsave state handling

This patch adds pkeys support for qemu xsave state handling. Signed-off-by: Huaitong Han <huaitong@intel.com> --- target-i386/cpu.c | 2 ++ target-i386/cpu.h | 3 +++ target-i386/kvm.c | 3 +++ 3 files changed, 8 insertions(+) diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 5

[PATCH 5/9] KVM, pkeys: update memeory permission bitmask for pkeys

Pkeys define a new status bit in the PFEC. PFEC.PK (bit 5), if some conditions is true, the fault is considered as a PKU violation. This patch updates memeory permission bitmask for pkeys. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/include/asm/kvm_host.h

[PATCH 6/9] KVM, pkeys: add pkeys support for permission_fault logic

logic need read pkey from page table entries, get pkru value, and deduce the correct result. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index e4202e4..bbb 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -3,

[PATCH 3/3] qemu, pkeys: add pkeys support for qemu migration

This patch adds pkeys support for qemu migration. Signed-off-by: Huaitong Han <huaitong@intel.com> --- target-i386/machine.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/target-i386/machine.c b/target-i386/machine.c index a0df64b..1b190c7 100644 --- a/

[PATCH 8/9] KVM, pkeys: add pkeys support for xsave state

This patch adds pkeys support for xsave state. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index f2afa5f..0f71d5d 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -182,7 +182,8 @@ bool kvm_mtrr_check_gfn_range_consi

[PATCH v3 1/3] target-i386: add pkeys support for cpuid handling

This patch adds pkeys support for cpuid handling. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 4d1b085..3c11e02 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -264,6 +264,17 @@ static cons

[PATCH v3 3/3] target-i386: add pkeys support for vm migration

This patch adds pkeys support for vm migration. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/target-i386/machine.c b/target-i386/machine.c index a0df64b..1b190c7 100644 --- a/target-i386/machine.c +++ b/target-i386/machine.c @@ -725,6 +725,26 @@ static

[PATCH v3 0/3] target-i386: add memory protection-key support

, the offset is 0xa80. The specification of Protection Keys can be found at SDM (4.6.2, volume 3) http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf. Huaitong Han (3): target-i386: add pkeys support for cpuid handling

[PATCH v3 2/3] target-i386: add pkeys support for xsave state handling

This patch adds pkeys support for xsave state handling. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 3c11e02..456cb3b 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -487,6 +487,8 @@ static const ExtSa

[kvm-unit-tests v2] x86: pkeys: add test for memory protection-key

://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/config/config-x86-common.mak b/config/config-x86-common.mak index c2f9908..a72055c 100644 --- a/config/conf

[PATCH v3 1/7] KVM, pkeys: expose CPUID/CR4 to guest

This patch exposes CPUID/CR4 to guest. X86_FEATURE_PKU is referred to as "PKU" in the hardware documentation: CPUID.7.0.ECX[3]:PKU. X86_FEATURE_OSPKE is software support for pkeys, enumerated with CPUID.7.0.ECX[4]:OSPKE, and it reflects the setting of CR4.PKE(bit 22). Signed-off-by: Hu

[PATCH v3 0/7] KVM, pkeys: add memory protection-key support

://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf. The kernel native patchset have not yet been merged to upstream, you can found at git://git.kernel.org/pub/scm/linux/kernel/git/daveh/x86-pkeys.git pkeys-v007. Huaitong Han (7

[PATCH v3 7/7] KVM, pkeys: disable PKU feature without ept

This patch disables CPUID:PKU without ept, becase pkeys is not supported with softmmu. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index ece687b..e422f0a 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@

[PATCH v3 6/7] KVM, pkeys: add pkeys support for xsave state

This patch adds pkeys support for xsave state. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index f2afa5f..0f71d5d 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -182,7 +182,8 @@ bool kvm_mtrr_check_gfn_range_consi

[PATCH v3 3/7] KVM, pkeys: update memeory permission bitmask for pkeys

Pkeys define a new status bit in the PFEC. PFEC.PK (bit 5), if some conditions is true, the fault is considered as a PKU violation. This patch updates memeory permission bitmask for pkeys. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/include/asm/kvm_host.h

[PATCH v3 4/7] KVM, pkeys: add pkeys support for permission_fault logic

logic need read pkey from page table entries, get pkru value, and deduce the correct result. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index e4202e4..c76e744 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -3,

[PATCH v3 2/7] KVM, pkeys: disable pkeys for guests in non-paging mode

Pkeys is disabled if CPU is in non-paging mode in hardware. However KVM always uses paging mode to emulate guest non-paging, mode with TDP. To emulate this behavior, pkeys needs to be manually disabled when guest switches to non-paging mode. Signed-off-by: Huaitong Han <huaitong@intel.

[PATCH v3 5/7] KVM, pkeys: Add pkeys support for gva_to_gpa funcions

This patch adds pkeys support for gva_to_gpa funcions. Signed-off-by: Huaitong Han <huaitong@intel.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7a84b83..bd942f3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3960,6 +3960,7 @@ gpa_t kvm_mmu_gva_to_gp