[Xen-devel] [PATCH RFC 02/14] xen: vmx: Added VMX SPP feature flags and VM-Execution Controls.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> Add new secondary processor-based VM-execution control bit which defined as "sub-page write permission", VMX Procbased MSR - MSR_IA32_VMX_EXIT_CTLS bit 23 is the capability bit of SPP. And VMX_SECONDARY_EXEC_CONTROL bit 23 is the e

[Xen-devel] [PATCH RFC 12/14] xen: vmx: Support for clear EPT SPP write Protect bit

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> This is a implement of clear the Write protect bit. EPT SPP Write Protect bit will remove when we set all the 32 sub-pages is writeable. We should also update the EPT page frame w bit as the whole page is writeable. Signed-off-by: Zhan

[Xen-devel] [PATCH RFC 10/14] xen: vmx: Implement the Hypercall p2m_set_subpage

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> To utilize SPP feature, system admin should Set a Sub-page access write via SPP Hypercall `HVMOP_set_subpage`, which will prepared the flowing things. (1.Got the corresponding EPT leaf entry via the guest physical address. (2.If it is a 4

[Xen-devel] [PATCH RFC 14/14] xen: tools: Added xen-subpage tool.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> It is a tool could set a 4K page corresponding a 32 bit bitmap: xen-subpage -m [domid] set [gfn] [bitmap] Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com> --- tools/tests/xen-subpage/Makefile | 30 tools/tests/xen

[Xen-devel] [PATCH RFC 01/14] xen: vmx: Added EPT based Subpage Write Protection Doc.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com> --- docs/txt/misc/spp_xen.txt | 259 ++ 1 file changed, 259 insertions(+) create mode 100644 docs/txt/misc/spp_xen.txt diff --git a/d

[Xen-devel] [PATCH RFC 05/14] xen: vmx: Disable the 2M/1G superpage when SPP enabled

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> Current we only support Sub-page Protection on the 4k page table. Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com> --- xen/arch/x86/hvm/vmx/vmx.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/vmx.

[Xen-devel] [PATCH RFC 11/14] xen: vmx: Added handle of SPP write protection fault

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> While hardware walking the SPP page table, If the sub-page region write permission bit is set, the write is allowed, else the write is disallowed and results in an EPT violation. we need peek this case in EPT violation handler. Signed-off-by:

[Xen-devel] [PATCH RFC 03/14] xen: vmx: Introduce the SPPTP and SPP page table.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> SPPT has 4-level paging structure that is similar to EPT except L1E. The sub-page permission table is referenced via a 64-bit control field called Sub-Page Permission Table Pointer (SPPTP) which contains a 4K-aligned physical address, the

[Xen-devel] [PATCH RFC 00/14] Intel EPT-Based Sub-page Write Protection Support.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> Hi All, Here is a patch-series which adding EPT-Based Sub-page Write Protection Support. You can get It's software developer manuals from: https://software.intel.com/sites/default/files/managed/c5/15/architecture-instruction-set-exte

[Xen-devel] [PATCH RFC 04/14] xen: vmx: Introduce SPP-Induced vm exit and it's handle.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> Accesses using guest-physical addresses may cause SPP-induced VM exits due to an SPPT misconfiguration or an SPPT miss. The basic VM exit reason code reported for SPP-induced VM exits is 66. An SPPT misconfiguration VM exit occurs when, in the

[Xen-devel] [PATCH RFC 08/14] xen: vmx: Added setup spp page structure.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> The hardware uses the guest-physical address and bits 11:7 of the address accessed to lookup the SPPT to fetch a write permission bit for the 128 byte wide sub-page region being accessed within the 4K guest-physical page. If the sub-page region

[Xen-devel] [PATCH RFC 07/14] xen: vmx: Update the EPT leaf entry indicated with the SPP enable bit.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> If the sub-page write permission VM-execution control is set, treatment of write accesses to guest-physical accesses depends on the state of the accumulated write-access bit (position 1) and sub-page permission bit (position 61) in the EPT leaf

[Xen-devel] [PATCH RFC 06/14] xen: vmx: Added SPP flags in EPT leaf entry.

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> This change also modified the p2m_type width to 5, bits 52:56; the p2m_access_t bits 60:57, as the bit 61 is hardware using for EPT leaf entry SPP flags. Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com> --- xen/include/asm-x86/h

[Xen-devel] [PATCH RFC 13/14] xen: tools: Introduce the set-subpage into xenctrl

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> Introduce the Xen Hypercall HVMOP_set_subpage into Xenctl. The API is defined as flowing. int xc_mem_set_subpage(xc_interface *handle, domid_t domid, xen_pfn_t gfn, uint32_t access); Signed-off-by: Zhang, Yi Z &l

[Xen-devel] [PATCH RFC 09/14] xen: vmx: Introduce a Hyper call to set subpage

From: Zhang Yi Z <yi.z.zh...@linux.intel.com> The Hypercall is defined as HVMOP_set_subpage And the Interface's parameters is defined as struct xen_hvm_subpage { domid_t domid; uint32_t access_map; uint64_t gfn; } The user application: xl, or some other security control