From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
Add new secondary processor-based VM-execution control bit which
defined as "sub-page write permission", VMX Procbased MSR -
MSR_IA32_VMX_EXIT_CTLS bit 23 is the capability bit of SPP.
And VMX_SECONDARY_EXEC_CONTROL bit 23 is the e
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
This is a implement of clear the Write protect bit.
EPT SPP Write Protect bit will remove when we set all the 32 sub-pages
is writeable. We should also update the EPT page frame w bit as the
whole page is writeable.
Signed-off-by: Zhan
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
To utilize SPP feature, system admin should Set a Sub-page access write via
SPP Hypercall `HVMOP_set_subpage`, which will prepared the flowing things.
(1.Got the corresponding EPT leaf entry via the guest physical address.
(2.If it is a 4
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
It is a tool could set a 4K page corresponding a 32 bit bitmap:
xen-subpage -m [domid] set [gfn] [bitmap]
Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com>
---
tools/tests/xen-subpage/Makefile | 30
tools/tests/xen
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com>
---
docs/txt/misc/spp_xen.txt | 259 ++
1 file changed, 259 insertions(+)
create mode 100644 docs/txt/misc/spp_xen.txt
diff --git a/d
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
Current we only support Sub-page Protection on the 4k
page table.
Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com>
---
xen/arch/x86/hvm/vmx/vmx.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/xen/arch/x86/hvm/vmx/vmx.
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
While hardware walking the SPP page table, If the sub-page
region write permission bit is set, the write is allowed,
else the write is disallowed and results in an EPT violation.
we need peek this case in EPT violation handler.
Signed-off-by:
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
SPPT has 4-level paging structure that is similar to EPT
except L1E.
The sub-page permission table is referenced via a 64-bit control
field called Sub-Page Permission Table Pointer (SPPTP) which
contains a 4K-aligned physical address, the
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
Hi All,
Here is a patch-series which adding EPT-Based Sub-page Write Protection
Support. You can get It's software developer manuals from:
https://software.intel.com/sites/default/files/managed/c5/15/architecture-instruction-set-exte
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
Accesses using guest-physical addresses may cause SPP-induced VM exits
due to an SPPT misconfiguration or an
SPPT miss. The basic VM exit reason code reported for SPP-induced VM
exits is 66.
An SPPT misconfiguration VM exit occurs when, in the
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
The hardware uses the guest-physical address and bits 11:7 of the
address accessed to lookup the SPPT to fetch a write permission bit for
the 128 byte wide sub-page region being accessed within the 4K
guest-physical page. If the sub-page region
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
If the sub-page write permission VM-execution control is set,
treatment of write accesses to guest-physical accesses
depends on the state of the accumulated write-access bit (position 1)
and sub-page permission bit (position 61) in the EPT leaf
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
This change also modified the p2m_type width to 5, bits 52:56;
the p2m_access_t bits 60:57, as the bit 61 is hardware using
for EPT leaf entry SPP flags.
Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com>
---
xen/include/asm-x86/h
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
Introduce the Xen Hypercall HVMOP_set_subpage into Xenctl.
The API is defined as flowing.
int xc_mem_set_subpage(xc_interface *handle, domid_t domid,
xen_pfn_t gfn, uint32_t access);
Signed-off-by: Zhang, Yi Z &l
From: Zhang Yi Z <yi.z.zh...@linux.intel.com>
The Hypercall is defined as HVMOP_set_subpage
And the Interface's parameters is defined as
struct xen_hvm_subpage {
domid_t domid;
uint32_t access_map;
uint64_t gfn;
}
The user application: xl, or some other security control
15 matches
Mail list logo