linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Babu Moger <babu.moger@amd.com>
To: corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com,
	bp@alien8.de, hpa@zytor.com, pbonzini@redhat.com,
	sean.j.christopherson@intel.com
Cc: x86@kernel.org, vkuznets@redhat.com, wanpengli@tencent.com,
	jmattson@google.com, joro@8bytes.org,
	dave.hansen@linux.intel.com, luto@kernel.org,
	peterz@infradead.org, mchehab+samsung@kernel.org,
	babu.moger@amd.com, changbin.du@intel.com, namit@vmware.com,
	bigeasy@linutronix.de, yang.shi@linux.alibaba.com,
	asteinhauser@google.com, anshuman.khandual@arm.com,
	jan.kiszka@siemens.com, akpm@linux-foundation.org,
	steven.price@arm.com, rppt@linux.vnet.ibm.com, peterx@redhat.com,
	dan.j.williams@intel.com, arjunroy@google.com,
	logang@deltatee.com, thellstrom@vmware.com, aarcange@redhat.com,
	justin.he@arm.com, robin.murphy@arm.com, ira.weiny@intel.com,
	keescook@chromium.org, jgross@suse.com,
	andrew.cooper3@citrix.com, pawan.kumar.gupta@linux.intel.com,
	fenghua.yu@intel.com, vineela.tummalapalli@intel.com,
	yamada.masahiro@socionext.com, sam@ravnborg.org, acme@redhat.com,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org
Subject: [PATCH 2/2] KVM: SVM: Add support for MPK feature on AMD
Date: Wed, 06 May 2020 17:02:21 -0500	[thread overview]
Message-ID: <158880254122.11615.156420638099504288.stgit@naples-babu.amd.com> (raw)
In-Reply-To: <158880240546.11615.2219410169137148044.stgit@naples-babu.amd.com>

The Memory Protection Key (MPK) feature provides a way for applications
to impose page-based data access protections (read/write, read-only or
no access), without requiring modification of page tables and subsequent
TLB invalidations when the application changes protection domains.

This feature is already available in Intel platforms. Now enable the
feature on AMD platforms.

The host pkru state needs to be saved/restored during the guest/host
switches in SVM.  Other changes are already taken care by the pkru
common code.

AMD documentation for MPK feature is available at "AMD64 Architecture
Programmer’s Manual Volume 2: System Programming, Pub. 24593 Rev. 3.34,
Section 5.6.6 Memory Protection Keys (MPK) Bit". Documentation can be
obtained at the link below.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Signed-off-by: Babu Moger <babu.moger@amd.com>
---
 arch/x86/kvm/svm/svm.c |   20 ++++++++++++++++++++
 arch/x86/kvm/svm/svm.h |    2 ++
 2 files changed, 22 insertions(+)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 2f379bacbb26..de327f02470f 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -818,6 +818,10 @@ static __init void svm_set_cpu_caps(void)
 	if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD) ||
 	    boot_cpu_has(X86_FEATURE_AMD_SSBD))
 		kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
+
+	/* PKU is not yet implemented for shadow paging. */
+	if (npt_enabled && boot_cpu_has(X86_FEATURE_OSPKE))
+		kvm_cpu_cap_check_and_set(X86_FEATURE_PKU);
 }
 
 static __init int svm_hardware_setup(void)
@@ -1300,6 +1304,8 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
 		indirect_branch_prediction_barrier();
 	}
 	avic_vcpu_load(vcpu, cpu);
+
+	svm->host_pkru = read_pkru();
 }
 
 static void svm_vcpu_put(struct kvm_vcpu *vcpu)
@@ -3318,6 +3324,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
 	clgi();
 	kvm_load_guest_xsave_state(vcpu);
 
+	/* Load the guest pkru state */
+	if (static_cpu_has(X86_FEATURE_PKU) &&
+	    kvm_read_cr4_bits(vcpu, X86_CR4_PKE) &&
+	    vcpu->arch.pkru != svm->host_pkru)
+		__write_pkru(vcpu->arch.pkru);
+
 	if (lapic_in_kernel(vcpu) &&
 		vcpu->arch.apic->lapic_timer.timer_advance_ns)
 		kvm_wait_lapic_expire(vcpu);
@@ -3371,6 +3383,14 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
 	if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
 		kvm_before_interrupt(&svm->vcpu);
 
+	/* Save the guest pkru state and restore the host pkru state back */
+	if (static_cpu_has(X86_FEATURE_PKU) &&
+	    kvm_read_cr4_bits(vcpu, X86_CR4_PKE)) {
+		vcpu->arch.pkru = rdpkru();
+		if (vcpu->arch.pkru != svm->host_pkru)
+			__write_pkru(svm->host_pkru);
+	}
+
 	kvm_load_host_xsave_state(vcpu);
 	stgi();
 
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index df3474f4fb02..5d20a28c1b0e 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -158,6 +158,8 @@ struct vcpu_svm {
 	u64 *avic_physical_id_cache;
 	bool avic_is_running;
 
+	u32 host_pkru;
+
 	/*
 	 * Per-vcpu list of struct amd_svm_iommu_ir:
 	 * This is used mainly to store interrupt remapping information used


  parent reply	other threads:[~2020-05-06 22:02 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-06 22:02 [PATCH 0/2] arch/x86: Enable MPK feature on AMD Babu Moger
2020-05-06 22:02 ` [PATCH 1/2] arch/x86: Rename config X86_INTEL_MEMORY_PROTECTION_KEYS to generic x86 Babu Moger
2020-05-06 22:21   ` Dave Hansen
2020-05-06 22:28     ` Dave Hansen
2020-05-06 22:36     ` Logan Gunthorpe
2020-05-07  7:29     ` Sebastian Andrzej Siewior
2020-05-07 14:44       ` Dave Hansen
2020-05-07 15:16         ` Paolo Bonzini
2020-05-07 16:06           ` Babu Moger
2020-05-07 16:07             ` Paolo Bonzini
2020-05-07 16:11               ` Babu Moger
2020-05-06 22:02 ` Babu Moger [this message]
2020-05-06 22:26   ` [PATCH 2/2] KVM: SVM: Add support for MPK feature on AMD Sean Christopherson
2020-05-07  8:07     ` Paolo Bonzini
2020-05-06 22:36   ` Dave Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=158880254122.11615.156420638099504288.stgit@naples-babu.amd.com \
    --to=babu.moger@amd.com \
    --cc=aarcange@redhat.com \
    --cc=acme@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=andrew.cooper3@citrix.com \
    --cc=anshuman.khandual@arm.com \
    --cc=arjunroy@google.com \
    --cc=asteinhauser@google.com \
    --cc=bigeasy@linutronix.de \
    --cc=bp@alien8.de \
    --cc=changbin.du@intel.com \
    --cc=corbet@lwn.net \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=fenghua.yu@intel.com \
    --cc=hpa@zytor.com \
    --cc=ira.weiny@intel.com \
    --cc=jan.kiszka@siemens.com \
    --cc=jgross@suse.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=justin.he@arm.com \
    --cc=keescook@chromium.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=logang@deltatee.com \
    --cc=luto@kernel.org \
    --cc=mchehab+samsung@kernel.org \
    --cc=mingo@redhat.com \
    --cc=namit@vmware.com \
    --cc=pawan.kumar.gupta@linux.intel.com \
    --cc=pbonzini@redhat.com \
    --cc=peterx@redhat.com \
    --cc=peterz@infradead.org \
    --cc=robin.murphy@arm.com \
    --cc=rppt@linux.vnet.ibm.com \
    --cc=sam@ravnborg.org \
    --cc=sean.j.christopherson@intel.com \
    --cc=steven.price@arm.com \
    --cc=tglx@linutronix.de \
    --cc=thellstrom@vmware.com \
    --cc=vineela.tummalapalli@intel.com \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    --cc=yamada.masahiro@socionext.com \
    --cc=yang.shi@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).