x86: Always have CR4.PKE set in HVM context

The sole user of read_pkru() is the emulated pagewalk, and guarded behind
guest_pku_enabled() which restricts the path to HVM (hap, even) context only.

The commentary in read_pkru() concerning _PAGE_GNTTAB overlapping with
_PAGE_PKEY_BITS is only applicable to PV guests.

The context switch path, via write_ptbase() unconditionally writes CR4 on any
context switch.

Therefore, we can guarantee to separate CR4.PKE between PV and HVM context at
no extra cost.  Set PKE in mmu_cr4_features on boot, so it becomes set in HVM
context, and clear it in pv_make_cr4().

Rename read_pkru() to rdpkru() now that it is a simple wrapper around the
instruction.  This saves two CR4 writes on every pagewalk, which typically
occur more than one per emulation.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c
index 1c601314f3ce425f7113e8d7a6d5c09f2adacfc9..30d83cf1e0e6ab4e2c47a8a444e03adb79856a9b 100644 (file)
--- a/xen/arch/x86/mm/guest_walk.c
+++ b/xen/arch/x86/mm/guest_walk.c
@@ -416,7 +416,7 @@ guest_walk_tables(const struct vcpu *v, struct p2m_domain *p2m,
          guest_pku_enabled(v) )
     {
         unsigned int pkey = guest_l1e_get_pkey(gw->l1e);
-        unsigned int pkru = read_pkru();
+        unsigned int pkru = rdpkru();
 
         if ( read_pkru_ad(pkru, pkey) ||
              ((walk & PFEC_write_access) && read_pkru_wd(pkru, pkey) &&

diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c
index f1cb92585e78da68bd6200242d3a6d4f65b1cb72..6ad533183bcd27285fc2bdcb4f9659282cd354aa 100644 (file)
--- a/xen/arch/x86/pv/domain.c
+++ b/xen/arch/x86/pv/domain.c
@@ -182,7 +182,21 @@ unsigned long pv_make_cr4(const struct vcpu *v)
 {
     const struct domain *d = v->domain;
     unsigned long cr4 = mmu_cr4_features &
-        ~(X86_CR4_PCIDE | X86_CR4_PGE | X86_CR4_TSD);
+        ~(X86_CR4_PCIDE | X86_CR4_PGE | X86_CR4_TSD | X86_CR4_PKE);
+
+    /*
+     * We want CR4.PKE set in HVM context when available, but don't support it
+     * in PV context at all.
+     *
+     * _PAGE_PKEY_BITS where previously software available PTE bits.  In
+     * principle, we could let an aware PV guest enable PKE.
+     *
+     * However, Xen uses _PAGE_GNTTAB in debug builds which overlaps with
+     * _PAGE_PKEY_BITS, and the ownership of (and eligibility to move)
+     * software PTE bits is not considered in the PV ABI at all.  For now,
+     * punt the problem to whichever unluckly person finds a compelling
+     * usecase for PKRU in PV guests.
+     */
 
     /*
      * PCIDE or PGE depends on the PCID/XPTI settings, but must not both be

diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index f2dff2ae6a643a9e572146e7f34bd8fb9f0196b4..8105dc36bb845c19900baf1182a431068f29ee7b 100644 (file)
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1790,6 +1790,9 @@ void __init noreturn __start_xen(unsigned long mbi_p)
     if ( boot_cpu_has(X86_FEATURE_FSGSBASE) )
         set_in_cr4(X86_CR4_FSGSBASE);
 
+    if ( boot_cpu_has(X86_FEATURE_PKU) )
+        set_in_cr4(X86_CR4_PKE);
+
     if ( opt_invpcid && cpu_has_invpcid )
         use_invpcid = true;
 

diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h
index d5f467d245585c127a6f51f12b239a6e2a5f5ebc..d8d0dc8034351cd873a7ce20a05438a1df148e04 100644 (file)
--- a/xen/include/asm-x86/processor.h
+++ b/xen/include/asm-x86/processor.h
@@ -367,20 +367,12 @@ static always_inline void set_in_cr4 (unsigned long mask)
     write_cr4(read_cr4() | mask);
 }
 
-static inline unsigned int read_pkru(void)
+static inline unsigned int rdpkru(void)
 {
     unsigned int pkru;
-    unsigned long cr4 = read_cr4();
 
-    /*
-     * _PAGE_PKEY_BITS have a conflict with _PAGE_GNTTAB used by PV guests,
-     * so that X86_CR4_PKE  is disabled on hypervisor. To use RDPKRU, CR4.PKE
-     * gets temporarily enabled.
-     */
-    write_cr4(cr4 | X86_CR4_PKE);
     asm volatile (".byte 0x0f,0x01,0xee"
         : "=a" (pkru) : "c" (0) : "dx");
-    write_cr4(cr4);
 
     return pkru;
 }