From b38bff0be9f48e3432630a12e462e2eccb5b529b Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: <14b740b7e3fbafdbfe2e6a302f51d6aa4fa96bf7.1350309834.git.minovotn@redhat.com> References: <14b740b7e3fbafdbfe2e6a302f51d6aa4fa96bf7.1350309834.git.minovotn@redhat.com> From: Eduardo Habkost Date: Thu, 11 Oct 2012 14:50:18 +0200 Subject: [PATCH 02/17] x86: Implement SMEP and SMAP RH-Author: Eduardo Habkost Message-id: <1349967018-10932-1-git-send-email-ehabkost@redhat.com> Patchwork-id: 42976 O-Subject: [RHEL6.4 qemu-kvm PATCH v2 2/3] x86: Implement SMEP and SMAP Bugzilla: 843084 RH-Acked-by: Marcelo Tosatti RH-Acked-by: Gleb Natapov RH-Acked-by: Igor Mammedov From: "H. Peter Anvin" Bugzilla: 843084 Upstream status: commit a9321a4d49d65d29c2926a51aedc5b91a01f3591 This patch implements Supervisor Mode Execution Prevention (SMEP) and Supervisor Mode Access Prevention (SMAP) for x86. The purpose of the patch, obviously, is to help kernel developers debug the support for those features. A fair bit of the code relates to the handling of CPUID features. The CPUID code probably would get greatly simplified if all the feature bit words were unified into a single vector object, but in the interest of producing a minimal patch for SMEP/SMAP, and because I had very limited time for this project, I followed the existing style. [ v2: don't change the definition of the qemu64 CPU shorthand, since that breaks loading old snapshots. Per Anthony Liguori this can be fixed once the CPU feature set is snapshot. Change the coding style slightly to conform to checkpatch.pl. ] Signed-off-by: H. Peter Anvin Signed-off-by: Anthony Liguori (cherry-picked from commit a9321a4d49d65d29c2926a51aedc5b91a01f3591) Conflicts while cherry-picking: - target-i386/cpuid.c: trivial conflict due to svm_features not existing on RHEL-6 - target-i386/*helper.[ch]: following the existing RHEL-6 code, helper_clac()/helper_stac() don't get 'env' as argument Changes v1 -> v2 of RHEL-6 patch: - Remove the TCG code, only add the flag names for KVM-only support Signed-off-by: Eduardo Habkost --- target-i386/cpu.h | 5 ++++- target-i386/cpuid.c | 37 ++++++++++++++++++++++++++++++------- 2 files changed, 34 insertions(+), 8 deletions(-) Signed-off-by: Michal Novotny --- target-i386/cpu.h | 5 ++++- target-i386/cpuid.c | 37 ++++++++++++++++++++++++++++++------- 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/target-i386/cpu.h b/target-i386/cpu.h index 95f6011..7dfcbda 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h @@ -447,6 +447,9 @@ #define CPUID_EXT3_SKINIT (1 << 12) #define CPUID_EXT3_FMA4 (1 << 16) +#define CPUID_7_0_EBX_SMEP (1 << 7) +#define CPUID_7_0_EBX_SMAP (1 << 20) + #define CPUID_VENDOR_INTEL_1 0x756e6547 /* "Genu" */ #define CPUID_VENDOR_INTEL_2 0x49656e69 /* "ineI" */ #define CPUID_VENDOR_INTEL_3 0x6c65746e /* "ntel" */ @@ -729,7 +732,7 @@ typedef struct CPUX86State { uint32_t cpuid_ext2_features; uint32_t cpuid_ext3_features; /* Flags from CPUID[EAX=7,ECX=0].EBX */ - uint32_t cpuid_7_0_ebx; + uint32_t cpuid_7_0_ebx_features; uint32_t cpuid_apic_id; /* Enables direct passthrough of PMU CPUID leaf (0xA) from the kernel */ bool cpuid_pmu_passthrough; diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c index 296c535..d21769c 100644 --- a/target-i386/cpuid.c +++ b/target-i386/cpuid.c @@ -73,6 +73,13 @@ static const char *ext3_feature_name[] = { NULL, NULL, NULL, NULL, }; +static const char *cpuid_7_0_ebx_feature_name[] = { + NULL, NULL, NULL, NULL, NULL, NULL, NULL, "smep", + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, "smap", NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, +}; + /* collects per-function cpuid data */ typedef struct model_features_t { @@ -169,13 +176,16 @@ static void add_flagname_to_bitmaps(const char *flagname, uint32_t *features, uint32_t *ext_features, uint32_t *ext2_features, uint32_t *ext3_features, - uint32_t *kvm_features) + uint32_t *kvm_features, + uint32_t *cpuid_7_0_ebx_features) { if (!lookup_feature(features, flagname, NULL, feature_name) && !lookup_feature(ext_features, flagname, NULL, ext_feature_name) && !lookup_feature(ext2_features, flagname, NULL, ext2_feature_name) && !lookup_feature(ext3_features, flagname, NULL, ext3_feature_name) && - !lookup_feature(kvm_features, flagname, NULL, kvm_feature_name)) + !lookup_feature(kvm_features, flagname, NULL, kvm_feature_name) && + !lookup_feature(cpuid_7_0_ebx_features, flagname, NULL, + cpuid_7_0_ebx_feature_name)) fprintf(stderr, "CPU feature %s not found\n", flagname); } @@ -827,7 +837,9 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model) char *s = g_strdup(cpu_model); char *featurestr, *name = strtok(s, ","); uint32_t plus_features = 0, plus_ext_features = 0, plus_ext2_features = 0, plus_ext3_features = 0, plus_kvm_features = 0; + uint32_t plus_7_0_ebx_features = 0; uint32_t minus_features = 0, minus_ext_features = 0, minus_ext2_features = 0, minus_ext3_features = 0, minus_kvm_features = 0; + uint32_t minus_7_0_ebx_features = 0; uint32_t numvalue; for (def = x86_defs; def; def = def->next) @@ -862,16 +874,22 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model) add_flagname_to_bitmaps("hypervisor", &plus_features, &plus_ext_features, &plus_ext2_features, &plus_ext3_features, - &plus_kvm_features); + &plus_kvm_features, &plus_7_0_ebx_features); featurestr = strtok(NULL, ","); while (featurestr) { char *val; if (featurestr[0] == '+') { - add_flagname_to_bitmaps(featurestr + 1, &plus_features, &plus_ext_features, &plus_ext2_features, &plus_ext3_features, &plus_kvm_features); + add_flagname_to_bitmaps(featurestr + 1, &plus_features, + &plus_ext_features, &plus_ext2_features, + &plus_ext3_features, &plus_kvm_features, + &plus_7_0_ebx_features); } else if (featurestr[0] == '-') { - add_flagname_to_bitmaps(featurestr + 1, &minus_features, &minus_ext_features, &minus_ext2_features, &minus_ext3_features, &minus_kvm_features); + add_flagname_to_bitmaps(featurestr + 1, &minus_features, + &minus_ext_features, &minus_ext2_features, + &minus_ext3_features, &minus_kvm_features, + &minus_7_0_ebx_features); } else if ((val = strchr(featurestr, '='))) { *val = 0; val++; if (!strcmp(featurestr, "family")) { @@ -953,11 +971,16 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model) x86_cpu_def->ext2_features |= plus_ext2_features; x86_cpu_def->ext3_features |= plus_ext3_features; x86_cpu_def->kvm_features |= plus_kvm_features; + x86_cpu_def->cpuid_7_0_ebx_features |= plus_7_0_ebx_features; x86_cpu_def->features &= ~minus_features; x86_cpu_def->ext_features &= ~minus_ext_features; x86_cpu_def->ext2_features &= ~minus_ext2_features; x86_cpu_def->ext3_features &= ~minus_ext3_features; x86_cpu_def->kvm_features &= ~minus_kvm_features; + x86_cpu_def->cpuid_7_0_ebx_features &= ~minus_7_0_ebx_features; + if (x86_cpu_def->cpuid_7_0_ebx_features && x86_cpu_def->level < 7) { + x86_cpu_def->level = 7; + } g_free(s); return 0; @@ -1049,7 +1072,7 @@ int cpu_x86_register (CPUX86State *env, const char *cpu_model) env->cpuid_ext2_features = def->ext2_features; env->cpuid_xlevel = def->xlevel; env->cpuid_ext3_features = def->ext3_features; - env->cpuid_7_0_ebx = def->cpuid_7_0_ebx_features; + env->cpuid_7_0_ebx_features = def->cpuid_7_0_ebx_features; env->cpuid_kvm_features = def->kvm_features; env->cpuid_pmu_passthrough = def->pmu_passthrough; { @@ -1229,7 +1252,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, /* Structured Extended Feature Flags Enumeration Leaf */ if (count == 0) { *eax = 0; /* Maximum ECX value for sub-leaves */ - *ebx = env->cpuid_7_0_ebx; /* Feature flags */ + *ebx = env->cpuid_7_0_ebx_features; /* Feature flags */ *ecx = 0; /* Reserved */ *edx = 0; /* Reserved */ } else { -- 1.7.11.7