hv: keylocker: Add CR4 bit CR4_KL as CR4_TRAP_AND_PASSTHRU_BITS

Bit19 (CR4_KL) of CR4 is CPU KeyLocker feature enable bit. Hypervisor traps the bit's writing to track the keylocker feature on/off of guest. While the bit is set by guest, - set cr4_kl_enabled to indicate the vcpu's keylocker feature enabled status - load vcpu's IWKey in host (will add in later patch) While the bit is clear by guest, - clear cr4_kl_enabled This patch trap and passthru the CR4_KL bit to guest for operation. Tracked-On: #5695 Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
2025-06-19 20:22:46 +00:00 · 2020-08-24 19:53:30 +08:00 · 2020-08-24 19:53:30 +08:00 · 15c967ad34
commit 15c967ad34
parent 0c7d8dd8cc
3 changed files with 14 additions and 2 deletions
--- a/hypervisor/arch/x86/guest/virtual_cr.c
+++ b/hypervisor/arch/x86/guest/virtual_cr.c
@ -54,7 +54,7 @@
 				CR4_UMIP | CR4_LA57)
 static uint64_t cr4_passthru_mask = CR4_PASSTHRU_BITS;	/* bound to flexible bits */

-#define CR4_TRAP_AND_PASSTHRU_BITS	(CR4_PSE | CR4_PAE | CR4_SMEP | CR4_SMAP | CR4_PKE | CR4_PKS)
+#define CR4_TRAP_AND_PASSTHRU_BITS	(CR4_PSE | CR4_PAE | CR4_SMEP | CR4_SMAP | CR4_PKE | CR4_PKS | CR4_KL)
 static uint64_t	cr4_trap_and_passthru_mask = CR4_TRAP_AND_PASSTHRU_BITS; /* bound to flexible bits */

 #define CR4_TRAP_AND_EMULATE_BITS	CR4_MCE /* software emulated bits even if host is fixed */
@ -388,6 +388,14 @@ static void vmx_write_cr4(struct acrn_vcpu *vcpu, uint64_t cr4)
 			}
 		}

+		if (!err_found && ((cr4_changed_bits & CR4_KL) != 0UL)) {
+			if ((cr4 & CR4_KL) != 0UL) {
+				vcpu->arch.cr4_kl_enabled = true;
+			} else {
+				vcpu->arch.cr4_kl_enabled = false;
+			}
+		}
+
 		if (!err_found) {
 			/*
 			 * Update the passthru bits.
--- a/hypervisor/include/arch/x86/cpu.h
+++ b/hypervisor/include/arch/x86/cpu.h
@ -80,8 +80,9 @@
 #define CR4_SMXE                (1UL<<14U)	/* SMX enable */
 #define CR4_FSGSBASE            (1UL<<16U)	/* RD(FS|GS|FS)BASE inst */
 #define CR4_PCIDE               (1UL<<17U)	/* PCID enable */
-#define CR4_OSXSAVE             (1UL<<18U)
 /* XSAVE and Processor Extended States enable bit */
+#define CR4_OSXSAVE             (1UL<<18U)
+#define CR4_KL                  (1UL<<19U)      /* KeyLocker enable */
 #define CR4_SMEP                (1UL<<20U)
 #define CR4_SMAP                (1UL<<21U)
 #define CR4_PKE                 (1UL<<22U)	/* Protect-key-enable */
--- a/hypervisor/include/arch/x86/guest/vcpu.h
+++ b/hypervisor/include/arch/x86/guest/vcpu.h
@ -259,6 +259,9 @@ struct acrn_vcpu_arch {

 	/* EOI_EXIT_BITMAP buffer, for the bitmap update */
 	uint64_t eoi_exit_bitmap[EOI_EXIT_BITMAP_SIZE >> 6U];
+
+	/* Keylocker */
+	bool cr4_kl_enabled;
 } __aligned(PAGE_SIZE);

 struct acrn_vm;