diff --git a/hypervisor/arch/x86/guest/virtual_cr.c b/hypervisor/arch/x86/guest/virtual_cr.c index 01ab18c05..40d734203 100644 --- a/hypervisor/arch/x86/guest/virtual_cr.c +++ b/hypervisor/arch/x86/guest/virtual_cr.c @@ -54,7 +54,7 @@ CR4_UMIP | CR4_LA57) static uint64_t cr4_passthru_mask = CR4_PASSTHRU_BITS; /* bound to flexible bits */ -#define CR4_TRAP_AND_PASSTHRU_BITS (CR4_PSE | CR4_PAE | CR4_SMEP | CR4_SMAP | CR4_PKE | CR4_PKS) +#define CR4_TRAP_AND_PASSTHRU_BITS (CR4_PSE | CR4_PAE | CR4_SMEP | CR4_SMAP | CR4_PKE | CR4_PKS | CR4_KL) static uint64_t cr4_trap_and_passthru_mask = CR4_TRAP_AND_PASSTHRU_BITS; /* bound to flexible bits */ #define CR4_TRAP_AND_EMULATE_BITS CR4_MCE /* software emulated bits even if host is fixed */ @@ -388,6 +388,14 @@ static void vmx_write_cr4(struct acrn_vcpu *vcpu, uint64_t cr4) } } + if (!err_found && ((cr4_changed_bits & CR4_KL) != 0UL)) { + if ((cr4 & CR4_KL) != 0UL) { + vcpu->arch.cr4_kl_enabled = true; + } else { + vcpu->arch.cr4_kl_enabled = false; + } + } + if (!err_found) { /* * Update the passthru bits. diff --git a/hypervisor/include/arch/x86/cpu.h b/hypervisor/include/arch/x86/cpu.h index 32977a159..31d70891d 100644 --- a/hypervisor/include/arch/x86/cpu.h +++ b/hypervisor/include/arch/x86/cpu.h @@ -80,8 +80,9 @@ #define CR4_SMXE (1UL<<14U) /* SMX enable */ #define CR4_FSGSBASE (1UL<<16U) /* RD(FS|GS|FS)BASE inst */ #define CR4_PCIDE (1UL<<17U) /* PCID enable */ -#define CR4_OSXSAVE (1UL<<18U) /* XSAVE and Processor Extended States enable bit */ +#define CR4_OSXSAVE (1UL<<18U) +#define CR4_KL (1UL<<19U) /* KeyLocker enable */ #define CR4_SMEP (1UL<<20U) #define CR4_SMAP (1UL<<21U) #define CR4_PKE (1UL<<22U) /* Protect-key-enable */ diff --git a/hypervisor/include/arch/x86/guest/vcpu.h b/hypervisor/include/arch/x86/guest/vcpu.h index 5ff9336cd..4f181247f 100644 --- a/hypervisor/include/arch/x86/guest/vcpu.h +++ b/hypervisor/include/arch/x86/guest/vcpu.h @@ -259,6 +259,9 @@ struct acrn_vcpu_arch { /* EOI_EXIT_BITMAP buffer, for the bitmap update */ uint64_t eoi_exit_bitmap[EOI_EXIT_BITMAP_SIZE >> 6U]; + + /* Keylocker */ + bool cr4_kl_enabled; } __aligned(PAGE_SIZE); struct acrn_vm;