lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Aug 2020 10:45:03 +0800 From: shuo.a.liu@...el.com To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "H . Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Sean Christopherson <sean.j.christopherson@...el.com>, Yu Wang <yu1.wang@...el.com>, Reinette Chatre <reinette.chatre@...el.com>, x86@...nel.org, Yin Fengwei <fengwei.yin@...el.com>, Shuo Liu <shuo.a.liu@...el.com>, Dave Hansen <dave.hansen@...el.com>, Dan Williams <dan.j.williams@...el.com>, Zhi Wang <zhi.a.wang@...el.com>, Zhenyu Wang <zhenyuw@...ux.intel.com> Subject: [PATCH 03/17] x86/acrn: Introduce an API to check if a VM is privileged From: Yin Fengwei <fengwei.yin@...el.com> ACRN Hypervisor reports hypervisor features via CPUID leaf 0x40000001 which is similar to KVM. A VM can check if it's the privileged VM using the feature bits. The Service VM is the only privileged VM by design. Signed-off-by: Yin Fengwei <fengwei.yin@...el.com> Signed-off-by: Shuo Liu <shuo.a.liu@...el.com> Reviewed-by: Reinette Chatre <reinette.chatre@...el.com> Cc: Dave Hansen <dave.hansen@...el.com> Cc: Sean Christopherson <sean.j.christopherson@...el.com> Cc: Dan Williams <dan.j.williams@...el.com> Cc: Fengwei Yin <fengwei.yin@...el.com> Cc: Zhi Wang <zhi.a.wang@...el.com> Cc: Zhenyu Wang <zhenyuw@...ux.intel.com> Cc: Yu Wang <yu1.wang@...el.com> Cc: Reinette Chatre <reinette.chatre@...el.com> --- arch/x86/include/asm/acrn.h | 9 +++++++++ arch/x86/kernel/cpu/acrn.c | 19 ++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/acrn.h b/arch/x86/include/asm/acrn.h index ff259b69cde7..a2d4aea3a80d 100644 --- a/arch/x86/include/asm/acrn.h +++ b/arch/x86/include/asm/acrn.h @@ -2,7 +2,16 @@ #ifndef _ASM_X86_ACRN_H #define _ASM_X86_ACRN_H +/* + * This CPUID returns feature bitmaps in EAX. + * Guest VM uses this to detect the appropriate feature bit. + */ +#define ACRN_CPUID_FEATURES 0x40000001 +/* Bit 0 indicates whether guest VM is privileged */ +#define ACRN_FEATURE_PRIVILEGED_VM BIT(0) + void acrn_setup_intr_handler(void (*handler)(void)); void acrn_remove_intr_handler(void); +bool acrn_is_privileged_vm(void); #endif /* _ASM_X86_ACRN_H */ diff --git a/arch/x86/kernel/cpu/acrn.c b/arch/x86/kernel/cpu/acrn.c index bd1d7e759a0f..6f0a00cbbf7e 100644 --- a/arch/x86/kernel/cpu/acrn.c +++ b/arch/x86/kernel/cpu/acrn.c @@ -21,9 +21,26 @@ #include <asm/idtentry.h> #include <asm/irq_regs.h> +static u32 acrn_cpuid_base(void) +{ + static u32 acrn_cpuid_base; + + if (!acrn_cpuid_base && boot_cpu_has(X86_FEATURE_HYPERVISOR)) + acrn_cpuid_base = hypervisor_cpuid_base("ACRNACRNACRN", 0); + + return acrn_cpuid_base; +} + +bool acrn_is_privileged_vm(void) +{ + return cpuid_eax(acrn_cpuid_base() | ACRN_CPUID_FEATURES) & + ACRN_FEATURE_PRIVILEGED_VM; +} +EXPORT_SYMBOL_GPL(acrn_is_privileged_vm); + static u32 __init acrn_detect(void) { - return hypervisor_cpuid_base("ACRNACRNACRN", 0); + return acrn_cpuid_base(); } static void __init acrn_init_platform(void) -- 2.28.0
Powered by blists - more mailing lists