Commit 06976945 authored by Dave Hansen's avatar Dave Hansen Committed by Ingo Molnar

x86/mm/pkeys: Actually enable Memory Protection Keys in the CPU

This sets the bit in 'cr4' to actually enable the protection
keys feature.  We also include a boot-time disable for the
feature "nopku".

Seting X86_CR4_PKE will cause the X86_FEATURE_OSPKE cpuid
bit to appear set.  At this point in boot, identify_cpu()
has already run the actual CPUID instructions and populated
the "cpu features" structures.  We need to go back and
re-run identify_cpu() to make sure it gets updated values.

We *could* simply re-populate the 11th word of the cpuid
data, but this is probably quick enough.

Also note that with the cpu_has() check and X86_FEATURE_PKU
present in disabled-features.h, we do not need an #ifdef
for setup_pku().
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20160212210229.6708027C@viggo.jf.intel.com
[ Small readability edits. ]
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent 284244a9
...@@ -976,6 +976,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. ...@@ -976,6 +976,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
See Documentation/x86/intel_mpx.txt for more See Documentation/x86/intel_mpx.txt for more
information about the feature. information about the feature.
nopku [X86] Disable Memory Protection Keys CPU feature found
in some Intel CPUs.
eagerfpu= [X86] eagerfpu= [X86]
on enable eager fpu restore on enable eager fpu restore
off disable eager fpu restore off disable eager fpu restore
......
...@@ -303,6 +303,48 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) ...@@ -303,6 +303,48 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
} }
} }
/*
* Protection Keys are not available in 32-bit mode.
*/
static bool pku_disabled;
static __always_inline void setup_pku(struct cpuinfo_x86 *c)
{
if (!cpu_has(c, X86_FEATURE_PKU))
return;
if (pku_disabled)
return;
cr4_set_bits(X86_CR4_PKE);
/*
* Seting X86_CR4_PKE will cause the X86_FEATURE_OSPKE
* cpuid bit to be set. We need to ensure that we
* update that bit in this CPU's "cpu_info".
*/
get_cpu_cap(c);
}
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
static __init int setup_disable_pku(char *arg)
{
/*
* Do not clear the X86_FEATURE_PKU bit. All of the
* runtime checks are against OSPKE so clearing the
* bit does nothing.
*
* This way, we will see "pku" in cpuinfo, but not
* "ospke", which is exactly what we want. It shows
* that the CPU has PKU, but the OS has not enabled it.
* This happens to be exactly how a system would look
* if we disabled the config option.
*/
pr_info("x86: 'nopku' specified, disabling Memory Protection Keys\n");
pku_disabled = true;
return 1;
}
__setup("nopku", setup_disable_pku);
#endif /* CONFIG_X86_64 */
/* /*
* Some CPU features depend on higher CPUID levels, which may not always * Some CPU features depend on higher CPUID levels, which may not always
* be available due to CPUID level capping or broken virtualization * be available due to CPUID level capping or broken virtualization
...@@ -960,6 +1002,7 @@ static void identify_cpu(struct cpuinfo_x86 *c) ...@@ -960,6 +1002,7 @@ static void identify_cpu(struct cpuinfo_x86 *c)
init_hypervisor(c); init_hypervisor(c);
x86_init_rdrand(c); x86_init_rdrand(c);
x86_init_cache_qos(c); x86_init_cache_qos(c);
setup_pku(c);
/* /*
* Clear/Set all flags overriden by options, need do it * Clear/Set all flags overriden by options, need do it
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment