[Xen-ia64-devel] Protection key support for PV domains

To:	xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-ia64-devel] Protection key support for PV domains
From:	Dietmar Hahn <dietmar.hahn@xxxxxxxxxxxxxxxxxxx>
Date:	Wed, 11 Jul 2007 15:52:15 +0200
Delivery-date:	Wed, 11 Jul 2007 06:49:56 -0700
Domainkey-signature:	s=s768; d=fujitsu-siemens.com; c=nofws; q=dns; b=NGpdY6/5JM038GlmpnGHO4vuaVafMNMAR5GFbGcf2wr6I8x5evUPbkAGO1BxNYhwgugmCd9PVGVvQWFp/ZyBmdaQFc+ITnKj3hdZpNe8lNx4hHCZbutykV94oTbfj3Re;
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id:	Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post:	<mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	KMail/1.9.6

Hi

as already mentioned I'm working on protection key support for PV domains.

A way to use protection in the hypervisor was already discussed on the list:
http://lists.xensource.com/archives/html/xen-ia64-devel/2007-04/msg00165.html
The principle was the hypervisor replaces the key, the domU uses for the
trap vector address, by the key 0. With this solution there would be no
restrictions to the architecture requirements for ia64.

As we don't have a real OS using protection keys for tests on HVM I looked
this time only on PV.
As a first step to the complete solution I did an implementation with
reserving 1 pkr for the hypervisor und uses mini-os for tests.
The following steps are done:
1. make the hypervisor fit for running with psr.pk == 1
   - fix itir handling in traps -> see my previous patch for itir handling
2. add 'u64 pkrs[16] to struct arch_vcpu
   add a flag to struct arch_vcpu for signaling using psr.pk
3. add a function to context_switch() to load the new pkrs[] into the
   cpu-pkr's
4. extend different functions for the key handling:
   vcpu_itc_no_srlz(), ia64_itc(), vhpt_insert(), vhpt_multiple_insert(),
   translate_domain_pte()
5. the PAL call PAL_VM_SUMMARY has to return the correct value for number of
   pkr in max_pkr
6. in vcpu_set_pkr() write the new key into pkrs[] and into the cpu-pkr
7. if the guest sets psr.pk, activate the key 0 in the reserved pkr.

A later step would be:
8. extend the hyperprivops with setting protection key registers.

Limitation:
Because the hypervisor uses key 0 all address translations with key 0 in the
domU will work, even though this is a domU fault.

Attached is a patch to xen for the protection key support described above and 
a patch for mini-os to test this.
With this patch mini-os runs with psr.pk == 1 and a key for region 5 (kernel 
addresses) and region 7 (identity mapped addresses). For the region 7 the new 
opt_feature is used too.

With this patches I'am able to run domU-linux and mini-os in parallel.
Please have a look and send comments.
Thanks.

Dietmar.

xen-pk.patch
Description: Text Data

mini-os_pk.patch
Description: Text Data

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

WARNING - OLD ARCHIVES

xen-ia64-devel

[Xen-ia64-devel] Protection key support for PV domains