diff mbox series

[10/10] x86/hvm: Do not enable MPX by default

Message ID 20200226202221.6555-11-andrew.cooper3@citrix.com (mailing list archive)
State New, archived
Headers show
Series x86: Default vs Max policies | expand

Commit Message

Andrew Cooper Feb. 26, 2020, 8:22 p.m. UTC 
Memory Protection eXtension support has been dropped from GCC and Linux, and
will be dropped from future Intel CPUs.

With all other default/max pieces in place, move MPX from default to max.
This means that VMs won't be offered it by default, but can explicitly opt
into using it via cpuid="host,mpx=1" in their vm.cfg file.

The difference as visible to the guest is:

  diff --git a/default b/mpx
  index 0e91765d6b..c8c33cd584 100644
  --- a/default
  +++ b/mpx
  @@ -13,15 +13,17 @@ Native cpuid:
     00000004:00000004 -> 00000000:00000000:00000000:00000000
     00000005:ffffffff -> 00000000:00000000:00000000:00000000
     00000006:ffffffff -> 00000000:00000000:00000000:00000000
  -  00000007:00000000 -> 00000000:009c2fbb:00000000:9c000400
  +  00000007:00000000 -> 00000000:009c6fbb:00000000:9c000400
     00000008:ffffffff -> 00000000:00000000:00000000:00000000
     00000009:ffffffff -> 00000000:00000000:00000000:00000000
     0000000a:ffffffff -> 00000000:00000000:00000000:00000000
     0000000b:ffffffff -> 00000000:00000000:00000000:00000000
     0000000c:ffffffff -> 00000000:00000000:00000000:00000000
  -  0000000d:00000000 -> 00000007:00000240:00000340:00000000
  +  0000000d:00000000 -> 0000001f:00000240:00000440:00000000
     0000000d:00000001 -> 0000000f:00000240:00000000:00000000
     0000000d:00000002 -> 00000100:00000240:00000000:00000000
  +  0000000d:00000003 -> 00000040:000003c0:00000000:00000000
  +  0000000d:00000004 -> 00000040:00000400:00000000:00000000
     40000000:ffffffff -> 40000005:566e6558:65584d4d:4d4d566e
     40000001:ffffffff -> 0004000e:00000000:00000000:00000000
     40000002:ffffffff -> 00000001:40000000:00000000:00000000

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>

XXX - One moving piece (the migration series) is still in review on xen-devel.
I won't commit this change until that is sorted, and I can double check the
backwards compatibility for VMs from previous versions of Xen.

The main purpose of posting this patch now is to illustrate the effects of the
previous patches in the series.
---
 xen/include/public/arch-x86/cpufeatureset.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jan Beulich Feb. 27, 2020, 8:23 a.m. UTC | #1 
On 26.02.2020 21:22, Andrew Cooper wrote:
> Memory Protection eXtension support has been dropped from GCC and Linux, and
> will be dropped from future Intel CPUs.
> 
> With all other default/max pieces in place, move MPX from default to max.
> This means that VMs won't be offered it by default, but can explicitly opt
> into using it via cpuid="host,mpx=1" in their vm.cfg file.
> 
> The difference as visible to the guest is:
> 
>   diff --git a/default b/mpx
>   index 0e91765d6b..c8c33cd584 100644
>   --- a/default
>   +++ b/mpx
>   @@ -13,15 +13,17 @@ Native cpuid:
>      00000004:00000004 -> 00000000:00000000:00000000:00000000
>      00000005:ffffffff -> 00000000:00000000:00000000:00000000
>      00000006:ffffffff -> 00000000:00000000:00000000:00000000
>   -  00000007:00000000 -> 00000000:009c2fbb:00000000:9c000400
>   +  00000007:00000000 -> 00000000:009c6fbb:00000000:9c000400
>      00000008:ffffffff -> 00000000:00000000:00000000:00000000
>      00000009:ffffffff -> 00000000:00000000:00000000:00000000
>      0000000a:ffffffff -> 00000000:00000000:00000000:00000000
>      0000000b:ffffffff -> 00000000:00000000:00000000:00000000
>      0000000c:ffffffff -> 00000000:00000000:00000000:00000000
>   -  0000000d:00000000 -> 00000007:00000240:00000340:00000000
>   +  0000000d:00000000 -> 0000001f:00000240:00000440:00000000
>      0000000d:00000001 -> 0000000f:00000240:00000000:00000000
>      0000000d:00000002 -> 00000100:00000240:00000000:00000000
>   +  0000000d:00000003 -> 00000040:000003c0:00000000:00000000
>   +  0000000d:00000004 -> 00000040:00000400:00000000:00000000
>      40000000:ffffffff -> 40000005:566e6558:65584d4d:4d4d566e
>      40000001:ffffffff -> 0004000e:00000000:00000000:00000000
>      40000002:ffffffff -> 00000001:40000000:00000000:00000000
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>
diff mbox series

Patch

diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
index d79a53befe..81e4c2950f 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -207,7 +207,7 @@  XEN_CPUFEATURE(INVPCID,       5*32+10) /*H  Invalidate Process Context ID */
 XEN_CPUFEATURE(RTM,           5*32+11) /*A  Restricted Transactional Memory */
 XEN_CPUFEATURE(PQM,           5*32+12) /*   Platform QoS Monitoring */
 XEN_CPUFEATURE(NO_FPU_SEL,    5*32+13) /*!  FPU CS/DS stored as zero */
-XEN_CPUFEATURE(MPX,           5*32+14) /*S  Memory Protection Extensions */
+XEN_CPUFEATURE(MPX,           5*32+14) /*s  Memory Protection Extensions */
 XEN_CPUFEATURE(PQE,           5*32+15) /*   Platform QoS Enforcement */
 XEN_CPUFEATURE(AVX512F,       5*32+16) /*A  AVX-512 Foundation Instructions */
 XEN_CPUFEATURE(AVX512DQ,      5*32+17) /*A  AVX-512 Doubleword & Quadword Instrs */