From patchwork Wed Sep 11 20:04:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 11141841 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 676BD14E5 for ; Wed, 11 Sep 2019 20:07:05 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 364D920838 for ; Wed, 11 Sep 2019 20:07:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="YbKccwAA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 364D920838 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i88ra-0002zR-L4; Wed, 11 Sep 2019 20:05:14 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i88rZ-0002zH-79 for xen-devel@lists.xenproject.org; Wed, 11 Sep 2019 20:05:13 +0000 X-Inumbo-ID: 75c8370a-d4cf-11e9-83dd-12813bfff9fa Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 75c8370a-d4cf-11e9-83dd-12813bfff9fa; Wed, 11 Sep 2019 20:05:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1568232312; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EFnsOsGQ4CPWA4IpIutS5XNwHkOuU3XzDAJN+8JtXFE=; b=YbKccwAAGmDdc8ERovwskz35zz4e2pkORTXYvm8O1jCHHnMeZhSt/apD Rgw8Hi2HTiGtmzhNKp3yy7u0uj4v5mOsENIHTlIxkNrxmVGUntxJ/wNja iMWfkMqQ7ylTW4XbMl8YZNoihEKGvEFMJ63rPdWlvxeEzVCzuLYlPRc2F w=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: YdciJxz1xjqXtNIFvRyhJYBA30Mpis1j+EWu6jaHRfWCr2CVwDOHUQhafHIvkXU9w3ZJ0vrQqW rbFisIEQmUjzH6x3Rr3eThDKgCfyz2E0UKyKiu0B6UqT1WBEhnkKdeX5umxGj/UqVbgDvLlQj4 72qZoyk8PJpiKEbYVoTgv64WrrK4z4eOb29TSQSKDN5JPu9JeO77heVhI4nlEVDJ6crNMmq2Kl CY14KFXUqToEqwCi3cwnNoIGAo+JGe6sAOa4rRNrremsFvpjqJ4/tQPXfkAO74hLaifhmCHc9K gOE= X-SBRS: 2.7 X-MesageID: 5506243 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,494,1559534400"; d="scan'208";a="5506243" From: Andrew Cooper To: Xen-devel Date: Wed, 11 Sep 2019 21:04:57 +0100 Message-ID: <20190911200504.5693-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190911200504.5693-1-andrew.cooper3@citrix.com> References: <20190911200504.5693-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH 1/8] libx86: Introduce x86_cpu_policies_are_compatible() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" This helper will eventually be the core "can a guest confiured like this run on the CPU?" logic. For now, it is just enough of a stub to allow us to replace the hypercall interface while retaining the previous behaviour. It will be expanded as various other bits of CPUID handling get cleaned up. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monné --- tools/tests/cpu-policy/Makefile | 2 +- tools/tests/cpu-policy/test-cpu-policy.c | 111 ++++++++++++++++++++++++++++++- xen/include/xen/lib/x86/cpu-policy.h | 19 ++++++ xen/lib/x86/Makefile | 1 + xen/lib/x86/policy.c | 53 +++++++++++++++ 5 files changed, 183 insertions(+), 3 deletions(-) create mode 100644 xen/lib/x86/policy.c diff --git a/tools/tests/cpu-policy/Makefile b/tools/tests/cpu-policy/Makefile index fb548c9b9a..70ff154da6 100644 --- a/tools/tests/cpu-policy/Makefile +++ b/tools/tests/cpu-policy/Makefile @@ -39,7 +39,7 @@ CFLAGS += $(APPEND_CFLAGS) vpath %.c ../../../xen/lib/x86 -test-cpu-policy: test-cpu-policy.o msr.o cpuid.o +test-cpu-policy: test-cpu-policy.o msr.o cpuid.o policy.o $(CC) $(CFLAGS) $^ -o $@ -include $(DEPS_INCLUDE) diff --git a/tools/tests/cpu-policy/test-cpu-policy.c b/tools/tests/cpu-policy/test-cpu-policy.c index fe00cd4276..10cfa7cd97 100644 --- a/tools/tests/cpu-policy/test-cpu-policy.c +++ b/tools/tests/cpu-policy/test-cpu-policy.c @@ -9,8 +9,7 @@ #include #include -#include -#include +#include #include static unsigned int nr_failures; @@ -503,6 +502,111 @@ static void test_cpuid_out_of_range_clearing(void) } } +static void test_is_compatible_success(void) +{ + static struct test { + const char *name; + struct cpuid_policy host_cpuid; + struct cpuid_policy guest_cpuid; + struct msr_policy host_msr; + struct msr_policy guest_msr; + } tests[] = { + { + .name = "Host CPUID faulting, Guest not", + .host_msr = { + .plaform_info.cpuid_faulting = true, + }, + }, + { + .name = "Host CPUID faulting, Guest wanted", + .host_msr = { + .plaform_info.cpuid_faulting = true, + }, + .guest_msr = { + .plaform_info.cpuid_faulting = true, + }, + }, + }; + struct cpu_policy_errors no_errors = INIT_CPU_POLICY_ERRORS; + + printf("Testing policy compatibility success:\n"); + + for ( size_t i = 0; i < ARRAY_SIZE(tests); ++i ) + { + struct test *t = &tests[i]; + struct cpu_policy sys = { + &t->host_cpuid, + &t->host_msr, + }, new = { + &t->guest_cpuid, + &t->guest_msr, + }; + struct cpu_policy_errors e = INIT_CPU_POLICY_ERRORS; + int res = x86_cpu_policies_are_compatible(&sys, &new, &e); + + /* Check the expected error output. */ + if ( res != 0 || memcmp(&no_errors, &e, sizeof(no_errors)) ) + fail(" Test '%s' expected no errors\n" + " got res %d { leaf %08x, subleaf %08x, msr %08x }\n", + t->name, res, e.leaf, e.subleaf, e.msr); + } +} + +static void test_is_compatible_failure(void) +{ + static struct test { + const char *name; + struct cpuid_policy host_cpuid; + struct cpuid_policy guest_cpuid; + struct msr_policy host_msr; + struct msr_policy guest_msr; + struct cpu_policy_errors e; + } tests[] = { + { + .name = "Host basic.max_leaf out of range", + .guest_cpuid.basic.max_leaf = 1, + .e = { 0, -1, -1 }, + }, + { + .name = "Host extd.max_leaf out of range", + .guest_cpuid.extd.max_leaf = 1, + .e = { 0x80000008, -1, -1 }, + }, + { + .name = "Host no CPUID faulting, Guest wanted", + .guest_msr = { + .plaform_info.cpuid_faulting = true, + }, + .e = { -1, -1, 0xce }, + }, + }; + + printf("Testing policy compatibility failure:\n"); + + for ( size_t i = 0; i < ARRAY_SIZE(tests); ++i ) + { + struct test *t = &tests[i]; + struct cpu_policy sys = { + &t->host_cpuid, + &t->host_msr, + }, new = { + &t->guest_cpuid, + &t->guest_msr, + }; + struct cpu_policy_errors e = INIT_CPU_POLICY_ERRORS; + int res = x86_cpu_policies_are_compatible(&sys, &new, &e); + + /* Check the expected error output. */ + if ( res == 0 || memcmp(&t->e, &e, sizeof(t->e)) ) + fail(" Test '%s' res %d\n" + " expected { leaf %08x, subleaf %08x, msr %08x }\n" + " got { leaf %08x, subleaf %08x, msr %08x }\n", + t->name, res, + t->e.leaf, t->e.subleaf, t->e.msr, + e.leaf, e.subleaf, e.msr); + } +} + int main(int argc, char **argv) { printf("CPU Policy unit tests\n"); @@ -516,6 +620,9 @@ int main(int argc, char **argv) test_msr_serialise_success(); test_msr_deserialise_failure(); + test_is_compatible_success(); + test_is_compatible_failure(); + if ( nr_failures ) printf("Done: %u failures\n", nr_failures); else diff --git a/xen/include/xen/lib/x86/cpu-policy.h b/xen/include/xen/lib/x86/cpu-policy.h index 6f07c4b493..65ec71835b 100644 --- a/xen/include/xen/lib/x86/cpu-policy.h +++ b/xen/include/xen/lib/x86/cpu-policy.h @@ -11,6 +11,25 @@ struct cpu_policy struct msr_policy *msr; }; +struct cpu_policy_errors +{ + uint32_t leaf, subleaf; + uint32_t msr; +}; + +#define INIT_CPU_POLICY_ERRORS { ~0u, ~0u, ~0u } + +/* + * Calculate whether two policies are compatible. + * + * i.e. Can a VM configured with @guest run on a CPU supporting @host. + * + * For typical usage, @host should be a system policy. + */ +int x86_cpu_policies_are_compatible(const struct cpu_policy *host, + const struct cpu_policy *guest, + struct cpu_policy_errors *e); + #endif /* !XEN_LIB_X86_POLICIES_H */ /* diff --git a/xen/lib/x86/Makefile b/xen/lib/x86/Makefile index 2f9691e964..780ea05db1 100644 --- a/xen/lib/x86/Makefile +++ b/xen/lib/x86/Makefile @@ -1,2 +1,3 @@ obj-y += cpuid.o obj-y += msr.o +obj-y += policy.o diff --git a/xen/lib/x86/policy.c b/xen/lib/x86/policy.c new file mode 100644 index 0000000000..3155e07a7c --- /dev/null +++ b/xen/lib/x86/policy.c @@ -0,0 +1,53 @@ +#include "private.h" + +#include + +int x86_cpu_policies_are_compatible(const struct cpu_policy *host, + const struct cpu_policy *guest, + struct cpu_policy_errors *e) +{ + uint32_t leaf = -1, subleaf = -1, msr = -1; + int ret = -EINVAL; + +#define NA XEN_CPUID_NO_SUBLEAF +#define FAIL_CPUID(l, s) do { leaf = (l); subleaf = (s); goto out; } while ( 0 ) +#define FAIL_MSR(m) do { msr = (m); goto out; } while ( 0 ) + + if ( guest->cpuid->basic.max_leaf > host->cpuid->basic.max_leaf ) + FAIL_CPUID(0, NA); + + if ( guest->cpuid->extd.max_leaf > host->cpuid->extd.max_leaf ) + FAIL_CPUID(0x80000008, NA); + + /* TODO: Audit more CPUID data. */ + + if ( ~host->msr->plaform_info.raw & guest->msr->plaform_info.raw ) + FAIL_MSR(MSR_INTEL_PLATFORM_INFO); + +#undef FAIL_MSR +#undef FAIL_CPUID +#undef NA + + /* Success. */ + ret = 0; + + out: + if ( ret && e ) + { + e->leaf = leaf; + e->subleaf = subleaf; + e->msr = msr; + } + + return ret; +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */