From patchwork Fri Sep 13 19:27:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 11145235 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7F385912 for ; Fri, 13 Sep 2019 19:42:50 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 552822081B for ; Fri, 13 Sep 2019 19:42:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="fJQYl2Dx" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 552822081B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i8rQn-0000qb-A6; Fri, 13 Sep 2019 19:40:33 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i8rQl-0000qS-MX for xen-devel@lists.xenproject.org; Fri, 13 Sep 2019 19:40:31 +0000 X-Inumbo-ID: 57fc7a0c-d65e-11e9-95b9-12813bfff9fa Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 57fc7a0c-d65e-11e9-95b9-12813bfff9fa; Fri, 13 Sep 2019 19:40:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1568403630; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Cp6tFL/XHMEP63R0guP26d8reY1TYzmtk99bNV5kdU0=; b=fJQYl2DxhXZlY2m3n6w7ErOZ8d5/uriZkfc2oldyLN04VLSHqh48q09+ 6IbL63prVih3xWO43lqPY4BDnWE3RMplONDTBJQ9MnyJB45vyL4D+RZX4 stwaDnf8u/jkuoQhgEcmjSJ3kS8aKcRSiF411iZ84gVRi4HUIeruTZebS g=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa5.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: 4cQ5q2E0MdFngU9Gt327bvIFQTJCEugu2xZjTFptNXiHsedpQW8+aaelrjY7O9WMUkZc8yPHOy Fl4HXlof9mhBXpMCq8fJETkV/tkEsUbFBIHjrBjaTbsADUPJmSjlbvnpZw29kGHTaCwj5OwLam 6NiS7JpJON67lbAM+1B5yJlBCF+G9mPkkgki/W6haQtR9fVMXXJ9Pt2ILat5pk6dl8ozMhncRp 2arD6TbwDZT8MY8cW7v1xgjyv1eokIKGjNRZpmz3qy+Sl+nNb6QnqG/kzWn4DLqad+o/02HtUI JyI= X-SBRS: 2.7 X-MesageID: 5755000 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,501,1559534400"; d="scan'208";a="5755000" From: Andrew Cooper To: Xen-devel Date: Fri, 13 Sep 2019 20:27:59 +0100 Message-ID: <20190913192759.10795-11-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190913192759.10795-1-andrew.cooper3@citrix.com> References: <20190913192759.10795-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v2 10/10] x86/cpuid: Enable CPUID Faulting for PV control domains by default X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" The domain builder no longer uses local CPUID instructions for policy decisions. This resolves a key issue for PVH dom0's. However, as PV dom0's have never had faulting enforced, leave a command line option to restore the old behaviour. Advertise virtualised faulting support to control domains unless the opt-out has been used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monné v2: * Introduce a command line option to retain old behaviour. * Advertise virtualised faulting support to dom0 when it is used. v2.1: * Split the PVH adjustment out. Rebase. * Recover the docs/ hunk which was accidentally missing. --- docs/misc/xen-command-line.pandoc | 19 ++++++++++++++++++- xen/arch/x86/cpu/common.c | 26 ++++++++++++++------------ xen/arch/x86/dom0_build.c | 2 ++ xen/arch/x86/msr.c | 3 ++- xen/include/asm-x86/setup.h | 1 + 5 files changed, 37 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 832797e2e2..fc64429064 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -658,7 +658,8 @@ The debug trace feature is only enabled in debugging builds of Xen. Specify the bit width of the DMA heap. ### dom0 - = List of [ pv | pvh, shadow=, verbose= ] + = List of [ pv | pvh, shadow=, verbose=, + cpuid-faulting= ] Applicability: x86 @@ -691,6 +692,22 @@ Controls for how dom0 is constructed on x86 systems. information during the dom0 build. It defaults to the compile time choice of `CONFIG_VERBOSE_DEBUG`. +* The `cpuid-faulting` boolean is an interim option, is only applicable to + PV dom0, and defaults to true. + + Before Xen 4.13, the domain builder logic for guest construction depended + on seeing host CPUID values to function correctly. As a result, CPUID + Faulting was never activated for PV dom0's, even on capable hardware. + + In Xen 4.13, the domain builder logic has been fixed, and no longer has + this dependency. As a consequence, CPUID Faulting is activated by default + even for PV dom0's. + + However, as PV dom0's have always seen host CPUID data in the past, there + is a chance that further dependencies exist. This boolean can be used to + restore the pre-4.13 behaviour. If specifying `no-cpuid-faulting` fixes + an issue in dom0, please report a bug. + ### dom0-iommu = List of [ passthrough=, strict=, map-inclusive=, map-reserved=, none ] diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 4bf852c948..6c6bd63301 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -10,12 +10,15 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ #include "cpu.h" #include "mcheck/x86_mca.h" +bool __read_mostly opt_dom0_cpuid_faulting = true; + bool_t opt_arat = 1; boolean_param("arat", opt_arat); @@ -171,20 +174,19 @@ void ctxt_switch_levelling(const struct vcpu *next) /* * We *should* be enabling faulting for PV control domains. * - * Unfortunately, the domain builder (having only ever been a - * PV guest) expects to be able to see host cpuid state in a - * native CPUID instruction, to correctly build a CPUID policy - * for HVM guests (notably the xstate leaves). - * - * This logic is fundimentally broken for HVM toolstack - * domains, and faulting causes PV guests to behave like HVM - * guests from their point of view. + * The domain builder has now been updated to not depend on + * seeing host CPUID values. This makes it compatible with + * PVH toolstack domains, and lets us enable faulting by + * default for all PV domains. * - * Future development plans will move responsibility for - * generating the maximum full cpuid policy into Xen, at which - * this problem will disappear. + * However, as PV control domains have never had faulting + * enforced on them before, there might plausibly be other + * dependenices on host CPUID data. Therefore, we have left + * an interim escape hatch in the form of + * `dom0=no-cpuid-faulting` to restore the older behaviour. */ - set_cpuid_faulting(nextd && (!is_control_domain(nextd) || + set_cpuid_faulting(nextd && (opt_dom0_cpuid_faulting || + !is_control_domain(nextd) || !is_pv_domain(nextd)) && (is_pv_domain(nextd) || next->arch.msrs-> diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index c69570920c..4b75166db3 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -305,6 +305,8 @@ static int __init parse_dom0_param(const char *s) #endif else if ( (val = parse_boolean("verbose", s, ss)) >= 0 ) opt_dom0_verbose = val; + else if ( (val = parse_boolean("cpuid-faulting", s, ss)) >= 0 ) + opt_dom0_cpuid_faulting = val; else rc = -EINVAL; diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index a6c8cc7627..4698d2bba1 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -26,6 +26,7 @@ #include #include +#include DEFINE_PER_CPU(uint32_t, tsc_aux); @@ -92,7 +93,7 @@ int init_domain_msr_policy(struct domain *d) return -ENOMEM; /* See comment in ctxt_switch_levelling() */ - if ( is_control_domain(d) && is_pv_domain(d) ) + if ( !opt_dom0_cpuid_faulting && is_control_domain(d) && is_pv_domain(d) ) mp->platform_info.cpuid_faulting = false; d->arch.msr = mp; diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h index 15d6363022..861d46d6ac 100644 --- a/xen/include/asm-x86/setup.h +++ b/xen/include/asm-x86/setup.h @@ -66,6 +66,7 @@ extern bool opt_dom0_shadow; #endif extern bool opt_dom0_pvh; extern bool opt_dom0_verbose; +extern bool opt_dom0_cpuid_faulting; #define max_init_domid (0)