[1/4] x86/svm: Clean up construct_vmcb()
diff mbox series

Message ID 20191204094335.24603-2-andrew.cooper3@citrix.com
State New
Headers show
Series
  • x86/svm: (Post TASK_SWITCH) cleanup
Related show

Commit Message

Andrew Cooper Dec. 4, 2019, 9:43 a.m. UTC
The vmcb is zeroed on allocate - drop all explicit writes of 0.  Move
hvm_update_guest_efer() to co-locate it with the other control register
updates.

Move the BUILD_BUG_ON() into build_assertions(), and add some offset checks
for fields after the large blocks of reserved fields (as these are the most
likely to trigger from a mis-edit).  Take the opportunity to fold 6 adjacent
res* fields into one.

Finally, drop all trailing whitespace in the file.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
---
 xen/arch/x86/hvm/svm/vmcb.c        | 75 ++++++++++++--------------------------
 xen/include/asm-x86/hvm/svm/vmcb.h |  7 +---
 2 files changed, 25 insertions(+), 57 deletions(-)

Comments

Jan Beulich Dec. 4, 2019, 10:06 a.m. UTC | #1
On 04.12.2019 10:43, Andrew Cooper wrote:
> The vmcb is zeroed on allocate - drop all explicit writes of 0.  Move
> hvm_update_guest_efer() to co-locate it with the other control register
> updates.
> 
> Move the BUILD_BUG_ON() into build_assertions(), and add some offset checks
> for fields after the large blocks of reserved fields (as these are the most
> likely to trigger from a mis-edit).  Take the opportunity to fold 6 adjacent
> res* fields into one.
> 
> Finally, drop all trailing whitespace in the file.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>
albeit with two (optional) suggestions:

> @@ -297,14 +258,26 @@ void __init setup_vmcb_dump(void)
>  
>  static void __init __maybe_unused build_assertions(void)
>  {
> -    struct segment_register sreg;
> +    struct vmcb_struct vmcb;
> +
> +    /* Build-time check of the VMCB layout. */
> +    BUILD_BUG_ON(sizeof(vmcb) != PAGE_SIZE);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _pause_filter_thresh) != 0x03c);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _vintr)               != 0x060);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, eventinj)             != 0x0a8);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, es)                   != 0x400);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _cpl)                 != 0x4cb);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _cr4)                 != 0x548);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, rsp)                  != 0x5d8);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, rax)                  != 0x5f8);
> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _g_pat)               != 0x668);
>  
>      /* Check struct segment_register against the VMCB segment layout. */
> -    BUILD_BUG_ON(sizeof(sreg)       != 16);
> -    BUILD_BUG_ON(sizeof(sreg.sel)   != 2);
> -    BUILD_BUG_ON(sizeof(sreg.attr)  != 2);
> -    BUILD_BUG_ON(sizeof(sreg.limit) != 4);
> -    BUILD_BUG_ON(sizeof(sreg.base)  != 8);
> +    BUILD_BUG_ON(sizeof(vmcb.es)       != 16);
> +    BUILD_BUG_ON(sizeof(vmcb.es.sel)   != 2);
> +    BUILD_BUG_ON(sizeof(vmcb.es.attr)  != 2);
> +    BUILD_BUG_ON(sizeof(vmcb.es.limit) != 4);
> +    BUILD_BUG_ON(sizeof(vmcb.es.base)  != 8);
>      BUILD_BUG_ON(offsetof(struct segment_register, sel)   != 0);
>      BUILD_BUG_ON(offsetof(struct segment_register, attr)  != 2);
>      BUILD_BUG_ON(offsetof(struct segment_register, limit) != 4);

For the ones only supplying context here, how about using the
shorter offsetof(typeof(vmcb.es), ...), also tying things better
to the prior sizeof() checks? The same, albeit to a lesser degree,
might then go for the earlier block, which could use the shorter
typeof(vmcb).

> --- a/xen/include/asm-x86/hvm/svm/vmcb.h
> +++ b/xen/include/asm-x86/hvm/svm/vmcb.h
> @@ -406,12 +406,7 @@ struct vmcb_struct {
>      u32 _exception_intercepts;  /* offset 0x08 - cleanbit 0 */
>      u32 _general1_intercepts;   /* offset 0x0C - cleanbit 0 */
>      u32 _general2_intercepts;   /* offset 0x10 - cleanbit 0 */
> -    u32 res01;                  /* offset 0x14 */
> -    u64 res02;                  /* offset 0x18 */
> -    u64 res03;                  /* offset 0x20 */
> -    u64 res04;                  /* offset 0x28 */
> -    u64 res05;                  /* offset 0x30 */
> -    u32 res06;                  /* offset 0x38 */
> +    u32 res01[10];

Was it intentional for the comment to be lost altogether?

Jan
Andrew Cooper Dec. 4, 2019, 7:21 p.m. UTC | #2
On 04/12/2019 10:06, Jan Beulich wrote:
> On 04.12.2019 10:43, Andrew Cooper wrote:
>> The vmcb is zeroed on allocate - drop all explicit writes of 0.  Move
>> hvm_update_guest_efer() to co-locate it with the other control register
>> updates.
>>
>> Move the BUILD_BUG_ON() into build_assertions(), and add some offset checks
>> for fields after the large blocks of reserved fields (as these are the most
>> likely to trigger from a mis-edit).  Take the opportunity to fold 6 adjacent
>> res* fields into one.
>>
>> Finally, drop all trailing whitespace in the file.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
> albeit with two (optional) suggestions:
>
>> @@ -297,14 +258,26 @@ void __init setup_vmcb_dump(void)
>>  
>>  static void __init __maybe_unused build_assertions(void)
>>  {
>> -    struct segment_register sreg;
>> +    struct vmcb_struct vmcb;
>> +
>> +    /* Build-time check of the VMCB layout. */
>> +    BUILD_BUG_ON(sizeof(vmcb) != PAGE_SIZE);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _pause_filter_thresh) != 0x03c);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _vintr)               != 0x060);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, eventinj)             != 0x0a8);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, es)                   != 0x400);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _cpl)                 != 0x4cb);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _cr4)                 != 0x548);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, rsp)                  != 0x5d8);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, rax)                  != 0x5f8);
>> +    BUILD_BUG_ON(offsetof(struct vmcb_struct, _g_pat)               != 0x668);
>>  
>>      /* Check struct segment_register against the VMCB segment layout. */
>> -    BUILD_BUG_ON(sizeof(sreg)       != 16);
>> -    BUILD_BUG_ON(sizeof(sreg.sel)   != 2);
>> -    BUILD_BUG_ON(sizeof(sreg.attr)  != 2);
>> -    BUILD_BUG_ON(sizeof(sreg.limit) != 4);
>> -    BUILD_BUG_ON(sizeof(sreg.base)  != 8);
>> +    BUILD_BUG_ON(sizeof(vmcb.es)       != 16);
>> +    BUILD_BUG_ON(sizeof(vmcb.es.sel)   != 2);
>> +    BUILD_BUG_ON(sizeof(vmcb.es.attr)  != 2);
>> +    BUILD_BUG_ON(sizeof(vmcb.es.limit) != 4);
>> +    BUILD_BUG_ON(sizeof(vmcb.es.base)  != 8);
>>      BUILD_BUG_ON(offsetof(struct segment_register, sel)   != 0);
>>      BUILD_BUG_ON(offsetof(struct segment_register, attr)  != 2);
>>      BUILD_BUG_ON(offsetof(struct segment_register, limit) != 4);
> For the ones only supplying context here, how about using the
> shorter offsetof(typeof(vmcb.es), ...), also tying things better
> to the prior sizeof() checks? The same, albeit to a lesser degree,
> might then go for the earlier block, which could use the shorter
> typeof(vmcb).

Fixed.

>
>> --- a/xen/include/asm-x86/hvm/svm/vmcb.h
>> +++ b/xen/include/asm-x86/hvm/svm/vmcb.h
>> @@ -406,12 +406,7 @@ struct vmcb_struct {
>>      u32 _exception_intercepts;  /* offset 0x08 - cleanbit 0 */
>>      u32 _general1_intercepts;   /* offset 0x0C - cleanbit 0 */
>>      u32 _general2_intercepts;   /* offset 0x10 - cleanbit 0 */
>> -    u32 res01;                  /* offset 0x14 */
>> -    u64 res02;                  /* offset 0x18 */
>> -    u64 res03;                  /* offset 0x20 */
>> -    u64 res04;                  /* offset 0x28 */
>> -    u64 res05;                  /* offset 0x30 */
>> -    u32 res06;                  /* offset 0x38 */
>> +    u32 res01[10];
> Was it intentional for the comment to be lost altogether?

Yes.  The offset is trivial (0x10 + sizeof(u32)) and of no interest.

Omitting it increases readability by helping to highlight where the
reserved blocks are.

~Andrew

Patch
diff mbox series

diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
index 1fef0da22c..fa13fc0b6b 100644
--- a/xen/arch/x86/hvm/svm/vmcb.c
+++ b/xen/arch/x86/hvm/svm/vmcb.c
@@ -30,7 +30,7 @@ 
 #include <asm/hvm/svm/svm.h>
 #include <asm/hvm/svm/svmdebug.h>
 
-struct vmcb_struct *alloc_vmcb(void) 
+struct vmcb_struct *alloc_vmcb(void)
 {
     struct vmcb_struct *vmcb;
 
@@ -56,18 +56,15 @@  static int construct_vmcb(struct vcpu *v)
     struct svm_vcpu *svm = &v->arch.hvm.svm;
     struct vmcb_struct *vmcb = svm->vmcb;
 
-    /* Build-time check of the size of VMCB AMD structure. */
-    BUILD_BUG_ON(sizeof(*vmcb) != PAGE_SIZE);
-
-    vmcb->_general1_intercepts = 
+    vmcb->_general1_intercepts =
         GENERAL1_INTERCEPT_INTR        | GENERAL1_INTERCEPT_NMI         |
         GENERAL1_INTERCEPT_SMI         | GENERAL1_INTERCEPT_INIT        |
         GENERAL1_INTERCEPT_CPUID       | GENERAL1_INTERCEPT_INVD        |
-        GENERAL1_INTERCEPT_HLT         | GENERAL1_INTERCEPT_INVLPG      | 
+        GENERAL1_INTERCEPT_HLT         | GENERAL1_INTERCEPT_INVLPG      |
         GENERAL1_INTERCEPT_INVLPGA     | GENERAL1_INTERCEPT_IOIO_PROT   |
         GENERAL1_INTERCEPT_MSR_PROT    | GENERAL1_INTERCEPT_SHUTDOWN_EVT|
         GENERAL1_INTERCEPT_TASK_SWITCH;
-    vmcb->_general2_intercepts = 
+    vmcb->_general2_intercepts =
         GENERAL2_INTERCEPT_VMRUN       | GENERAL2_INTERCEPT_VMMCALL     |
         GENERAL2_INTERCEPT_VMLOAD      | GENERAL2_INTERCEPT_VMSAVE      |
         GENERAL2_INTERCEPT_STGI        | GENERAL2_INTERCEPT_CLGI        |
@@ -105,12 +102,6 @@  static int construct_vmcb(struct vcpu *v)
 
     /* Virtualise EFLAGS.IF and LAPIC TPR (CR8). */
     vmcb->_vintr.fields.intr_masking = 1;
-  
-    /* Initialise event injection to no-op. */
-    vmcb->eventinj.bytes = 0;
-
-    /* TSC. */
-    vmcb->_tsc_offset = 0;
 
     /* Don't need to intercept RDTSC if CPU supports TSC rate scaling */
     if ( v->domain->arch.vtsc && !cpu_has_tsc_ratio )
@@ -119,10 +110,6 @@  static int construct_vmcb(struct vcpu *v)
         vmcb->_general2_intercepts |= GENERAL2_INTERCEPT_RDTSCP;
     }
 
-    /* Guest EFER. */
-    v->arch.hvm.guest_efer = 0;
-    hvm_update_guest_efer(v);
-
     /* Guest segment limits. */
     vmcb->cs.limit = ~0u;
     vmcb->es.limit = ~0u;
@@ -131,14 +118,6 @@  static int construct_vmcb(struct vcpu *v)
     vmcb->fs.limit = ~0u;
     vmcb->gs.limit = ~0u;
 
-    /* Guest segment bases. */
-    vmcb->cs.base = 0;
-    vmcb->es.base = 0;
-    vmcb->ss.base = 0;
-    vmcb->ds.base = 0;
-    vmcb->fs.base = 0;
-    vmcb->gs.base = 0;
-
     /* Guest segment AR bytes. */
     vmcb->es.attr = 0xc93; /* read/write, accessed */
     vmcb->ss.attr = 0xc93;
@@ -147,29 +126,13 @@  static int construct_vmcb(struct vcpu *v)
     vmcb->gs.attr = 0xc93;
     vmcb->cs.attr = 0xc9b; /* exec/read, accessed */
 
-    /* Guest IDT. */
-    vmcb->idtr.base = 0;
-    vmcb->idtr.limit = 0;
-
-    /* Guest GDT. */
-    vmcb->gdtr.base = 0;
-    vmcb->gdtr.limit = 0;
-
-    /* Guest LDT. */
-    vmcb->ldtr.sel = 0;
-    vmcb->ldtr.base = 0;
-    vmcb->ldtr.limit = 0;
-    vmcb->ldtr.attr = 0;
-
     /* Guest TSS. */
     vmcb->tr.attr = 0x08b; /* 32-bit TSS (busy) */
-    vmcb->tr.base = 0;
     vmcb->tr.limit = 0xff;
 
     v->arch.hvm.guest_cr[0] = X86_CR0_PE | X86_CR0_ET;
+    hvm_update_guest_efer(v);
     hvm_update_guest_cr(v, 0);
-
-    v->arch.hvm.guest_cr[4] = 0;
     hvm_update_guest_cr(v, 4);
 
     paging_update_paging_modes(v);
@@ -212,8 +175,6 @@  static int construct_vmcb(struct vcpu *v)
             vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT;
     }
 
-    vmcb->cleanbits.bytes = 0;
-
     return 0;
 }
 
@@ -268,7 +229,7 @@  static void vmcb_dump(unsigned char ch)
 {
     struct domain *d;
     struct vcpu *v;
-    
+
     printk("*********** VMCB Areas **************\n");
 
     rcu_read_lock(&domlist_read_lock);
@@ -297,14 +258,26 @@  void __init setup_vmcb_dump(void)
 
 static void __init __maybe_unused build_assertions(void)
 {
-    struct segment_register sreg;
+    struct vmcb_struct vmcb;
+
+    /* Build-time check of the VMCB layout. */
+    BUILD_BUG_ON(sizeof(vmcb) != PAGE_SIZE);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, _pause_filter_thresh) != 0x03c);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, _vintr)               != 0x060);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, eventinj)             != 0x0a8);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, es)                   != 0x400);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, _cpl)                 != 0x4cb);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, _cr4)                 != 0x548);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, rsp)                  != 0x5d8);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, rax)                  != 0x5f8);
+    BUILD_BUG_ON(offsetof(struct vmcb_struct, _g_pat)               != 0x668);
 
     /* Check struct segment_register against the VMCB segment layout. */
-    BUILD_BUG_ON(sizeof(sreg)       != 16);
-    BUILD_BUG_ON(sizeof(sreg.sel)   != 2);
-    BUILD_BUG_ON(sizeof(sreg.attr)  != 2);
-    BUILD_BUG_ON(sizeof(sreg.limit) != 4);
-    BUILD_BUG_ON(sizeof(sreg.base)  != 8);
+    BUILD_BUG_ON(sizeof(vmcb.es)       != 16);
+    BUILD_BUG_ON(sizeof(vmcb.es.sel)   != 2);
+    BUILD_BUG_ON(sizeof(vmcb.es.attr)  != 2);
+    BUILD_BUG_ON(sizeof(vmcb.es.limit) != 4);
+    BUILD_BUG_ON(sizeof(vmcb.es.base)  != 8);
     BUILD_BUG_ON(offsetof(struct segment_register, sel)   != 0);
     BUILD_BUG_ON(offsetof(struct segment_register, attr)  != 2);
     BUILD_BUG_ON(offsetof(struct segment_register, limit) != 4);
diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h
index 5c710286f7..e37220edf2 100644
--- a/xen/include/asm-x86/hvm/svm/vmcb.h
+++ b/xen/include/asm-x86/hvm/svm/vmcb.h
@@ -406,12 +406,7 @@  struct vmcb_struct {
     u32 _exception_intercepts;  /* offset 0x08 - cleanbit 0 */
     u32 _general1_intercepts;   /* offset 0x0C - cleanbit 0 */
     u32 _general2_intercepts;   /* offset 0x10 - cleanbit 0 */
-    u32 res01;                  /* offset 0x14 */
-    u64 res02;                  /* offset 0x18 */
-    u64 res03;                  /* offset 0x20 */
-    u64 res04;                  /* offset 0x28 */
-    u64 res05;                  /* offset 0x30 */
-    u32 res06;                  /* offset 0x38 */
+    u32 res01[10];
     u16 _pause_filter_thresh;   /* offset 0x3C - cleanbit 0 */
     u16 _pause_filter_count;    /* offset 0x3E - cleanbit 0 */
     u64 _iopm_base_pa;          /* offset 0x40 - cleanbit 1 */