From patchwork Wed Feb 26 20:22:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 11407285 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4BC8492A for ; Wed, 26 Feb 2020 20:42:06 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2776A24653 for ; Wed, 26 Feb 2020 20:42:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="hBp3eyK5" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2776A24653 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j73UJ-0006GR-H5; Wed, 26 Feb 2020 20:40:59 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j73UI-0006GM-0K for xen-devel@lists.xenproject.org; Wed, 26 Feb 2020 20:40:58 +0000 X-Inumbo-ID: 4a39c80a-58d8-11ea-aba8-bc764e2007e4 Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 4a39c80a-58d8-11ea-aba8-bc764e2007e4; Wed, 26 Feb 2020 20:40:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1582749658; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=3A6C+slDIap39lOyKntHKT/oQQ4U44jo7cKANNasDaU=; b=hBp3eyK5JDGqe7ibsJ7tg6WZ/aFmjkVuv7Fx2PEZMw+YnSFmWp6/TJPh EIhtUFhZDLP3VtRyysEbCgryc1jHM6v3xuvrCaAsa451AD+U9UGDxCs3I jK0CLoUnoNcYNzkKJp6/tdZ8j76TdWDKcctraB5Po7SH5YqwH0UBEg0Zv E=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa2.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: acbNF4Ih7r8GpkE1RZd8C6ijdRokbYvYOcT1rG1bnjL/4luuE88b6SoMvFAreaZdGGkXfOOcUn gblpcZyoIoug4lqr8A4xm12KnbDm9OvZBWPC3eUTs3Tbp3utGj5IhEEAeoxOPKHALbqh/4Im29 7UENCrvPVnAn1aYllBhErFLQCAI7F3S604NOlgt0xEk8iGOj9CZ26W4JsYAnboPxM9hZ01EyRa 93QKjOtIHCI7F62s5R/pnceidfbczrXUiZFX0rxhiBeSZYyJ2vm2ZD5e5P1RwXRK4QooY4gQfC FM0= X-SBRS: 2.7 X-MesageID: 13072842 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.70,489,1574139600"; d="scan'208";a="13072842" From: Andrew Cooper To: Xen-devel Date: Wed, 26 Feb 2020 20:22:21 +0000 Message-ID: <20200226202221.6555-11-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20200226202221.6555-1-andrew.cooper3@citrix.com> References: <20200226202221.6555-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH 10/10] x86/hvm: Do not enable MPX by default X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Memory Protection eXtension support has been dropped from GCC and Linux, and will be dropped from future Intel CPUs. With all other default/max pieces in place, move MPX from default to max. This means that VMs won't be offered it by default, but can explicitly opt into using it via cpuid="host,mpx=1" in their vm.cfg file. The difference as visible to the guest is: diff --git a/default b/mpx index 0e91765d6b..c8c33cd584 100644 --- a/default +++ b/mpx @@ -13,15 +13,17 @@ Native cpuid: 00000004:00000004 -> 00000000:00000000:00000000:00000000 00000005:ffffffff -> 00000000:00000000:00000000:00000000 00000006:ffffffff -> 00000000:00000000:00000000:00000000 - 00000007:00000000 -> 00000000:009c2fbb:00000000:9c000400 + 00000007:00000000 -> 00000000:009c6fbb:00000000:9c000400 00000008:ffffffff -> 00000000:00000000:00000000:00000000 00000009:ffffffff -> 00000000:00000000:00000000:00000000 0000000a:ffffffff -> 00000000:00000000:00000000:00000000 0000000b:ffffffff -> 00000000:00000000:00000000:00000000 0000000c:ffffffff -> 00000000:00000000:00000000:00000000 - 0000000d:00000000 -> 00000007:00000240:00000340:00000000 + 0000000d:00000000 -> 0000001f:00000240:00000440:00000000 0000000d:00000001 -> 0000000f:00000240:00000000:00000000 0000000d:00000002 -> 00000100:00000240:00000000:00000000 + 0000000d:00000003 -> 00000040:000003c0:00000000:00000000 + 0000000d:00000004 -> 00000040:00000400:00000000:00000000 40000000:ffffffff -> 40000005:566e6558:65584d4d:4d4d566e 40000001:ffffffff -> 0004000e:00000000:00000000:00000000 40000002:ffffffff -> 00000001:40000000:00000000:00000000 Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monné XXX - One moving piece (the migration series) is still in review on xen-devel. I won't commit this change until that is sorted, and I can double check the backwards compatibility for VMs from previous versions of Xen. The main purpose of posting this patch now is to illustrate the effects of the previous patches in the series. --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index d79a53befe..81e4c2950f 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -207,7 +207,7 @@ XEN_CPUFEATURE(INVPCID, 5*32+10) /*H Invalidate Process Context ID */ XEN_CPUFEATURE(RTM, 5*32+11) /*A Restricted Transactional Memory */ XEN_CPUFEATURE(PQM, 5*32+12) /* Platform QoS Monitoring */ XEN_CPUFEATURE(NO_FPU_SEL, 5*32+13) /*! FPU CS/DS stored as zero */ -XEN_CPUFEATURE(MPX, 5*32+14) /*S Memory Protection Extensions */ +XEN_CPUFEATURE(MPX, 5*32+14) /*s Memory Protection Extensions */ XEN_CPUFEATURE(PQE, 5*32+15) /* Platform QoS Enforcement */ XEN_CPUFEATURE(AVX512F, 5*32+16) /*A AVX-512 Foundation Instructions */ XEN_CPUFEATURE(AVX512DQ, 5*32+17) /*A AVX-512 Doubleword & Quadword Instrs */