From patchwork Fri Jan 8 10:46:27 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haozhong Zhang X-Patchwork-Id: 7984281 Return-Path: X-Original-To: patchwork-xen-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id D0B40BEEE5 for ; Fri, 8 Jan 2016 10:49:44 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id B3E1720122 for ; Fri, 8 Jan 2016 10:49:43 +0000 (UTC) Received: from lists.xen.org (lists.xenproject.org [50.57.142.19]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 804C92011B for ; Fri, 8 Jan 2016 10:49:42 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHUZQ-0007yC-1k; Fri, 08 Jan 2016 10:47:00 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHUZO-0007xu-3i for xen-devel@lists.xen.org; Fri, 08 Jan 2016 10:46:58 +0000 Received: from [85.158.143.35] by server-2.bemta-4.messagelabs.com id 98/5D-08977-1A39F865; Fri, 08 Jan 2016 10:46:57 +0000 X-Env-Sender: haozhong.zhang@intel.com X-Msg-Ref: server-15.tower-21.messagelabs.com!1452250013!9016952!1 X-Originating-IP: [192.55.52.115] X-SpamReason: No, hits=0.0 required=7.0 tests=UPPERCASE_25_50 X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29702 invoked from network); 8 Jan 2016 10:46:54 -0000 Received: from mga14.intel.com (HELO mga14.intel.com) (192.55.52.115) by server-15.tower-21.messagelabs.com with SMTP; 8 Jan 2016 10:46:54 -0000 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga103.fm.intel.com with ESMTP; 08 Jan 2016 02:46:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,538,1444719600"; d="scan'208";a="877223095" Received: from hz-desktop.sh.intel.com (HELO localhost) ([10.239.13.102]) by fmsmga001.fm.intel.com with ESMTP; 08 Jan 2016 02:46:51 -0800 From: Haozhong Zhang To: xen-devel@lists.xen.org, Andrew Cooper , Wei Liu , Jan Beulich , Kevin Tian Date: Fri, 8 Jan 2016 18:46:27 +0800 Message-Id: <1452249987-31776-3-git-send-email-haozhong.zhang@intel.com> X-Mailer: git-send-email 2.4.8 In-Reply-To: <1452249987-31776-1-git-send-email-haozhong.zhang@intel.com> References: <1452249987-31776-1-git-send-email-haozhong.zhang@intel.com> Cc: Haozhong Zhang , Keir Fraser , Ian Campbell , Stefano Stabellini , Ian Jackson , Jun Nakajima Subject: [Xen-devel] [PATCH XEN v3 2/2] x86/hvm: add support for pcommit instruction X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Pass PCOMMIT CPU feature into HVM domain. Currently, we do not intercept pcommit instruction for L1 guest, and allow L1 to intercept pcommit instruction for L2 guest. The specification of pcommit instruction can be found in https://software.intel.com/sites/default/files/managed/0d/53/319433-022.pdf Reviewed-by: Andrew Cooper Acked-by: Kevin Tian Acked-by: Wei Liu for tools bits Signed-off-by: Haozhong Zhang --- tools/libxc/xc_cpufeature.h | 1 + tools/libxc/xc_cpuid_x86.c | 1 + xen/arch/x86/hvm/hvm.c | 31 +++++++++++++++++++------------ xen/arch/x86/hvm/vmx/vmcs.c | 9 ++++++++- xen/arch/x86/hvm/vmx/vmx.c | 1 + xen/arch/x86/hvm/vmx/vvmx.c | 3 +++ xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/hvm/vmx/vmcs.h | 4 +++- xen/include/asm-x86/hvm/vmx/vmx.h | 1 + 9 files changed, 38 insertions(+), 14 deletions(-) diff --git a/tools/libxc/xc_cpufeature.h b/tools/libxc/xc_cpufeature.h index 5288ac6..ee53679 100644 --- a/tools/libxc/xc_cpufeature.h +++ b/tools/libxc/xc_cpufeature.h @@ -140,6 +140,7 @@ #define X86_FEATURE_RDSEED 18 /* RDSEED instruction */ #define X86_FEATURE_ADX 19 /* ADCX, ADOX instructions */ #define X86_FEATURE_SMAP 20 /* Supervisor Mode Access Protection */ +#define X86_FEATURE_PCOMMIT 22 /* PCOMMIT instruction */ #define X86_FEATURE_CLFLUSHOPT 23 /* CLFLUSHOPT instruction */ #define X86_FEATURE_CLWB 24 /* CLWB instruction */ diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c index fecfd6c..c142595 100644 --- a/tools/libxc/xc_cpuid_x86.c +++ b/tools/libxc/xc_cpuid_x86.c @@ -427,6 +427,7 @@ static void xc_cpuid_hvm_policy(xc_interface *xch, bitmaskof(X86_FEATURE_ADX) | bitmaskof(X86_FEATURE_SMAP) | bitmaskof(X86_FEATURE_FSGSBASE) | + bitmaskof(X86_FEATURE_PCOMMIT) | bitmaskof(X86_FEATURE_CLWB) | bitmaskof(X86_FEATURE_CLFLUSHOPT)); } else diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 21470ec..787b7de 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4583,21 +4583,28 @@ void hvm_cpuid(unsigned int input, unsigned int *eax, unsigned int *ebx, *edx &= ~cpufeat_mask(X86_FEATURE_PSE36); break; case 0x7: - if ( (count == 0) && !cpu_has_smep ) - *ebx &= ~cpufeat_mask(X86_FEATURE_SMEP); + if ( count == 0 ) + { + if ( !cpu_has_smep ) + *ebx &= ~cpufeat_mask(X86_FEATURE_SMEP); + + if ( !cpu_has_smap ) + *ebx &= ~cpufeat_mask(X86_FEATURE_SMAP); - if ( (count == 0) && !cpu_has_smap ) - *ebx &= ~cpufeat_mask(X86_FEATURE_SMAP); + /* Don't expose MPX to hvm when VMX support is not available */ + if ( !(vmx_vmexit_control & VM_EXIT_CLEAR_BNDCFGS) || + !(vmx_vmentry_control & VM_ENTRY_LOAD_BNDCFGS) ) + *ebx &= ~cpufeat_mask(X86_FEATURE_MPX); - /* Don't expose MPX to hvm when VMX support is not available */ - if ( (count == 0) && - (!(vmx_vmexit_control & VM_EXIT_CLEAR_BNDCFGS) || - !(vmx_vmentry_control & VM_ENTRY_LOAD_BNDCFGS)) ) - *ebx &= ~cpufeat_mask(X86_FEATURE_MPX); + /* Don't expose INVPCID to non-hap hvm. */ + if ( !hap_enabled(d) ) + *ebx &= ~cpufeat_mask(X86_FEATURE_INVPCID); + + /* Don't expose PCOMMIT to hvm when VMX support is not available */ + if ( !cpu_has_vmx_pcommit ) + *ebx &= ~cpufeat_mask(X86_FEATURE_PCOMMIT); + } - /* Don't expose INVPCID to non-hap hvm. */ - if ( (count == 0) && !hap_enabled(d) ) - *ebx &= ~cpufeat_mask(X86_FEATURE_INVPCID); break; case 0xb: /* Fix the x2APIC identifier. */ diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index edd4c8d..5bc3c74 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -242,7 +242,8 @@ static int vmx_init_vmcs_config(void) SECONDARY_EXEC_ENABLE_INVPCID | SECONDARY_EXEC_ENABLE_VM_FUNCTIONS | SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS | - SECONDARY_EXEC_XSAVES); + SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_PCOMMIT); rdmsrl(MSR_IA32_VMX_MISC, _vmx_misc_cap); if ( _vmx_misc_cap & VMX_MISC_VMWRITE_ALL ) opt |= SECONDARY_EXEC_ENABLE_VMCS_SHADOWING; @@ -1075,6 +1076,12 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(PLE_WINDOW, ple_window); } + /* + * We do not intercept pcommit for L1 guest and allow L1 hypervisor to + * intercept pcommit for L2 guest (see nvmx_n2_vmexit_handler()). + */ + v->arch.hvm_vmx.secondary_exec_control &= ~SECONDARY_EXEC_PCOMMIT; + if ( cpu_has_vmx_secondary_exec_control ) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm_vmx.secondary_exec_control); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index b918b8a..0991cdf 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3517,6 +3517,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) case EXIT_REASON_ACCESS_LDTR_OR_TR: case EXIT_REASON_VMX_PREEMPTION_TIMER_EXPIRED: case EXIT_REASON_INVPCID: + case EXIT_REASON_PCOMMIT: /* fall through */ default: exit_and_crash: diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index ea1052e..271ec70 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -1950,6 +1950,8 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content) SECONDARY_EXEC_ENABLE_VPID | SECONDARY_EXEC_UNRESTRICTED_GUEST | SECONDARY_EXEC_ENABLE_EPT; + if ( cpu_has_vmx_pcommit ) + data |= SECONDARY_EXEC_PCOMMIT; data = gen_vmx_msr(data, 0, host_data); break; case MSR_IA32_VMX_EXIT_CTLS: @@ -2226,6 +2228,7 @@ int nvmx_n2_vmexit_handler(struct cpu_user_regs *regs, case EXIT_REASON_VMXON: case EXIT_REASON_INVEPT: case EXIT_REASON_XSETBV: + case EXIT_REASON_PCOMMIT: /* inject to L1 */ nvcpu->nv_vmexit_pending = 1; break; diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index ef96514..23f9fb2 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -162,6 +162,7 @@ #define X86_FEATURE_RDSEED (7*32+18) /* RDSEED instruction */ #define X86_FEATURE_ADX (7*32+19) /* ADCX, ADOX instructions */ #define X86_FEATURE_SMAP (7*32+20) /* Supervisor Mode Access Prevention */ +#define X86_FEATURE_PCOMMIT (7*32+22) /* PCOMMIT instruction */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 8 */ #define X86_FEATURE_PKU (8*32+ 3) /* Protection Keys for Userspace */ diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index d1496b8..a5e7aee 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -236,6 +236,7 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_ENABLE_PML 0x00020000 #define SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS 0x00040000 #define SECONDARY_EXEC_XSAVES 0x00100000 +#define SECONDARY_EXEC_PCOMMIT 0x00200000 extern u32 vmx_secondary_exec_control; #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 @@ -303,7 +304,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_PML) #define cpu_has_vmx_xsaves \ (vmx_secondary_exec_control & SECONDARY_EXEC_XSAVES) - +#define cpu_has_vmx_pcommit \ + (vmx_secondary_exec_control & SECONDARY_EXEC_PCOMMIT) #define VMCS_RID_TYPE_MASK 0x80000000 /* GUEST_INTERRUPTIBILITY_INFO flags. */ diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 1719965..14f3d32 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -213,6 +213,7 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) #define EXIT_REASON_PML_FULL 62 #define EXIT_REASON_XSAVES 63 #define EXIT_REASON_XRSTORS 64 +#define EXIT_REASON_PCOMMIT 65 /* * Interruption-information format