From patchwork Wed Oct 18 08:27:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergey Dyasli X-Patchwork-Id: 10014103 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AE0A760215 for ; Wed, 18 Oct 2017 08:30:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C2B728AAE for ; Wed, 18 Oct 2017 08:30:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 90B3528AF8; Wed, 18 Oct 2017 08:30:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1A65028AAE for ; Wed, 18 Oct 2017 08:30:31 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e4jiH-0002iH-1P; Wed, 18 Oct 2017 08:28:29 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e4jiF-0002hc-Ru for xen-devel@lists.xen.org; Wed, 18 Oct 2017 08:28:27 +0000 Received: from [85.158.137.68] by server-14.bemta-3.messagelabs.com id 1B/EC-00431-BA017E95; Wed, 18 Oct 2017 08:28:27 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIIsWRWlGSWpSXmKPExsXitHRDpO4qgee RBnOuqVgs+biYxYHR4+ju30wBjFGsmXlJ+RUJrBnHT9cW/LWqmHvrP1sD4yK9LkZODgkBf4m3 3VfYQWw2AT2JjbNfMYHYIgKyEqu75gDFuTiYBY4wSkxddQSsSFjAQ2Le4uksIDaLgKrE79+rw WxeARuJx31/mSCGykvsarvICmJzCthKXD+9hg3EFgKq+f3mKiuErSrx+sUuqF5BiZMzn4DZzA ISEgdfvGCewMg7C0lqFpLUAkamVYwaxalFZalFukZGeklFmekZJbmJmTm6hgbGermpxcWJ6ak 5iUnFesn5uZsYgcFTz8DAuINx6gm/Q4ySHExKory6B55FCvEl5adUZiQWZ8QXleakFh9ilOHg UJLg1eB/HikkWJSanlqRlpkDDGOYtAQHj5IIbyBImre4IDG3ODMdInWKUZej4+bdP0xCLHn5e alS4rwVIEUCIEUZpXlwI2AxdYlRVkqYl5GBgUGIpyC1KDezBFX+FaM4B6OSMK8TyBSezLwSuE 2vgI5gAjpindMTkCNKEhFSUg2MoRsPzv8VYZb0ZjuDzJ6a01MXTWaIXyj/+VJRoOffupeMXu/ LmGpUj74OLqucX5v4/Xee2mbD2qmsto3+Fn+zHdbdcjvX9i5ksfu5/3nzvFbd/bUnYtGdOt0W qyXhip8deATzUn4s0T5+rLwmUf5W0Gr9O3dTTr69XpLOHMlhmlhpPueijso7JZbijERDLeai4 kQAxW9lMKQCAAA= X-Env-Sender: prvs=457a530fd=sergey.dyasli@citrix.com X-Msg-Ref: server-16.tower-31.messagelabs.com!1508315302!103178682!3 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 7451 invoked from network); 18 Oct 2017 08:28:26 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-16.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 18 Oct 2017 08:28:26 -0000 X-IronPort-AV: E=Sophos;i="5.43,395,1503360000"; d="scan'208";a="446828218" From: Sergey Dyasli To: Date: Wed, 18 Oct 2017 09:27:19 +0100 Message-ID: <20171018082722.6279-5-sergey.dyasli@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20171018082722.6279-1-sergey.dyasli@citrix.com> References: <20171018082722.6279-1-sergey.dyasli@citrix.com> MIME-Version: 1.0 Cc: Andrew Cooper , Kevin Tian , Jan Beulich , Jun Nakajima , Sergey Dyasli Subject: [Xen-devel] [PATCH v4 4/7] x86/msr: add VMX MSRs into HVM_max domain policy X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Currently, when nested virt is enabled, the set of L1 VMX features is fixed and calculated by nvmx_msr_read_intercept() as an intersection between the full set of Xen's supported L1 VMX features, the set of actual H/W features and, for MSR_IA32_VMX_EPT_VPID_CAP, the set of features that Xen uses. Add calculate_hvm_max_vmx_policy() which will save the end result of nvmx_msr_read_intercept() on current H/W into HVM_max domain policy. There will be no functional change to what L1 sees in VMX MSRs. But the actual use of HVM_max domain policy will happen later, when VMX MSRs are handled by guest_rd/wrmsr(). Signed-off-by: Sergey Dyasli --- xen/arch/x86/msr.c | 129 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 7ac0fceb49..ff270befbb 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -85,6 +85,133 @@ static void __init calculate_host_policy(void) *dp = raw_msr_domain_policy; } +#define vmx_host_allowed_cpy(dp, msr, field) \ + do { \ + dp->msr.allowed_1.field = \ + host_msr_domain_policy.msr.allowed_1.field; \ + dp->msr.allowed_0.field = \ + host_msr_domain_policy.msr.allowed_0.field; \ + } while (0) + +#define vmx_host_allowed_cpyb(dp, block, msr, field) \ + do { \ + dp->block.msr.allowed_1.field = \ + host_msr_domain_policy.block.msr.allowed_1.field; \ + dp->block.msr.allowed_0.field = \ + host_msr_domain_policy.block.msr.allowed_0.field; \ + } while (0) + +static void __init calculate_hvm_max_vmx_policy(struct msr_domain_policy *dp) +{ + if ( !cpu_has_vmx ) + return; + + dp->vmx.basic.raw = host_msr_domain_policy.vmx.basic.raw; + + dp->vmx.pinbased_ctls.raw = ((uint64_t) VMX_PINBASED_CTLS_DEFAULT1 << 32) | + VMX_PINBASED_CTLS_DEFAULT1; + vmx_host_allowed_cpyb(dp, vmx, pinbased_ctls, ext_intr_exiting); + vmx_host_allowed_cpyb(dp, vmx, pinbased_ctls, nmi_exiting); + vmx_host_allowed_cpyb(dp, vmx, pinbased_ctls, preempt_timer); + + dp->vmx.procbased_ctls.raw = + ((uint64_t) VMX_PROCBASED_CTLS_DEFAULT1 << 32) | + VMX_PROCBASED_CTLS_DEFAULT1; + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, virtual_intr_pending); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, use_tsc_offseting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, hlt_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, invlpg_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, mwait_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, rdpmc_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, rdtsc_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, cr8_load_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, cr8_store_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, tpr_shadow); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, virtual_nmi_pending); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, mov_dr_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, uncond_io_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, activate_io_bitmap); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, monitor_trap_flag); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, activate_msr_bitmap); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, monitor_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, pause_exiting); + vmx_host_allowed_cpyb(dp, vmx, procbased_ctls, activate_secondary_controls); + + dp->vmx.exit_ctls.raw = ((uint64_t) VMX_EXIT_CTLS_DEFAULT1 << 32) | + VMX_EXIT_CTLS_DEFAULT1; + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, ia32e_mode); + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, load_perf_global_ctrl); + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, ack_intr_on_exit); + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, save_guest_pat); + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, load_host_pat); + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, save_guest_efer); + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, load_host_efer); + vmx_host_allowed_cpyb(dp, vmx, exit_ctls, save_preempt_timer); + + dp->vmx.entry_ctls.raw = ((uint64_t) VMX_ENTRY_CTLS_DEFAULT1 << 32) | + VMX_ENTRY_CTLS_DEFAULT1; + vmx_host_allowed_cpyb(dp, vmx, entry_ctls, ia32e_mode); + vmx_host_allowed_cpyb(dp, vmx, entry_ctls, load_perf_global_ctrl); + vmx_host_allowed_cpyb(dp, vmx, entry_ctls, load_guest_pat); + vmx_host_allowed_cpyb(dp, vmx, entry_ctls, load_guest_efer); + + dp->vmx.misc.raw = host_msr_domain_policy.vmx.misc.raw; + /* Do not support CR3-target feature now */ + dp->vmx.misc.cr3_target = false; + + /* PG, PE bits must be 1 in VMX operation */ + dp->vmx.cr0_fixed0.allowed_0.pe = true; + dp->vmx.cr0_fixed0.allowed_0.pg = true; + + /* allow 0-settings for all bits */ + dp->vmx.cr0_fixed1.raw = 0xffffffff; + + /* VMXE bit must be 1 in VMX operation */ + dp->vmx.cr4_fixed0.allowed_0.vmxe = true; + + /* + * Allowed CR4 bits will be updated during domain creation by + * hvm_cr4_guest_valid_bits() + */ + dp->vmx.cr4_fixed1.raw = host_msr_domain_policy.vmx.cr4_fixed1.raw; + + /* The max index of VVMCS encoding is 0x1f. */ + dp->vmx.vmcs_enum.vmcs_encoding_max_idx = 0x1f; + + if ( dp->vmx.procbased_ctls.allowed_1.activate_secondary_controls ) + { + vmx_host_allowed_cpy(dp, vmx_procbased_ctls2, virtualize_apic_accesses); + vmx_host_allowed_cpy(dp, vmx_procbased_ctls2, enable_ept); + vmx_host_allowed_cpy(dp, vmx_procbased_ctls2, descriptor_table_exiting); + vmx_host_allowed_cpy(dp, vmx_procbased_ctls2, enable_vpid); + vmx_host_allowed_cpy(dp, vmx_procbased_ctls2, unrestricted_guest); + + if ( dp->vmx_procbased_ctls2.allowed_1.enable_ept || + dp->vmx_procbased_ctls2.allowed_1.enable_vpid ) + { + dp->vmx_ept_vpid_cap.raw = nept_get_ept_vpid_cap(); + } + } + + if ( dp->vmx.basic.default1_zero ) + { + dp->vmx_true_ctls.pinbased.raw = dp->vmx.pinbased_ctls.raw; + + dp->vmx_true_ctls.procbased.raw = dp->vmx.procbased_ctls.raw; + vmx_host_allowed_cpyb(dp, vmx_true_ctls, procbased, cr3_load_exiting); + vmx_host_allowed_cpyb(dp, vmx_true_ctls, procbased, cr3_store_exiting); + + dp->vmx_true_ctls.exit.raw = dp->vmx.exit_ctls.raw; + + dp->vmx_true_ctls.entry.raw = dp->vmx.entry_ctls.raw; + } + + /* MSR_IA32_VMX_VMFUNC is N/A */ +} + +#undef vmx_host_allowed_cpy +#undef vmx_host_allowed_cpyb + static void __init calculate_hvm_max_policy(void) { struct msr_domain_policy *dp = &hvm_max_msr_domain_policy; @@ -102,6 +229,8 @@ static void __init calculate_hvm_max_policy(void) /* 0x00000140 MSR_INTEL_MISC_FEATURES_ENABLES */ vp->misc_features_enables.available = dp->plaform_info.available; + + calculate_hvm_max_vmx_policy(dp); } static void __init calculate_pv_max_policy(void)