@@ -124,6 +124,7 @@ static int update_domain_cpuid_info(struct domain *d,
}
recalculate_cpuid_policy(d);
+ recalculate_domain_msr_policy(d);
switch ( ctl->input[0] )
{
@@ -23,6 +23,7 @@
#include <xen/lib.h>
#include <xen/sched.h>
#include <asm/msr.h>
+#include <asm/hvm/nestedhvm.h>
struct msr_domain_policy __read_mostly raw_msr_domain_policy,
__read_mostly host_msr_domain_policy,
@@ -257,6 +258,59 @@ void __init init_guest_msr_policy(void)
calculate_pv_max_policy();
}
+static void recalculate_domain_vmx_msr_policy(struct domain *d)
+{
+ struct msr_domain_policy *dp = d->arch.msr;
+
+ if ( !nestedhvm_enabled(d) || !d->arch.cpuid->basic.vmx )
+ {
+ memset(dp->vmx.raw, 0, sizeof(dp->vmx.raw));
+ dp->vmx_procbased_ctls2.raw = 0;
+ dp->vmx_ept_vpid_cap.raw = 0;
+ memset(dp->vmx_true_ctls.raw, 0, sizeof(dp->vmx_true_ctls.raw));
+ dp->vmx_vmfunc.raw = 0;
+ }
+ else
+ {
+ memcpy(dp->vmx.raw, hvm_max_msr_domain_policy.vmx.raw,
+ sizeof(dp->vmx.raw));
+ /* Get allowed CR4 bits from CPUID policy */
+ dp->vmx.cr4_fixed1.raw = hvm_cr4_guest_valid_bits(d, false);
+
+ if ( dp->vmx.procbased_ctls.allowed_1.activate_secondary_controls )
+ {
+ dp->vmx_procbased_ctls2.raw =
+ hvm_max_msr_domain_policy.vmx_procbased_ctls2.raw;
+
+ if ( dp->vmx_procbased_ctls2.allowed_1.enable_ept ||
+ dp->vmx_procbased_ctls2.allowed_1.enable_vpid )
+ dp->vmx_ept_vpid_cap.raw =
+ hvm_max_msr_domain_policy.vmx_ept_vpid_cap.raw;
+ else
+ dp->vmx_ept_vpid_cap.raw = 0;
+ }
+ else
+ {
+ dp->vmx_procbased_ctls2.raw = 0;
+ dp->vmx_ept_vpid_cap.raw = 0;
+ }
+
+ if ( dp->vmx.basic.default1_zero )
+ memcpy(dp->vmx_true_ctls.raw,
+ hvm_max_msr_domain_policy.vmx_true_ctls.raw,
+ sizeof(dp->vmx_true_ctls.raw));
+ else
+ memset(dp->vmx_true_ctls.raw, 0, sizeof(dp->vmx_true_ctls.raw));
+
+ dp->vmx_vmfunc.raw = 0;
+ }
+}
+
+void recalculate_domain_msr_policy(struct domain *d)
+{
+ recalculate_domain_vmx_msr_policy(d);
+}
+
int init_domain_msr_policy(struct domain *d)
{
struct msr_domain_policy *dp;
@@ -277,6 +331,7 @@ int init_domain_msr_policy(struct domain *d)
}
d->arch.msr = dp;
+ recalculate_domain_msr_policy(d);
return 0;
}
@@ -608,6 +608,9 @@ int init_vcpu_msr_policy(struct vcpu *v);
int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val);
int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val);
+/* Update availability of per-domain MSRs based on CPUID policy */
+void recalculate_domain_msr_policy(struct domain *d);
+
#endif /* !__ASSEMBLY__ */
#endif /* __ASM_MSR_H */
Availability of some MSRs depends on certain CPUID bits. Add function recalculate_domain_msr_policy() which updates availability of per-domain MSRs based on current domain's CPUID policy. This function is called when CPUID policy is changed from a toolstack. Add recalculate_domain_vmx_msr_policy() which changes availability of VMX MSRs based on domain's nested virt settings. Unavailable MSRs are zeroed which allows checking availability bits in them directly without preliminary checks (e.g. cpuid->basic.vmx, activate_secondary_controls, enable_ept). Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> --- xen/arch/x86/domctl.c | 1 + xen/arch/x86/msr.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/msr.h | 3 +++ 3 files changed, 59 insertions(+)