From patchwork Mon Oct  9 07:48:16 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Beulich <JBeulich@suse.com>
X-Patchwork-Id: 9992233
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4717B60230 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon,  9 Oct 2017 07:50:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3780E286D5
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon,  9 Oct 2017 07:50:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 358B828708; Mon,  9 Oct 2017 07:50:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7A6B1286D5
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon,  9 Oct 2017 07:50:32 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1e1Snb-0000So-LW; Mon, 09 Oct 2017 07:48:27 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <JBeulich@suse.com>) id 1e1Sna-0000Sg-E9
	for xen-devel@lists.xenproject.org; Mon, 09 Oct 2017 07:48:26 +0000
Received: from [193.109.254.147] by server-7.bemta-6.messagelabs.com id
	42/96-03618-9C92BD95; Mon, 09 Oct 2017 07:48:25 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrEIsWRWlGSWpSXmKPExsXS6fjDS/eo5u1
	Ig2ldwhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa0bj2y6mgi0yFSfbJjE2MD4W62Lk5BASyJM4
	+/AJE4jNK2An0fT2NDOILSFgKHF64U0WEJtFQFXi8JwmdhCbTUBdou3ZdtYuRg4OEQEDiXNHk
	0BMZgF9iW3rwKqFBVwktuz9xgIS5hUQlPi7QxgkzCygJfHw1y0WCFtbYtnC18wQndISy/9xTG
	DkmYXQMAtJwywkDbMQGhYwsqxiVC9OLSpLLdI10UsqykzPKMlNzMzRNTQw08tNLS5OTE/NSUw
	q1kvOz93ECAwjBiDYwdh92f8QoyQHk5Ior7zq7UghvqT8lMqMxOKM+KLSnNTiQ4wyHBxKErw5
	wLAUEixKTU+tSMvMAQY0TFqCg0dJhHe+BlCat7ggMbc4Mx0idYrRkuPYpst/mDhWTbgCJDtu3
	v3DJMSSl5+XKiXOmwQyTwCkIaM0D24cLOouMcpKCfMyAh0oxFOQWpSbWYIq/4pRnINRSZg3DW
	QKT2ZeCdzWV0AHMQEdxFh8A+SgkkSElFQD476wPtG2p6lz5h/R5j9xzuyri1e6qyand03XZfn
	tnV0KrKvTXJlXl8ifeWB+/bml+bnq2SJPEiL3lP1huq0VEuVkvok7Rn6++NxoBR7BNUVexXO/
	lc0Qf8vG3pq7dP2yWcsLoiYEClwx/31mocQL4wePZxa8W8a3dfWPqSXB2nu+XND0y1G3UGIpz
	kg01GIuKk4EAEAjH5e1AgAA
X-Env-Sender: JBeulich@suse.com
X-Msg-Ref: server-2.tower-27.messagelabs.com!1507535299!51156691!1
X-Originating-IP: [137.65.248.74]
X-SpamReason: No, hits=0.0 required=7.0 tests=UPPERCASE_25_50
X-StarScan-Received: 
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 1286 invoked from network); 9 Oct 2017 07:48:21 -0000
Received: from prv-mh.provo.novell.com (HELO prv-mh.provo.novell.com)
	(137.65.248.74)
	by server-2.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 9 Oct 2017 07:48:21 -0000
Received: from INET-PRV-MTA by prv-mh.provo.novell.com
	with Novell_GroupWise; Mon, 09 Oct 2017 01:48:18 -0600
Message-Id: <59DB45E00200007800183C29@prv-mh.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 14.2.2 
Date: Mon, 09 Oct 2017 01:48:16 -0600
From: "Jan Beulich" <JBeulich@suse.com>
To: "xen-devel" <xen-devel@lists.xenproject.org>
Mime-Version: 1.0
Content-Disposition: inline
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [Xen-devel] [PATCH for-4.9 v2] x86: avoid #GP for PV guest MSR
	accesses
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Halfway recent Linux kernels probe MISC_FEATURES_ENABLES on all CPUs,
leading to ugly recovered #GP fault messages with debug builds on older
systems. We can do better, so introduce synthetic feature flags for
both this and PLATFORM_INFO to avoid the rdmsr_safe() altogether.

Note that the r/o nature of PLATFORM_INFO is now also being enforced.

The rdmsr_safe() uses for MISC_ENABLE are left in place as benign - it
exists for all 64-bit capable Intel CPUs (see e.g. early_init_intel()).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
v2: Force PLATFORM_INFO writes to fail.

--- a/xen/arch/x86/cpu/intel.c
+++ b/xen/arch/x86/cpu/intel.c
@@ -21,10 +21,19 @@ static bool __init probe_intel_cpuid_fau
 {
 	uint64_t x;
 
-	if (rdmsr_safe(MSR_INTEL_PLATFORM_INFO, x) ||
-	    !(x & MSR_PLATFORM_INFO_CPUID_FAULTING))
+	if (rdmsr_safe(MSR_INTEL_PLATFORM_INFO, x))
 		return 0;
 
+	setup_force_cpu_cap(X86_FEATURE_MSR_PLATFORM_INFO);
+
+	if (!(x & MSR_PLATFORM_INFO_CPUID_FAULTING)) {
+		if (!rdmsr_safe(MSR_INTEL_MISC_FEATURES_ENABLES, x))
+			setup_force_cpu_cap(X86_FEATURE_MSR_MISC_FEATURES);
+		return 0;
+	}
+
+	setup_force_cpu_cap(X86_FEATURE_MSR_MISC_FEATURES);
+
 	expected_levelling_cap |= LCAP_faulting;
 	levelling_caps |=  LCAP_faulting;
 	setup_force_cpu_cap(X86_FEATURE_CPUID_FAULTING);
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2626,8 +2626,7 @@ static int read_msr(unsigned int reg, ui
         return X86EMUL_OKAY;
 
     case MSR_INTEL_PLATFORM_INFO:
-        if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ||
-             rdmsr_safe(MSR_INTEL_PLATFORM_INFO, *val) )
+        if ( !boot_cpu_has(X86_FEATURE_MSR_PLATFORM_INFO) )
             break;
         *val = 0;
         if ( this_cpu(cpuid_faulting_enabled) )
@@ -2635,8 +2634,7 @@ static int read_msr(unsigned int reg, ui
         return X86EMUL_OKAY;
 
     case MSR_INTEL_MISC_FEATURES_ENABLES:
-        if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ||
-             rdmsr_safe(MSR_INTEL_MISC_FEATURES_ENABLES, *val) )
+        if ( !boot_cpu_has(X86_FEATURE_MSR_MISC_FEATURES) )
             break;
         *val = 0;
         if ( curr->arch.cpuid_faulting )
@@ -2834,15 +2832,12 @@ static int write_msr(unsigned int reg, u
         return X86EMUL_OKAY;
 
     case MSR_INTEL_PLATFORM_INFO:
-        if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ||
-             val || rdmsr_safe(MSR_INTEL_PLATFORM_INFO, val) )
-            break;
-        return X86EMUL_OKAY;
+        /* The MSR is read-only. */
+        break;
 
     case MSR_INTEL_MISC_FEATURES_ENABLES:
-        if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ||
-             (val & ~MSR_MISC_FEATURES_CPUID_FAULTING) ||
-             rdmsr_safe(MSR_INTEL_MISC_FEATURES_ENABLES, temp) )
+        if ( !boot_cpu_has(X86_FEATURE_MSR_MISC_FEATURES) ||
+             (val & ~MSR_MISC_FEATURES_CPUID_FAULTING) )
             break;
         if ( (val & MSR_MISC_FEATURES_CPUID_FAULTING) &&
              !this_cpu(cpuid_faulting_enabled) )
--- a/xen/include/asm-x86/cpufeatures.h
+++ b/xen/include/asm-x86/cpufeatures.h
@@ -22,3 +22,5 @@ XEN_CPUFEATURE(APERFMPERF,      (FSCAPIN
 XEN_CPUFEATURE(MFENCE_RDTSC,    (FSCAPINTS+0)*32+ 9) /* MFENCE synchronizes RDTSC */
 XEN_CPUFEATURE(XEN_SMEP,        (FSCAPINTS+0)*32+10) /* SMEP gets used by Xen itself */
 XEN_CPUFEATURE(XEN_SMAP,        (FSCAPINTS+0)*32+11) /* SMAP gets used by Xen itself */
+XEN_CPUFEATURE(MSR_PLATFORM_INFO, (FSCAPINTS+0)*32+12) /* PLATFORM_INFO MSR present */
+XEN_CPUFEATURE(MSR_MISC_FEATURES, (FSCAPINTS+0)*32+13) /* MISC_FEATURES_ENABLES MSR present */