Xen project Mailing List

Re: [Xen-devel] [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: "Liu, Jinsong" <jinsong.liu@xxxxxxxxx>

Date: Wed, 27 Nov 2013 14:27:17 +0000

Accept-language: en-US

Cc: "haoxudong.hao@xxxxxxxxx" <haoxudong.hao@xxxxxxxxx>, "keir@xxxxxxx" <keir@xxxxxxx>, "Ian.Campbell@xxxxxxxxxx" <Ian.Campbell@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Wed, 27 Nov 2013 14:27:58 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AQHO63iTdlJsjBfPRHyXuEWDVBv2gJo5Ihug

Thread-topic: [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle

Andrew Cooper wrote: > On 27/11/13 13:50, Liu, Jinsong wrote: >> From 291adaf4ad6174c5641a7239c1801373e92e9975 Mon Sep 17 00:00:00 >> 2001 >> From: Liu Jinsong <jinsong.liu@xxxxxxxxx> >> Date: Thu, 28 Nov 2013 05:26:06 +0800 >> Subject: [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle >> >> When MPX supported, a new guest-state field for IA32_BNDCFGS >> is added to the VMCS. In addition, two new controls are added: >> - a VM-exit control called "clear BNDCFGS" >> - a VM-entry control called "load BNDCFGS." >> VM exits always save IA32_BNDCFGS into BNDCFGS field of VMCS. >> >> Signed-off-by: Xudong Hao <xudong.hao@xxxxxxxxx> >> Reviewed-by: Liu Jinsong <jinsong.liu@xxxxxxxxx> >> >> Unlikely, but in case VMX support is not available, not expose >> MPX to hvm guest. > > You are still missing the point. > > I as the administrator choose to prevent an HVM guest from using MPX. > Perhaps I want to create a heterogeneous pool. > > Therefore, the bit is disabled in the domains cpuid policy, despite > being available on the hardware. > > ~Andrew > Could you tell me the reason why choose to prevent HVM from using MPX? Thanks, Jinsong >> >> Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> Suggested-by: Jan Beulich <jbeulich@xxxxxxxx> >> Signed-off-by: Liu Jinsong <jinsong.liu@xxxxxxxxx> >> --- >> xen/arch/x86/hvm/hvm.c | 6 ++++++ >> xen/arch/x86/hvm/vmx/vmcs.c | 8 ++++++-- >> xen/include/asm-x86/cpufeature.h | 2 ++ >> xen/include/asm-x86/hvm/vmx/vmcs.h | 2 ++ >> xen/include/asm-x86/msr-index.h | 2 ++ >> 5 files changed, 18 insertions(+), 2 deletions(-) >> >> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c >> index 9c88c73..0f7178b 100644 >> --- a/xen/arch/x86/hvm/hvm.c >> +++ b/xen/arch/x86/hvm/hvm.c >> @@ -2905,6 +2905,12 @@ void hvm_cpuid(unsigned int input, unsigned >> int *eax, unsigned int *ebx, if ( (count == 0) && >> !cpu_has_smep ) *ebx &= ~cpufeat_mask(X86_FEATURE_SMEP); >> >> + /* Don't expose MPX to hvm when VMX support is not >> available */ + if ( (count == 0) && + >> (!(vmx_vmexit_control & VM_EXIT_CLEAR_BNDCFGS) || + >> !(vmx_vmentry_control & VM_ENTRY_LOAD_BNDCFGS)) ) + *ebx >> &= ~cpufeat_mask(X86_FEATURE_MPX); + /* Don't expose >> INVPCID to non-hap hvm. */ if ( (count == 0) && >> !hap_enabled(d) ) *ebx &= >> ~cpufeat_mask(X86_FEATURE_INVPCID); >> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c >> b/xen/arch/x86/hvm/vmx/vmcs.c >> index 290b42f..4a1f168 100644 >> --- a/xen/arch/x86/hvm/vmx/vmcs.c >> +++ b/xen/arch/x86/hvm/vmx/vmcs.c >> @@ -270,7 +270,8 @@ static int vmx_init_vmcs_config(void) } >> >> min = VM_EXIT_ACK_INTR_ON_EXIT; >> - opt = VM_EXIT_SAVE_GUEST_PAT | VM_EXIT_LOAD_HOST_PAT; >> + opt = VM_EXIT_SAVE_GUEST_PAT | VM_EXIT_LOAD_HOST_PAT | >> + VM_EXIT_CLEAR_BNDCFGS; >> min |= VM_EXIT_IA32E_MODE; >> _vmx_vmexit_control = adjust_vmx_controls( >> "VMExit Control", min, opt, MSR_IA32_VMX_EXIT_CTLS, >> &mismatch); @@ -284,7 +285,7 @@ static int vmx_init_vmcs_config(void) >> _vmx_pin_based_exec_control &= ~ >> PIN_BASED_POSTED_INTERRUPT; >> >> min = 0; >> - opt = VM_ENTRY_LOAD_GUEST_PAT; >> + opt = VM_ENTRY_LOAD_GUEST_PAT | VM_ENTRY_LOAD_BNDCFGS; >> _vmx_vmentry_control = adjust_vmx_controls( >> "VMEntry Control", min, opt, MSR_IA32_VMX_ENTRY_CTLS, >> &mismatch); >> >> @@ -955,6 +956,9 @@ static int construct_vmcs(struct vcpu *v) >> vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_EIP, >> MSR_TYPE_R | MSR_TYPE_W); if ( paging_mode_hap(d) && >> (!iommu_enabled || iommu_snoop) ) >> vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT, MSR_TYPE_R | >> MSR_TYPE_W); + if ( (vmexit_ctl & VM_EXIT_CLEAR_BNDCFGS) && + >> (vmentry_ctl & VM_ENTRY_LOAD_BNDCFGS) ) + >> vmx_disable_intercept_for_msr(v, MSR_IA32_BNDCFGS, MSR_TYPE_R | >> MSR_TYPE_W); } >> >> /* I/O access bitmap. */ >> diff --git a/xen/include/asm-x86/cpufeature.h >> b/xen/include/asm-x86/cpufeature.h >> index 1cfaf94..930dc9b 100644 >> --- a/xen/include/asm-x86/cpufeature.h >> +++ b/xen/include/asm-x86/cpufeature.h >> @@ -148,6 +148,7 @@ >> #define X86_FEATURE_INVPCID (7*32+10) /* Invalidate Process Context >> ID */ #define X86_FEATURE_RTM (7*32+11) /* Restricted >> Transactional Memory */ #define X86_FEATURE_NO_FPU_SEL (7*32+13) >> /* FPU CS/DS stored as zero */ +#define X86_FEATURE_MPX >> (7*32+14) >> /* Memory Protection Extensions */ #define >> X86_FEATURE_SMAP (7*32+20) /* Supervisor Mode Access Prevention */ >> >> #define cpu_has(c, bit) test_bit(bit, (c)->x86_capability) @@ >> -197,6 +198,7 @@ #define cpu_has_xsave >> boot_cpu_has(X86_FEATURE_XSAVE) #define cpu_has_avx >> boot_cpu_has(X86_FEATURE_AVX) #define cpu_has_lwp >> boot_cpu_has(X86_FEATURE_LWP) +#define cpu_has_mpx >> boot_cpu_has(X86_FEATURE_MPX) >> >> #define cpu_has_arch_perfmon >> boot_cpu_has(X86_FEATURE_ARCH_PERFMON) >> >> diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h >> b/xen/include/asm-x86/hvm/vmx/vmcs.h >> index ebaba5c..75cd653 100644 >> --- a/xen/include/asm-x86/hvm/vmx/vmcs.h >> +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h >> @@ -186,6 +186,7 @@ extern u32 vmx_pin_based_exec_control; >> #define VM_EXIT_SAVE_GUEST_EFER 0x00100000 >> #define VM_EXIT_LOAD_HOST_EFER 0x00200000 >> #define VM_EXIT_SAVE_PREEMPT_TIMER 0x00400000 >> +#define VM_EXIT_CLEAR_BNDCFGS 0x00800000 >> extern u32 vmx_vmexit_control; >> >> #define VM_ENTRY_IA32E_MODE 0x00000200 >> @@ -194,6 +195,7 @@ extern u32 vmx_vmexit_control; >> #define VM_ENTRY_LOAD_PERF_GLOBAL_CTRL 0x00002000 >> #define VM_ENTRY_LOAD_GUEST_PAT 0x00004000 >> #define VM_ENTRY_LOAD_GUEST_EFER 0x00008000 >> +#define VM_ENTRY_LOAD_BNDCFGS 0x00010000 >> extern u32 vmx_vmentry_control; >> >> #define SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES 0x00000001 >> diff --git a/xen/include/asm-x86/msr-index.h >> b/xen/include/asm-x86/msr-index.h >> index e597a28..ccad1ab 100644 >> --- a/xen/include/asm-x86/msr-index.h >> +++ b/xen/include/asm-x86/msr-index.h >> @@ -56,6 +56,8 @@ >> #define MSR_IA32_DS_AREA 0x00000600 >> #define MSR_IA32_PERF_CAPABILITIES 0x00000345 >> >> +#define MSR_IA32_BNDCFGS 0x00000D90 >> + >> #define MSR_MTRRfix64K_00000 0x00000250 >> #define MSR_MTRRfix16K_80000 0x00000258 >> #define MSR_MTRRfix16K_A0000 0x00000259 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.