Re: [Xen-devel] [PATCH for-4.7] x86/cpuid: Calculate a guests xfeature_mask from its featureset

[Wei Liu <wei.liu2@xxxxxxxxxx>]

On Thu, Jun 02, 2016 at 05:48:01PM +0100, Andrew Cooper wrote:
> libxc current performs the xstate calculation for guests, and provides the
> information to Xen to be used when satisfying CPUID traps.  (There is further
> work planned to improve this arrangement, but the worst a buggy toolstack can
> do is make junk appear in the cpuid leaves for the guest.)
> 
> dom0 however has no policy constructed for it, and certain fields filter
> straight through from hardware.
> 
> Linux queries CPUID.7[0].{EAX/EDX} alone to choose a setting for %xcr0, which
> is action to take.  However, features such as MPX and PKRU are not supported
> for PV guests.  As a result, Linux, using leaked hardware information, fails
> to set %xcr0 on newer Skylake hardware with PKRU support, and crashes.
> 
> As an interim solution, dynamically calculate the correct xfeature_mask and
> xstate_size to report to the guest for CPUID.7[0] queries.  This ensures that
> domains don't see leaked hardware values, even when no cpuid policy is
> provided.
> 
> Similarly, CPUID.7[1]{ECX/EDX} represents the applicable settings for
> MSR_XSS.  Xen doesn't support any XSS states in guests, unconditionally clear
> them for HVM guests.
> 
> Reported-by: Luwei Kang <luwei.kang@xxxxxxxxx>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Wei Liu <wei.liu2@xxxxxxxxxx>
> CC: Luwei Kang <luwei.kang@xxxxxxxxx>
> CC: Huaitong Han <huaitong.han@xxxxxxxxx>

Luwei and Huaitong, I would appreciate your test report on this patch.
Thanks!

If we can a tested-by tomorrow, we might be able to just apply this
patch for 4.7 (also subject to Jan's review / ack).

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel