[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/PV: don't hide CPUID.OSXSAVE from user mode

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 16 Aug 2016 17:13:24 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 16 Aug 2016 16:14:03 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 16/08/16 17:00, Jan Beulich wrote:
>>>> On 16.08.16 at 17:41, <andrew.cooper3@xxxxxxxxxx> wrote:
>> On 16/08/16 16:20, Jan Beulich wrote:
>>> User mode code generally cannot be expected to invoke the PV-enabled
>>> CPUID Xen supports, and prior to the CPUID levelling changes for 4.7
>>> (as well as even nowadays on levelling incapable hardware) such CPUID
>>> invocations actually saw the host CR4.OSXSAVE value. Fold in the guest
>>> view of CR4.OSXSAVE when setting the levelling MSRs, just like we do
>>> in other CPUID handling.
>> How does this work?  The OSXSAVE is a fast-forwarded bit, not a regular bit.
>>
>> There is nothing you can do to control it on Intel, as the MSRs are
>> strictly and AND mask, applied before OSXSAVE and APIC are fast
>> forwarded from real hardware state.
> Considering that the change works (and things didn't work before) I
> assume the AND-ing happens after the fast forwarding.

That is specifically contrary to my findings.  What hardware is this
on?  (Given the undocumented state of the rest of masking, I wouldn't be
surprised if it differed across models).

>
>> On AMD, you can force it to zero by clearing the OSXSAVE bit, but you
>> can never cause it to appear set if Xen has it cleared in CR4.
> We don't allow guests to use XSAVE (and hence set the bit in CR4) if
> we don't enable it ourselves. Hence if it's off in Xen, it'll be off
> everywhere else (and that's what we want); i.e. in the consideration
> of how this works, please assume CR4.OSXSAVE=1 for the raw
> hardware reg.

And I presume the usecase is to hide it from guest userspace if it is
not enabled in the guest kernel?

On the AMD side, this is a simple two-liner

/* Force OSXSAVE to zero if not enabled by the guest kernel. */
if (masks != &cpuidmask_defaults && !(current->arch.pv_vcpu.ctrlreg[4] &
X86_CR4_OSXSAVE))
    masks->_1cd &= ~cpufeat_mask(X86_FEATURE_OSXSAVE);

to counteract the default set up in update_domain_cpuid_info().

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86/PV: don't hide CPUID.OSXSAVE from user mode
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH] x86/PV: don't hide CPUID.OSXSAVE from user mode
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86/PV: don't hide CPUID.OSXSAVE from user mode
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH] x86/PV: don't hide CPUID.OSXSAVE from user mode
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH 1/3] x86emul: use DstEax also for {, I}{MUL, DIV}
Next by Date: Re: [Xen-devel] [PATCH 1/3] x86emul: use DstEax also for {, I}{MUL, DIV}
Previous by thread: Re: [Xen-devel] [PATCH] x86/PV: don't hide CPUID.OSXSAVE from user mode
Next by thread: Re: [Xen-devel] [PATCH] x86/PV: don't hide CPUID.OSXSAVE from user mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.