[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 05/25] x86/cpuid: Recalculate a domains CPUID policy when appropriate



Introduce recalculate_cpuid_policy() which clamps a CPUID policy based on the
domains current restrictions.

Each adjustment introduced here mirrors what currently happens in
{pv,hvm}_cpuid(), although some logic is expressed differently.

 * The clearing X86_FEATURE_LM for 32bit PV guests, sanitise_featureset()
   takes out all 64bit-dependent features in one go.

 * The toolstacks choice of X86_FEATURE_ITSC in (by default) clobbered in
   domain_cpuid(), but {pv,hvm}_cpuid() needed to account for the host ITSC
   value when masking the toolstack value.

This now requires that sanitise_featureset(), lookup_deep_deps() and
associated data needs to be available at runtime, so moves out of __init.

Recalculate the cpuid policy when:

 * The domain is first created
 * Switching a PV guest to being compat
 * Setting disable_migrate or vTSC modes
 * The toolstack sets new policy data

The disable_migrate code was previously common.  To compensate, move the code
to each archs arch_do_domctl(), as the implementations now differ.

From this point on, domains have full and correct feature-leaf information in
their CPUID policies, allowing for substantial cleanup and improvements.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Julien Grall <julien.grall@xxxxxxx>

v2:
 * Rewrite the commit message
 * Recalculate on disable_migrate/vTSC changes
 * Reorder and comment the logic better in recalculate_cpuid_policy()
---
 xen/arch/arm/domctl.c            |  5 +++
 xen/arch/x86/cpuid.c             | 70 ++++++++++++++++++++++++++++++++++++----
 xen/arch/x86/domain.c            |  1 +
 xen/arch/x86/domctl.c            | 29 +++++++++++++++++
 xen/arch/x86/time.c              |  2 ++
 xen/common/domctl.c              |  4 ---
 xen/include/asm-x86/cpufeature.h |  1 +
 xen/include/asm-x86/cpuid.h      | 10 +++---
 8 files changed, 105 insertions(+), 17 deletions(-)

diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
index 09d9959..fee4b17 100644
--- a/xen/arch/arm/domctl.c
+++ b/xen/arch/arm/domctl.c
@@ -115,6 +115,11 @@ long arch_do_domctl(struct xen_domctl *domctl, struct 
domain *d,
 
         return 0;
     }
+
+    case XEN_DOMCTL_disable_migrate:
+        d->disable_migrate = domctl->u.disable_migrate.disable;
+        break;
+
     default:
     {
         int rc;
diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
index 6c95b7f..0d54465 100644
--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -9,10 +9,10 @@
 const uint32_t known_features[] = INIT_KNOWN_FEATURES;
 const uint32_t special_features[] = INIT_SPECIAL_FEATURES;
 
-static const uint32_t __initconst pv_featuremask[] = INIT_PV_FEATURES;
-static const uint32_t __initconst hvm_shadow_featuremask[] = 
INIT_HVM_SHADOW_FEATURES;
-static const uint32_t __initconst hvm_hap_featuremask[] = 
INIT_HVM_HAP_FEATURES;
-static const uint32_t __initconst deep_features[] = INIT_DEEP_FEATURES;
+static const uint32_t pv_featuremask[] = INIT_PV_FEATURES;
+static const uint32_t hvm_shadow_featuremask[] = INIT_HVM_SHADOW_FEATURES;
+static const uint32_t hvm_hap_featuremask[] = INIT_HVM_HAP_FEATURES;
+static const uint32_t deep_features[] = INIT_DEEP_FEATURES;
 
 #define EMPTY_LEAF ((struct cpuid_leaf){})
 
@@ -32,7 +32,7 @@ static void cpuid_count_leaf(uint32_t leaf, uint32_t subleaf,
     cpuid_count(leaf, subleaf, &data->a, &data->b, &data->c, &data->d);
 }
 
-static void __init sanitise_featureset(uint32_t *fs)
+static void sanitise_featureset(uint32_t *fs)
 {
     /* for_each_set_bit() uses unsigned longs.  Extend with zeroes. */
     uint32_t disabled_features[
@@ -231,12 +231,12 @@ void __init init_guest_cpuid(void)
     calculate_hvm_max_policy();
 }
 
-const uint32_t * __init lookup_deep_deps(uint32_t feature)
+const uint32_t *lookup_deep_deps(uint32_t feature)
 {
     static const struct {
         uint32_t feature;
         uint32_t fs[FSCAPINTS];
-    } deep_deps[] __initconst = INIT_DEEP_DEPS;
+    } deep_deps[] = INIT_DEEP_DEPS;
     unsigned int start = 0, end = ARRAY_SIZE(deep_deps);
 
     BUILD_BUG_ON(ARRAY_SIZE(deep_deps) != NR_DEEP_DEPS);
@@ -261,6 +261,60 @@ const uint32_t * __init lookup_deep_deps(uint32_t feature)
     return NULL;
 }
 
+void recalculate_cpuid_policy(struct domain *d)
+{
+    struct cpuid_policy *p = d->arch.cpuid;
+    const struct cpuid_policy *max =
+        is_pv_domain(d) ? &pv_max_policy : &hvm_max_policy;
+    uint32_t fs[FSCAPINTS], max_fs[FSCAPINTS];
+    unsigned int i;
+
+    cpuid_policy_to_featureset(p, fs);
+    memcpy(max_fs, max->fs, sizeof(max_fs));
+
+    /*
+     * HVM domains using Shadow paging have further restrictions on their
+     * available paging features.
+     */
+    if ( is_hvm_domain(d) && !hap_enabled(d) )
+    {
+        for ( i = 0; i < ARRAY_SIZE(max_fs); i++ )
+            max_fs[i] &= hvm_shadow_featuremask[i];
+    }
+
+    /*
+     * 32bit PV domains can't use any Long Mode features, and cannot use
+     * SYSCALL on non-AMD hardware.
+     */
+    if ( is_pv_32bit_domain(d) )
+    {
+        __clear_bit(X86_FEATURE_LM, max_fs);
+        if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD )
+            __clear_bit(X86_FEATURE_SYSCALL, max_fs);
+    }
+
+    /*
+     * ITSC is masked by default (so domains are safe to migrate), but a
+     * toolstack which has configured disable_migrate or vTSC for a domain may
+     * safely select it, and needs a way of doing so.
+     */
+    if ( cpu_has_itsc && (d->disable_migrate || d->arch.vtsc) )
+        __set_bit(X86_FEATURE_ITSC, max_fs);
+
+    /* Clamp the toolstacks choices to reality. */
+    for ( i = 0; i < ARRAY_SIZE(fs); i++ )
+        fs[i] &= max_fs[i];
+
+    sanitise_featureset(fs);
+
+    /* Fold host's FDP_EXCP_ONLY and NO_FPU_SEL into guest's view. */
+    fs[FEATURESET_7b0] &= ~special_features[FEATURESET_7b0];
+    fs[FEATURESET_7b0] |= (host_featureset[FEATURESET_7b0] &
+                           special_features[FEATURESET_7b0]);
+
+    cpuid_featureset_to_policy(fs, p);
+}
+
 int init_domain_cpuid_policy(struct domain *d)
 {
     d->arch.cpuid = xmalloc(struct cpuid_policy);
@@ -270,6 +324,8 @@ int init_domain_cpuid_policy(struct domain *d)
 
     *d->arch.cpuid = is_pv_domain(d) ? pv_max_policy : hvm_max_policy;
 
+    recalculate_cpuid_policy(d);
+
     return 0;
 }
 
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index c1f95cc..7d33c41 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -352,6 +352,7 @@ int switch_compat(struct domain *d)
     }
 
     domain_set_alloc_bitsize(d);
+    recalculate_cpuid_policy(d);
 
     d->arch.x87_fip_width = 4;
 
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index ab141b1..a3b2b72 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -51,6 +51,30 @@ static int gdbsx_guest_mem_io(domid_t domid, struct 
xen_domctl_gdbsx_memio *iop)
 static void update_domain_cpuid_info(struct domain *d,
                                      const xen_domctl_cpuid_t *ctl)
 {
+    struct cpuid_policy *p = d->arch.cpuid;
+    const struct cpuid_leaf leaf = { ctl->eax, ctl->ebx, ctl->ecx, ctl->edx };
+
+    /* Insert ctl data into cpuid_policy. */
+    if ( ctl->input[0] < ARRAY_SIZE(p->basic.raw) )
+    {
+        if ( ctl->input[0] == 7 )
+        {
+            if ( ctl->input[1] < ARRAY_SIZE(p->feat.raw) )
+                p->feat.raw[ctl->input[1]] = leaf;
+        }
+        else if ( ctl->input[0] == 0xd )
+        {
+            if ( ctl->input[1] < ARRAY_SIZE(p->xstate.raw) )
+                p->xstate.raw[ctl->input[1]] = leaf;
+        }
+        else
+            p->basic.raw[ctl->input[0]] = leaf;
+    }
+    else if ( (ctl->input[0] - 0x80000000) < ARRAY_SIZE(p->extd.raw) )
+        p->extd.raw[ctl->input[0] - 0x80000000] = leaf;
+
+    recalculate_cpuid_policy(d);
+
     switch ( ctl->input[0] )
     {
     case 0: {
@@ -1409,6 +1433,11 @@ long arch_do_domctl(
         }
         break;
 
+    case XEN_DOMCTL_disable_migrate:
+        d->disable_migrate = domctl->u.disable_migrate.disable;
+        recalculate_cpuid_policy(d);
+        break;
+
     default:
         ret = iommu_do_domctl(domctl, d, u_domctl);
         break;
diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c
index b89fa13..e17da1b 100644
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -2106,6 +2106,8 @@ void tsc_set_info(struct domain *d,
                                      d->arch.hvm_domain.sync_tsc);
         }
     }
+
+    recalculate_cpuid_policy(d);
 }
 
 /* vtsc may incur measurable performance degradation, diagnose with this */
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index b0ee961..12cf4a9 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -1103,10 +1103,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
         copyback = 1;
         break;
 
-    case XEN_DOMCTL_disable_migrate:
-        d->disable_migrate = op->u.disable_migrate.disable;
-        break;
-
 #ifdef CONFIG_HAS_MEM_ACCESS
     case XEN_DOMCTL_set_access_required:
         if ( unlikely(current->domain == d) ) /* no domain_pause() */
diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h
index 9326616..f34d01c 100644
--- a/xen/include/asm-x86/cpufeature.h
+++ b/xen/include/asm-x86/cpufeature.h
@@ -71,6 +71,7 @@
 #define cpu_has_eist           boot_cpu_has(X86_FEATURE_EIST)
 #define cpu_has_hypervisor     boot_cpu_has(X86_FEATURE_HYPERVISOR)
 #define cpu_has_cmp_legacy     boot_cpu_has(X86_FEATURE_CMP_LEGACY)
+#define cpu_has_itsc           boot_cpu_has(X86_FEATURE_ITSC)
 
 enum _cache_type {
     CACHE_TYPE_NULL = 0,
diff --git a/xen/include/asm-x86/cpuid.h b/xen/include/asm-x86/cpuid.h
index 77a467a..0592b38 100644
--- a/xen/include/asm-x86/cpuid.h
+++ b/xen/include/asm-x86/cpuid.h
@@ -86,13 +86,8 @@ struct cpuid_policy
      *
      * Per-domain objects:
      *
-     * - Host accurate:
-     *   - max_{,sub}leaf
-     *   - {xcr0,xss}_{high,low}
-     *   - All FEATURESET_* words
-     *
      * - Guest accurate:
-     *   - Nothing
+     *   - All FEATURESET_* words
      *
      * Everything else should be considered inaccurate, and not necesserily 0.
      */
@@ -202,6 +197,9 @@ extern struct cpuid_policy raw_policy, host_policy, 
pv_max_policy,
 /* Allocate and initialise a CPUID policy suitable for the domain. */
 int init_domain_cpuid_policy(struct domain *d);
 
+/* Clamp the CPUID policy to reality. */
+void recalculate_cpuid_policy(struct domain *d);
+
 void guest_cpuid(const struct vcpu *v, uint32_t leaf,
                  uint32_t subleaf, struct cpuid_leaf *res);
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.