[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 0/5] VMX MSRs policy for Nested Virt: part 1

The end goal of having VMX MSRs policy is to be able to manage
L1 VMX features. This patch series is the first part of this work.
There is no functional change to what L1 sees in VMX MSRs at this
point. But each domain will have a policy object which allows to
sensibly query what VMX features the domain has. This will unblock
some other nested virtualization work items.

Currently, when nested virt is enabled, the set of L1 VMX features
is fixed and calculated by nvmx_msr_read_intercept() as an intersection
between the full set of Xen's supported L1 VMX features, the set of
actual H/W features and, for MSR_IA32_VMX_EPT_VPID_CAP, the set of
features that Xen uses.

The above makes L1 VMX feature set inconsistent between different H/W
and there is no ability to control what features are available to L1.
The overall set of issues has much in common with CPUID policy.

Part 1 introduces struct vmx_msr_policy and the following instances:

* Raw policy (raw_vmx_msr_policy) -- the actual contents of H/W VMX MSRs
* VVMX max policy (vvmx_max_msr_policy) -- the end result of
                               nvmx_msr_read_intercept() on current H/W
* Per-domain policy (d->arch.vmx_msr) -- the copy of VVMX max policy
                                         (for now)

In the future it should be possible to independently configure the VMX
policy for each domain using some new domctl.

There is no "Host policy" object because Xen already has a set of
variables (vmx_pin_based_exec_control and others) which represent
the set of VMX features that Xen uses. There are features that Xen
doesn't use (e.g. CPU_BASED_PAUSE_EXITING) but they are available to L1.
This makes it not worthy to introduce "Host policy" at this stage.

v1 --> v2:
- Rebased to the latest master
- hvm_max_vmx_msr_policy is renamed to vvmx_max_msr_policy
- Dropped the debug patch
- Other changes are available on a per-patch basis

Sergey Dyasli (5):
  x86/vmx: add struct vmx_msr_policy
  x86/vmx: add raw_vmx_msr_policy
  x86/vmx: refactor vmx_init_vmcs_config()
  x86/vvmx: add vvmx_max_msr_policy
  x86/vvmx: add per domain vmx msr policy

 xen/arch/x86/domain.c              |   6 +
 xen/arch/x86/hvm/vmx/vmcs.c        | 269 +++++++++++++++++---------
 xen/arch/x86/hvm/vmx/vmx.c         |   2 +
 xen/arch/x86/hvm/vmx/vvmx.c        | 296 ++++++++++++++--------------
 xen/include/asm-x86/domain.h       |   2 +
 xen/include/asm-x86/hvm/vmx/vmcs.h | 383 +++++++++++++++++++++++++++++++++++++
 xen/include/asm-x86/hvm/vmx/vvmx.h |   3 +
 xen/include/asm-x86/msr-index.h    |   1 +
 8 files changed, 722 insertions(+), 240 deletions(-)


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.