[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 0/5] VMX MSRs policy for Nested Virt: part 1



> From: Sergey Dyasli [mailto:sergey.dyasli@xxxxxxxxxx]
> Sent: Monday, July 24, 2017 9:48 PM
> 
> The end goal of having VMX MSRs policy is to be able to manage
> L1 VMX features. This patch series is the first part of this work.
> There is no functional change to what L1 sees in VMX MSRs at this
> point. But each domain will have a policy object which allows to
> sensibly query what VMX features the domain has. This will unblock
> some other nested virtualization work items.
> 
> Currently, when nested virt is enabled, the set of L1 VMX features
> is fixed and calculated by nvmx_msr_read_intercept() as an intersection
> between the full set of Xen's supported L1 VMX features, the set of
> actual H/W features and, for MSR_IA32_VMX_EPT_VPID_CAP, the set of
> features that Xen uses.
> 
> The above makes L1 VMX feature set inconsistent between different H/W
> and there is no ability to control what features are available to L1.
> The overall set of issues has much in common with CPUID policy.
> 
> Part 1 introduces struct vmx_msr_policy and the following instances:
> 
> * Raw policy (raw_vmx_msr_policy) -- the actual contents of H/W VMX MSRs
> * VVMX max policy (vvmx_max_msr_policy) -- the end result of
>                                nvmx_msr_read_intercept() on current H/W

it's clearer to call it max_vvmx_msr_policy

> * Per-domain policy (d->arch.vmx_msr) -- the copy of VVMX max policy
>                                          (for now)
> 
> In the future it should be possible to independently configure the VMX
> policy for each domain using some new domctl.
> 
> There is no "Host policy" object because Xen already has a set of
> variables (vmx_pin_based_exec_control and others) which represent
> the set of VMX features that Xen uses. There are features that Xen
> doesn't use (e.g. CPU_BASED_PAUSE_EXITING) but they are available to L1.
> This makes it not worthy to introduce "Host policy" at this stage.
> 
> v1 --> v2:
> - Rebased to the latest master
> - hvm_max_vmx_msr_policy is renamed to vvmx_max_msr_policy
> - Dropped the debug patch
> - Other changes are available on a per-patch basis
> 
> Sergey Dyasli (5):
>   x86/vmx: add struct vmx_msr_policy
>   x86/vmx: add raw_vmx_msr_policy
>   x86/vmx: refactor vmx_init_vmcs_config()
>   x86/vvmx: add vvmx_max_msr_policy
>   x86/vvmx: add per domain vmx msr policy
> 
>  xen/arch/x86/domain.c              |   6 +
>  xen/arch/x86/hvm/vmx/vmcs.c        | 269 +++++++++++++++++---------
>  xen/arch/x86/hvm/vmx/vmx.c         |   2 +
>  xen/arch/x86/hvm/vmx/vvmx.c        | 296 ++++++++++++++--------------
>  xen/include/asm-x86/domain.h       |   2 +
>  xen/include/asm-x86/hvm/vmx/vmcs.h | 383
> +++++++++++++++++++++++++++++++++++++
>  xen/include/asm-x86/hvm/vmx/vvmx.h |   3 +
>  xen/include/asm-x86/msr-index.h    |   1 +
>  8 files changed, 722 insertions(+), 240 deletions(-)
> 
> --
> 2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.