Xen project Mailing List

Re: [Xen-devel] [PATCH 6/6] x86/emul: dedup hvmemul_cpuid() and pv_emul_cpuid()

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 9 Nov 2018 17:16:58 +0000

Autocrypt: addr=andrew.cooper3@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFLhNn8BEADVhE+Hb8i0GV6mihnnr/uiQQdPF8kUoFzCOPXkf7jQ5sLYeJa0cQi6Penp VtiFYznTairnVsN5J+ujSTIb+OlMSJUWV4opS7WVNnxHbFTPYZVQ3erv7NKc2iVizCRZ2Kxn srM1oPXWRic8BIAdYOKOloF2300SL/bIpeD+x7h3w9B/qez7nOin5NzkxgFoaUeIal12pXSR Q354FKFoy6Vh96gc4VRqte3jw8mPuJQpfws+Pb+swvSf/i1q1+1I4jsRQQh2m6OTADHIqg2E ofTYAEh7R5HfPx0EXoEDMdRjOeKn8+vvkAwhviWXTHlG3R1QkbE5M/oywnZ83udJmi+lxjJ5 YhQ5IzomvJ16H0Bq+TLyVLO/VRksp1VR9HxCzItLNCS8PdpYYz5TC204ViycobYU65WMpzWe LFAGn8jSS25XIpqv0Y9k87dLbctKKA14Ifw2kq5OIVu2FuX+3i446JOa2vpCI9GcjCzi3oHV e00bzYiHMIl0FICrNJU0Kjho8pdo0m2uxkn6SYEpogAy9pnatUlO+erL4LqFUO7GXSdBRbw5 gNt25XTLdSFuZtMxkY3tq8MFss5QnjhehCVPEpE6y9ZjI4XB8ad1G4oBHVGK5LMsvg22PfMJ ISWFSHoF/B5+lHkCKWkFxZ0gZn33ju5n6/FOdEx4B8cMJt+cWwARAQABzSlBbmRyZXcgQ29v cGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPsLBegQTAQgAJAIbAwULCQgHAwUVCgkI CwUWAgMBAAIeAQIXgAUCWKD95wIZAQAKCRBlw/kGpdefoHbdD/9AIoR3k6fKl+RFiFpyAhvO 59ttDFI7nIAnlYngev2XUR3acFElJATHSDO0ju+hqWqAb8kVijXLops0gOfqt3VPZq9cuHlh IMDquatGLzAadfFx2eQYIYT+FYuMoPZy/aTUazmJIDVxP7L383grjIkn+7tAv+qeDfE+txL4 SAm1UHNvmdfgL2/lcmL3xRh7sub3nJilM93RWX1Pe5LBSDXO45uzCGEdst6uSlzYR/MEr+5Z JQQ32JV64zwvf/aKaagSQSQMYNX9JFgfZ3TKWC1KJQbX5ssoX/5hNLqxMcZV3TN7kU8I3kjK mPec9+1nECOjjJSO/h4P0sBZyIUGfguwzhEeGf4sMCuSEM4xjCnwiBwftR17sr0spYcOpqET ZGcAmyYcNjy6CYadNCnfR40vhhWuCfNCBzWnUW0lFoo12wb0YnzoOLjvfD6OL3JjIUJNOmJy RCsJ5IA/Iz33RhSVRmROu+TztwuThClw63g7+hoyewv7BemKyuU6FTVhjjW+XUWmS/FzknSi dAG+insr0746cTPpSkGl3KAXeWDGJzve7/SBBfyznWCMGaf8E2P1oOdIZRxHgWj0zNr1+ooF /PzgLPiCI4OMUttTlEKChgbUTQ+5o0P080JojqfXwbPAyumbaYcQNiH1/xYbJdOFSiBv9rpt TQTBLzDKXok86M7BTQRS4TZ/ARAAkgqudHsp+hd82UVkvgnlqZjzz2vyrYfz7bkPtXaGb9H4 Rfo7mQsEQavEBdWWjbga6eMnDqtu+FC+qeTGYebToxEyp2lKDSoAsvt8w82tIlP/EbmRbDVn 7bhjBlfRcFjVYw8uVDPptT0TV47vpoCVkTwcyb6OltJrvg/QzV9f07DJswuda1JH3/qvYu0p vjPnYvCq4NsqY2XSdAJ02HrdYPFtNyPEntu1n1KK+gJrstjtw7KsZ4ygXYrsm/oCBiVW/OgU g/XIlGErkrxe4vQvJyVwg6YH653YTX5hLLUEL1NS4TCo47RP+wi6y+TnuAL36UtK/uFyEuPy wwrDVcC4cIFhYSfsO0BumEI65yu7a8aHbGfq2lW251UcoU48Z27ZUUZd2Dr6O/n8poQHbaTd 6bJJSjzGGHZVbRP9UQ3lkmkmc0+XCHmj5WhwNNYjgbbmML7y0fsJT5RgvefAIFfHBg7fTY/i kBEimoUsTEQz+N4hbKwo1hULfVxDJStE4sbPhjbsPCrlXf6W9CxSyQ0qmZ2bXsLQYRj2xqd1 bpA+1o1j2N4/au1R/uSiUFjewJdT/LX1EklKDcQwpk06Af/N7VZtSfEJeRV04unbsKVXWZAk uAJyDDKN99ziC0Wz5kcPyVD1HNf8bgaqGDzrv3TfYjwqayRFcMf7xJaL9xXedMcAEQEAAcLB XwQYAQgACQUCUuE2fwIbDAAKCRBlw/kGpdefoG4XEACD1Qf/er8EA7g23HMxYWd3FXHThrVQ HgiGdk5Yh632vjOm9L4sd/GCEACVQKjsu98e8o3ysitFlznEns5EAAXEbITrgKWXDDUWGYxd pnjj2u+GkVdsOAGk0kxczX6s+VRBhpbBI2PWnOsRJgU2n10PZ3mZD4Xu9kU2IXYmuW+e5KCA vTArRUdCrAtIa1k01sPipPPw6dfxx2e5asy21YOytzxuWFfJTGnVxZZSCyLUO83sh6OZhJkk b9rxL9wPmpN/t2IPaEKoAc0FTQZS36wAMOXkBh24PQ9gaLJvfPKpNzGD8XWR5HHF0NLIJhgg 4ZlEXQ2fVp3XrtocHqhu4UZR4koCijgB8sB7Tb0GCpwK+C4UePdFLfhKyRdSXuvY3AHJd4CP 4JzW0Bzq/WXY3XMOzUTYApGQpnUpdOmuQSfpV9MQO+/jo7r6yPbxT7CwRS5dcQPzUiuHLK9i nvjREdh84qycnx0/6dDroYhp0DFv4udxuAvt1h4wGwTPRQZerSm4xaYegEFusyhbZrI0U9tJ B8WrhBLXDiYlyJT6zOV2yZFuW47VrLsjYnHwn27hmxTC/7tvG3euCklmkn9Sl9IAKFu29RSo d5bD8kMSCYsTqtTfT6W4A3qHGvIDta3ptLYpIAOD2sY3GYq2nf3Bbzx81wZK14JdDDHUX2Rs 6+ahAA==

Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Fri, 09 Nov 2018 17:17:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Openpgp: preference=signencrypt

On 06/11/18 16:16, Jan Beulich wrote: >>>> On 06.11.18 at 16:52, <andrew.cooper3@xxxxxxxxxx> wrote: >> On 06/11/18 15:38, Jan Beulich wrote: >>>>>> On 05.11.18 at 12:21, <andrew.cooper3@xxxxxxxxxx> wrote: >>>> They are identical, so provide a single x86emul_cpuid() instead. >>>> >>>> As x86_emulate() now only uses the ->cpuid() hook for real CPUID >> instructions, >>>> the hook can be omitted from all special-purpose emulation ops. >>> So I was expecting the hook to go away altogether, but I >>> now realize that it can't because of some of the customization >>> that's needed. That, in turn, means that the removal of the >>> hook specification as per above will get us into problems the >>> moment we need to check a feature that can't be taken >>> straight from the policy object. I'm therefore unconvinced we >>> actually want to go this far. It'll require enough care already >>> to not blindly clone a new vcpu_has_...() wrongly from the >>> many pre-existing examples in such a case. Thoughts? >> All dynamic bits in CPUID are derived from other control state. e.g. we >> check CR4.OSXSAVE, not CPUID.OSXSAVE. The other dynamic bits are APIC, >> which comes from MSR_APIC_BASE, and OSPKE which also comes from CR4. >> >> In the emulator itself, I think it would be a bug if we ever had >> vcpu_has_osxsave etc, because that isn't how pipelines actually behave. >> The feature checks here are semantically equivalent to "do the >> instruction decode and execution units have silicon to cope with these >> instructions". > I agree that vcpu_has_os* makes no sense, but the APIC bit for > example isn't really pipeline / decoder related. Correct, so why do you think APIC matters? All interaction with the APIC is via its MMIO/MSR interface, rather than via dedicated instructions. > However, one > issue already might be that in order for bits in a (sub)leaf above > (guest) limits to come out all clear, it is guest_cpuid() which cuts > things off. Neither cpuid_featureset_to_policy() nor its inverse > nor sanitise_featureset() look to zap fields above limits, in case > they've been previously set to non-zero values. Am I overlooking > something? No - that is an aspect I'd overlooked, because the DOMCTL_set_cpuid_policy work (which does this correctly) hasn't gone in yet. I think I'll tweak recalculate_misc() to zero out beyond the max_subleaf settings, because the intention was always that a flat cpuid_policy was safe to use in this manner. I think there is an existing corner case when trying to level basic.max_leaf to < 7, or extd.max_leaf to < 0x8000007. > Furthermore I wouldn't exclude that we may need to look at a > hypervisor or Viridian leaf at some point. The dynamic vPMU > adjustments also look potentially problematic, if we were to > emulate RDPMC (albeit they're DS-related only right now). The only reason vPMU is dynamic is because we don't (yet) have a split between default and max policies. Fixing this is on the todo list, albeit behind a fairly long chain of dependencies. > And then there's the dynamic exposing of MONITOR for PV; granted > I don't expect us to ever emulate this for PV, but it shows the > general issue. That is to work around a deficiency in how Linux behaves. It isn't for allowing PV guests to use MONITOR. > Plus there's SYSCALL, the insn emulation of which > currently doesn't check the (dynamically adjusted) CPUID bit. No, nor should it. Intel's objection to the SYSCALL/SYSRET instructions is mode based. (As a demonstration which proves the point of this patch, if you hide the SYSCALL bit using masking, the instruction still operates fine). It seems I never got around to submitting my XSA-204 followup patch which fixes many emulation bugs with SYS{CALL,RET,ENTER,EXIT}. > And finally LWP, which again we can only hope we'll never have > to emulate. LWP doesn't exist any more, even on the hardware it used to exist on. It was never implemented on Fam17h, and was removed from Fam15/16h in a microcode update to make room to implement IBPB for Spectre v2 mitigations. I recommend we purge the support completely. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.