Xen project Mailing List

[PATCH v2 4/4] tools/libs: Apply MSR policy to a guest

From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>

Date: Wed, 20 Jan 2021 17:49:12 -0500

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Oj10fCSZwO/WpTZ8RIssk6cUWjwKr9DC0gs2ITsGH3s=; b=fFiulH10inlrgaYcvufe+jNX81eP6R3YjauHQHGC9y6MQU7tt913tUunrL4fWtVodFdq/4LjPFhiaO4d6muHo64PZabPFKSG9asBvwuD6qzoPm+xJqyJBipDjbln5Jw8KT3UPBpefOEGlT/cBARhrjs2kGX+jihrrtalovHz1I2dUdt7noc0vr5iRdapgbbvL2tiHvs0gUUIAcsUpqRqcoQJPmtQgcL+9nvCBN+mIwdHeYSOwi3ZNqXmD4sPvHiUeRmy7MPaeMC1iEiwURuJVvAkj8rkR6nH1YHQRwD7e6oeftCbjHJFTc6A1CiAzbXFpYOhvdj7wOJsUFzA/kZStw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NmnnoGFtaY4BQWSHjDG1gHOR1LmrsMsUbs/RZM4e70atfciBH0N2RZox9TO3TanIn+siqdJqM0RTsd6tJ9Fzj1kUWuDf66B6VW5rXbGsXq87Y7rJLOgGBOuxqva499cgcn+1/QtsQ370AmImCXZwwuibF3ESjdkOSUmd3MK68vIU1sq62RodUsTpEOVIsUvfhQ5mZG4ltYlzJuNOzUqXWrVYDv5+nPg/xnWDW7gViYyAHjIDpNeB5axStrKPZ6RN8FAjDNkDKxMBLmaSHGECCJa2vpYbxvbdUGMRjADMPlavOhByDopp2pgDwjynEDt4+xdmGr/a/nSNJgLUvO2S7w==

Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=oracle.com;

Cc: iwj@xxxxxxxxxxxxxx, wl@xxxxxxx, anthony.perard@xxxxxxxxxx, jbeulich@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, roger.pau@xxxxxxxxxx, jun.nakajima@xxxxxxxxx, kevin.tian@xxxxxxxxx, boris.ostrovsky@xxxxxxxxxx

Delivery-date: Wed, 20 Jan 2021 22:49:40 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

When creating a guest, if ignore_msrs option has been specified, apply it to guest's MSR policy. Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx> --- tools/include/xenctrl.h | 2 + tools/libs/guest/Makefile | 1 + tools/libs/guest/xg_msrs_x86.c | 110 ++++++++++++++++++++++++++++++++++++++ tools/libs/light/libxl_dom.c | 5 +- tools/libs/light/libxl_internal.h | 2 + tools/libs/light/libxl_x86.c | 7 +++ 6 files changed, 125 insertions(+), 2 deletions(-) create mode 100644 tools/libs/guest/xg_msrs_x86.c diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 3796425e1eca..1d6a38e73dcf 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -1835,6 +1835,8 @@ int xc_cpuid_apply_policy(xc_interface *xch, const uint32_t *featureset, unsigned int nr_features, bool pae, bool itsc, bool nested_virt, const struct xc_xend_cpuid *xend); +int xc_msr_apply_policy(xc_interface *xch, uint32_t domid, + unsigned int ignore_msr); int xc_mca_op(xc_interface *xch, struct xen_mc *mc); int xc_mca_op_inject_v2(xc_interface *xch, unsigned int flags, xc_cpumap_t cpumap, unsigned int nr_cpus); diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 1c729040b337..452155ea0385 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -56,6 +56,7 @@ SRCS-y += xg_dom_compat_linux.c SRCS-$(CONFIG_X86) += xg_dom_x86.c SRCS-$(CONFIG_X86) += xg_cpuid_x86.c +SRCS-$(CONFIG_X86) += xg_msrs_x86.c SRCS-$(CONFIG_ARM) += xg_dom_arm.c ifeq ($(CONFIG_LIBXC_MINIOS),y) diff --git a/tools/libs/guest/xg_msrs_x86.c b/tools/libs/guest/xg_msrs_x86.c new file mode 100644 index 000000000000..464ce9292ad8 --- /dev/null +++ b/tools/libs/guest/xg_msrs_x86.c @@ -0,0 +1,110 @@ +/****************************************************************************** + * xc_msrs_x86.c + * + * Update MSR policy of a domain. + * + * Copyright (c) 2021, Oracle and/or its affiliates. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; If not, see <http://www.gnu.org/licenses/>. + */ + +#include "xc_private.h" +#include "xen/lib/x86/msr.h" + + + +int xc_msr_apply_policy(xc_interface *xch, uint32_t domid, unsigned int ignore_msr) +{ + int rc; + unsigned int nr_leaves, nr_msrs; + xen_msr_entry_t *msrs = NULL; + struct msr_policy *p = NULL; + xc_dominfo_t di; + unsigned int err_leaf, err_subleaf, err_msr; + + if ( xc_domain_getinfo(xch, domid, 1, &di) != 1 || + di.domid != domid ) + { + ERROR("Failed to obtain d%d info", domid); + rc = -ESRCH; + goto out; + } + + rc = xc_get_cpu_policy_size(xch, &nr_leaves, &nr_msrs); + if ( rc ) + { + PERROR("Failed to obtain policy info size"); + rc = -errno; + goto out; + } + + rc = -ENOMEM; + if ( (msrs = calloc(nr_msrs, sizeof(*msrs))) == NULL || + (p = calloc(1, sizeof(*p))) == NULL ) + goto out; + + /* Get the domain's default policy. */ + nr_leaves = 0; + rc = xc_get_system_cpu_policy(xch, di.hvm ? XEN_SYSCTL_cpu_policy_hvm_default + : XEN_SYSCTL_cpu_policy_pv_default, + &nr_leaves, NULL, &nr_msrs, msrs); + if ( rc ) + { + PERROR("Failed to obtain %s default policy", di.hvm ? "hvm" : "pv"); + rc = -errno; + goto out; + } + + rc = x86_msr_copy_from_buffer(p, msrs, nr_msrs, &err_msr); + if ( rc ) + { + ERROR("Failed to deserialise MSR (err msr %#x) (%d = %s)", + err_msr, -rc, strerror(-rc)); + goto out; + } + + p->ignore_msrs = ignore_msr; + + rc = x86_msr_copy_to_buffer(p, msrs, &nr_msrs); + if ( rc ) + { + ERROR("Failed to serialise MSR (%d = %s)", -rc, strerror(-rc)); + goto out; + } + + nr_leaves = 0; + rc = xc_set_domain_cpu_policy(xch, domid, nr_leaves, NULL, nr_msrs, msrs, + &err_leaf, &err_subleaf, &err_msr); + if ( rc ) + { + PERROR("Failed to set d%d's MSR policy (err leaf %#x, subleaf %#x, msr %#x)", + domid, err_leaf, err_subleaf, err_msr); + rc = -errno; + } + +out: + free(msrs); + free(p); + + return rc; +} + +/* + * Local variables: + * mode: C + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ + diff --git a/tools/libs/light/libxl_dom.c b/tools/libs/light/libxl_dom.c index 19168572fd3e..1f2abf6679d7 100644 --- a/tools/libs/light/libxl_dom.c +++ b/tools/libs/light/libxl_dom.c @@ -383,9 +383,10 @@ int libxl__build_pre(libxl__gc *gc, uint32_t domid, /* Construct a CPUID policy, but only for brand new domains. Domains * being migrated-in/restored have CPUID handled during the * static_data_done() callback. */ - if (!state->restore) + if (!state->restore) { libxl__cpuid_legacy(ctx, domid, false, info); - + libxl__msr_policy(ctx, domid, info); + } return rc; } diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index c79523ba9248..4f369e6a6f14 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -2054,6 +2054,8 @@ _hidden char *libxl__object_to_json(libxl_ctx *ctx, const char *type, _hidden void libxl__cpuid_legacy(libxl_ctx *ctx, uint32_t domid, bool retore, libxl_domain_build_info *info); +_hidden void libxl__msr_policy(libxl_ctx *ctx, uint32_t domid, + libxl_domain_build_info *info); /* Calls poll() again - useful to check whether a signaled condition * is still true. Cannot fail. Returns currently-true revents. */ diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index 86d272999d67..92ec1da77139 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -1,5 +1,6 @@ #include "libxl_internal.h" #include "libxl_arch.h" +#include "xen/lib/x86/msr.h" int libxl__arch_domain_prepare_config(libxl__gc *gc, libxl_domain_config *d_config, @@ -838,6 +839,12 @@ int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, return rc; } +void libxl__msr_policy(libxl_ctx *ctx, uint32_t domid, + libxl_domain_build_info *info) +{ + if (info->ignore_msrs != LIBXL_IGNORE_MSRS_NEVER) + xc_msr_apply_policy(ctx->xch, domid, info->ignore_msrs); +} /* * Local variables: -- 1.8.3.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.