[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 4/4] tools/libs: Apply MSR policy to a guest

  • To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 18 Feb 2021 12:48:35 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ELahRdeN5J9kMXWhPEXU97y4TG25/2rHS0WXuLbMYDk=; b=EMcJvgPw4Fm70zggwKL44EBhh2ssgMnDLwCZzyPT3xZVruCO7Ekw7+2YGvbyTxsNlx4y9gzG9MaarfzUcj4wyqROviAeQhSk2cfnOYU54lEIk7rdMjQaJmlzeq7LruVFmULbIPsXLHjdcbH1PrfKw3uogfa6kMvgg7VYyuQCpR6eb2p0oul/u1uax30LgssIycIHfLt/QfOTK7ycUyxszLpIcN4Q+v/F95/B1Jxm7ivBmJ9T/dZcuQ9jjCINxukyAIbzP2o4xT9g+DFGXbpndzeV2pYHLx9mPk4Dkx89zqAXYmX00EP62xXgIsAvNH6cC3AUdjdbli5VKcUuW4OxNg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aFJxjkdIeGmEkSbhFkxPpJ5KWsp/wxHI7OSd7sA8/cwqLDKcn72VsqzGAqIln0jc6hxUTUEI3ujGD5sagr5iKMtbid/YASItGzpk58/6cksN1Pl/+vWFNrSK88wuKIQT/9vZqUIyXhNo+x9a6odJeUOUAabggxFkUIGHwiMXqVR0fo5a1sAYrvibDZvJSGtrtw1WI37pg7oNADglYImIzbre2QJaK7jpZR/mRTgnuy3wwYR7b2UvfyDxRRoocnssLkgaZnSkx9iID9tGaKfvgcKELsByGxxSQKRxTqV4o8kzkHscXazN/twA0IXoc5PTbTQ/VzID3f8rQWASRfRwGQ==
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <iwj@xxxxxxxxxxxxxx>, <wl@xxxxxxx>, <anthony.perard@xxxxxxxxxx>, <jbeulich@xxxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <jun.nakajima@xxxxxxxxx>, <kevin.tian@xxxxxxxxx>
  • Delivery-date: Thu, 18 Feb 2021 11:48:58 +0000
  • Ironport-sdr: R8d/KEYbsq9hLrw5VvgPGwPa5P0OoHRiJKQnf30sTjOpxijvRhqtaA1wXGsbjYmNJUiH0BifMo JA/vxD3cAGGjNMFVu3/26KCGkS9D7YFdUsgfNo0IX8TypYwjFcmqO9pC9vuQIZ+F7xSDfHqUQ9 CzxgDuQ1WSt0msyo+KYnw9jifrGwrW1Ikzm1+rtsuEXbBaMHDgncdfhRpgXXdxu9W/TIepBOW9 hJSj+mzytYTCKecGvi/g3nfIe2KL3qGL32ILw3gSQ5MYY8tGKlyK/Bbo8ExZItosmMCL6JyVgC jGA=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Jan 20, 2021 at 05:49:12PM -0500, Boris Ostrovsky wrote:
> When creating a guest, if ignore_msrs option has been specified,
> apply it to guest's MSR policy.
> 
> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
> ---
>  tools/include/xenctrl.h           |   2 +
>  tools/libs/guest/Makefile         |   1 +
>  tools/libs/guest/xg_msrs_x86.c    | 110 
> ++++++++++++++++++++++++++++++++++++++
>  tools/libs/light/libxl_dom.c      |   5 +-
>  tools/libs/light/libxl_internal.h |   2 +
>  tools/libs/light/libxl_x86.c      |   7 +++
>  6 files changed, 125 insertions(+), 2 deletions(-)
>  create mode 100644 tools/libs/guest/xg_msrs_x86.c
> 
> diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
> index 3796425e1eca..1d6a38e73dcf 100644
> --- a/tools/include/xenctrl.h
> +++ b/tools/include/xenctrl.h
> @@ -1835,6 +1835,8 @@ int xc_cpuid_apply_policy(xc_interface *xch,
>                            const uint32_t *featureset,
>                            unsigned int nr_features, bool pae, bool itsc,
>                            bool nested_virt, const struct xc_xend_cpuid 
> *xend);
> +int xc_msr_apply_policy(xc_interface *xch, uint32_t domid,
> +                        unsigned int ignore_msr);
>  int xc_mca_op(xc_interface *xch, struct xen_mc *mc);
>  int xc_mca_op_inject_v2(xc_interface *xch, unsigned int flags,
>                          xc_cpumap_t cpumap, unsigned int nr_cpus);
> diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile
> index 1c729040b337..452155ea0385 100644
> --- a/tools/libs/guest/Makefile
> +++ b/tools/libs/guest/Makefile
> @@ -56,6 +56,7 @@ SRCS-y                 += xg_dom_compat_linux.c
>  
>  SRCS-$(CONFIG_X86)     += xg_dom_x86.c
>  SRCS-$(CONFIG_X86)     += xg_cpuid_x86.c
> +SRCS-$(CONFIG_X86)     += xg_msrs_x86.c
>  SRCS-$(CONFIG_ARM)     += xg_dom_arm.c
>  
>  ifeq ($(CONFIG_LIBXC_MINIOS),y)
> diff --git a/tools/libs/guest/xg_msrs_x86.c b/tools/libs/guest/xg_msrs_x86.c
> new file mode 100644
> index 000000000000..464ce9292ad8
> --- /dev/null
> +++ b/tools/libs/guest/xg_msrs_x86.c
> @@ -0,0 +1,110 @@
> +/******************************************************************************
> + * xc_msrs_x86.c
> + *
> + * Update MSR policy of a domain.
> + *
> + * Copyright (c) 2021, Oracle and/or its affiliates.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation;
> + * version 2.1 of the License.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; If not, see 
> <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "xc_private.h"
> +#include "xen/lib/x86/msr.h"
> +
> +
> +
> +int xc_msr_apply_policy(xc_interface *xch, uint32_t domid, unsigned int 
> ignore_msr)
> +{
> +    int rc;
> +    unsigned int nr_leaves, nr_msrs;
> +    xen_msr_entry_t *msrs = NULL;
> +    struct msr_policy *p = NULL;
> +    xc_dominfo_t di;
> +    unsigned int err_leaf, err_subleaf, err_msr;
> +
> +    if ( xc_domain_getinfo(xch, domid, 1, &di) != 1 ||
> +         di.domid != domid )
> +    {
> +        ERROR("Failed to obtain d%d info", domid);
> +        rc = -ESRCH;
> +        goto out;
> +    }
> +
> +    rc = xc_get_cpu_policy_size(xch, &nr_leaves, &nr_msrs);
> +    if ( rc )
> +    {
> +        PERROR("Failed to obtain policy info size");
> +        rc = -errno;
> +        goto out;
> +    }
> +
> +    rc = -ENOMEM;
> +    if ( (msrs = calloc(nr_msrs, sizeof(*msrs))) == NULL ||
> +         (p = calloc(1, sizeof(*p))) == NULL )
> +        goto out;
> +
> +    /* Get the domain's default policy. */
> +    nr_leaves = 0;
> +    rc = xc_get_system_cpu_policy(xch, di.hvm ? 
> XEN_SYSCTL_cpu_policy_hvm_default
> +                                              : 
> XEN_SYSCTL_cpu_policy_pv_default,
> +                                  &nr_leaves, NULL, &nr_msrs, msrs);
> +    if ( rc )
> +    {
> +        PERROR("Failed to obtain %s default policy", di.hvm ? "hvm" : "pv");
> +        rc = -errno;
> +        goto out;
> +    }

Why not use xc_get_domain_cpu_policy instead so that you can avoid the
call to xc_domain_getinfo?

It would also seem safer, as you won't be discarding any adjustments
made to the default policy by the hypervisor for this specific domain.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.