|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [RFC 5/6] capabilities: add dom0 cpu faulting disable
This encapsulates disableing cpu faulting for PV dom0 as a capability.
Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
---
xen/arch/x86/cpu-policy.c | 2 +-
xen/arch/x86/cpu/common.c | 82 +++++++++++++++++++--------------------
xen/arch/x86/setup.c | 4 ++
xen/include/xen/sched.h | 8 +++-
4 files changed, 52 insertions(+), 44 deletions(-)
diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c
index 1f954d4e59..42c3193938 100644
--- a/xen/arch/x86/cpu-policy.c
+++ b/xen/arch/x86/cpu-policy.c
@@ -912,7 +912,7 @@ void __init init_dom0_cpuid_policy(struct domain *d)
* If the domain is getting unfiltered CPUID, don't let the guest kernel
* play with CPUID faulting either, as Xen's CPUID path won't cope.
*/
- if ( !opt_dom0_cpuid_faulting && is_control_domain(d) && is_pv_domain(d) )
+ if ( domain_has_cap(d, CAP_DISABLE_CPU_FAULT) )
p->platform_info.cpuid_faulting = false;
recalculate_cpuid_policy(d);
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index cfcdaace12..937581e353 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -164,48 +164,46 @@ static void set_cpuid_faulting(bool enable)
void ctxt_switch_levelling(const struct vcpu *next)
{
- const struct domain *nextd = next ? next->domain : NULL;
- bool enable_cpuid_faulting;
-
- if (cpu_has_cpuid_faulting ||
- boot_cpu_has(X86_FEATURE_CPUID_USER_DIS)) {
- /*
- * No need to alter the faulting setting if we are switching
- * to idle; it won't affect any code running in idle context.
- */
- if (nextd && is_idle_domain(nextd))
- return;
- /*
- * We *should* be enabling faulting for PV control domains.
- *
- * The domain builder has now been updated to not depend on
- * seeing host CPUID values. This makes it compatible with
- * PVH toolstack domains, and lets us enable faulting by
- * default for all PV domains.
- *
- * However, as PV control domains have never had faulting
- * enforced on them before, there might plausibly be other
- * dependenices on host CPUID data. Therefore, we have left
- * an interim escape hatch in the form of
- * `dom0=no-cpuid-faulting` to restore the older behaviour.
- */
- enable_cpuid_faulting = nextd && (opt_dom0_cpuid_faulting ||
- !is_control_domain(nextd) ||
- !is_pv_domain(nextd)) &&
- (is_pv_domain(nextd) ||
- next->arch.msrs->
- misc_features_enables.cpuid_faulting);
-
- if (cpu_has_cpuid_faulting)
- set_cpuid_faulting(enable_cpuid_faulting);
- else
- amd_set_cpuid_user_dis(enable_cpuid_faulting);
-
- return;
- }
-
- if (ctxt_switch_masking)
- alternative_vcall(ctxt_switch_masking, next);
+ const struct domain *nextd = next ? next->domain : NULL;
+ bool enable_cpuid_faulting;
+
+ if ( cpu_has_cpuid_faulting ||
+ boot_cpu_has(X86_FEATURE_CPUID_USER_DIS) ) {
+ /*
+ * No need to alter the faulting setting if we are switching
+ * to idle; it won't affect any code running in idle context.
+ */
+ if (nextd && is_idle_domain(nextd))
+ return;
+ /*
+ * We *should* be enabling faulting for PV control domains.
+ *
+ * The domain builder has now been updated to not depend on
+ * seeing host CPUID values. This makes it compatible with
+ * PVH toolstack domains, and lets us enable faulting by
+ * default for all PV domains.
+ *
+ * However, as PV control domains have never had faulting
+ * enforced on them before, there might plausibly be other
+ * dependenices on host CPUID data. Therefore, we have left
+ * an interim escape hatch in the form of
+ * `dom0=no-cpuid-faulting` to restore the older behaviour.
+ */
+ enable_cpuid_faulting = nextd &&
+ domain_has_cap(nextd, CAP_DISABLE_CPU_FAULT) &&
+ (is_pv_domain(nextd) ||
+ next->arch.msrs->misc_features_enables.cpuid_faulting);
+
+ if (cpu_has_cpuid_faulting)
+ set_cpuid_faulting(enable_cpuid_faulting);
+ else
+ amd_set_cpuid_user_dis(enable_cpuid_faulting);
+
+ return;
+ }
+
+ if (ctxt_switch_masking)
+ alternative_vcall(ctxt_switch_masking, next);
}
bool_t opt_cpu_info;
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 4e20edc3bf..d65144da01 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -907,6 +907,10 @@ static struct domain *__init create_dom0(const module_t
*image,
d->role |= ROLE_UNBOUNDED_DOMAIN;
+ if ( !opt_dom0_cpuid_faulting &&
+ !domain_set_cap(d, CAP_DISABLE_CPU_FAULT) )
+ printk(XENLOG_WARNING "failed to set CPU faulting on Dom %pd\n", d);
+
init_dom0_cpuid_policy(d);
if ( alloc_dom0_vcpu0(d) == NULL )
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index b04fbe0565..ebfe65cd73 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -472,7 +472,8 @@ struct domain
#define ROLE_HARDWARE_DOMAIN (1U<<2)
#define ROLE_XENSTORE_DOMAIN (1U<<3)
uint8_t role;
-#define CAP_CONSOLE_IO (1U<<0)
+#define CAP_CONSOLE_IO (1U<<0)
+#define CAP_DISABLE_CPU_FAULT (1U<<1)
uint8_t capabilities;
/* Is this guest being debugged by dom0? */
bool debugger_attached;
@@ -1160,6 +1161,11 @@ static always_inline bool domain_set_cap(
case CAP_CONSOLE_IO:
d->capabilities |= cap;
break;
+ case CAP_DISABLE_CPU_FAULT:
+ /* Disabling cpu faulting is only allowed for a PV control domain. */
+ if ( is_pv_domain(d) && is_control_domain(d) )
+ d->capabilities |= cap;
+ break;
default:
return false;
}
--
2.20.1
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |