[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86: synchronize PCI config space access decoding

On 09/03/15 16:08, Jan Beulich wrote:
> Both PV and HVM logic have similar but not similar enough code here.
> Synchronize the two so that
> - in the HVM case we don't unconditionally try to access extended
>   config space
> - in the PV case we pass a correct range to the XSM hook
> - in the PV case we don't needlessly deny access when the operation
>   isn't really on PCI config space
> All this along with sharing the macros HVM already had here.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -2383,11 +2383,6 @@ void hvm_vcpu_down(struct vcpu *v)
>  static struct hvm_ioreq_server *hvm_select_ioreq_server(struct domain *d,
>                                                          ioreq_t *p)
>  {
> -#define CF8_BDF(cf8)     (((cf8) & 0x00ffff00) >> 8)
> -#define CF8_ADDR_LO(cf8) ((cf8) & 0x000000fc)
> -#define CF8_ADDR_HI(cf8) (((cf8) & 0x0f000000) >> 16)
> -#define CF8_ENABLED(cf8) (!!((cf8) & 0x80000000))
> -
>      struct hvm_ioreq_server *s;
>      uint32_t cf8;
>      uint8_t type;
> @@ -2416,9 +2411,19 @@ static struct hvm_ioreq_server *hvm_sele
>  
>          type = IOREQ_TYPE_PCI_CONFIG;
>          addr = ((uint64_t)sbdf << 32) |
> -               CF8_ADDR_HI(cf8) |
>                 CF8_ADDR_LO(cf8) |
>                 (p->addr & 3);
> +        /* AMD extended configuration space access? */
> +        if ( CF8_ADDR_HI(cf8) &&
> +             boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
> +             boot_cpu_data.x86 >= 0x10 && boot_cpu_data.x86 <= 0x17 )
> +        {
> +            uint64_t msr_val;
> +
> +            if ( !rdmsr_safe(MSR_AMD64_NB_CFG, msr_val) &&
> +                 (msr_val & (1ULL << AMD64_NB_CFG_CF8_EXT_ENABLE_BIT)) )
> +                addr |= CF8_ADDR_HI(cf8);

This is another example of host state which leaks into guests across
migrate, but in this case is also problematic at the host level.

As far as the host goes, MSR_AMD64_NB_CFG is a per-node msr and Xen
should verify that the AMD64_NB_CFG_CF8_EXT_ENABLE_BIT is consistent
across the system, or bits of emulate_privileged_op() are liable to
execute differently depending on which pcpu a vcpu happens to be scheduled.

Beyond that, for now there should be a __read_mostly bool_t based on the
system verification, which is used in preference to reading the MSR each
time a guest does a cf8 access.

Someone with many tuits can see about making the entire guest MSR state
move in the migration stream, or I will probably get to it after getting
the cpuid work done.

~Andrew


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.