Xen project Mailing List

[Xen-devel] [PATCH v2 05/10] x86/HVM/SVM: Add AVIC initialization code

From: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>

Date: Fri, 30 Dec 2016 23:45:56 -0600

Cc: Jan Beulich <JBeulich@xxxxxxxx>, andrew.cooper3@xxxxxxxxxx, Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>, sherry.hurwitz@xxxxxxx, boris.ostrovsky@xxxxxxxxxx

Delivery-date: Sat, 31 Dec 2016 05:47:19 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Spamdiagnosticmetadata: NSPM

Spamdiagnosticoutput: 1:99

Introduce AVIC base initialization code. This includes: * Setting up per-VM data structures. * Setting up per-vCPU data structure. * Initializing AVIC-related VMCB bit fields. This patch also introduces a new Xen parameter (svm-avic), which can be used to enable/disable AVIC support. Currently, this svm-avic is disabled by default since it does not supported nested virtualization yet. Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx> Cc: Jan Beulich <JBeulich@xxxxxxxx> Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx> --- docs/misc/xen-command-line.markdown | 9 ++ xen/arch/x86/hvm/svm/Makefile | 1 + xen/arch/x86/hvm/svm/avic.c | 232 ++++++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/svm/svm.c | 9 +- xen/arch/x86/hvm/svm/vmcb.c | 3 + xen/include/asm-x86/hvm/svm/avic.h | 40 +++++++ xen/include/asm-x86/hvm/svm/svm.h | 2 + xen/include/asm-x86/hvm/svm/vmcb.h | 21 ++++ 8 files changed, 316 insertions(+), 1 deletion(-) create mode 100644 xen/arch/x86/hvm/svm/avic.c create mode 100644 xen/include/asm-x86/hvm/svm/avic.h diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 0138978..1139099 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1457,6 +1457,15 @@ enforces the maximum theoretically necessary timeout of 670ms. Any number is being interpreted as a custom timeout in milliseconds. Zero or boolean false disable the quirk workaround, which is also the default. +### svm\_avic +> `= <boolean>` + +> Default: `false` + +This option enables Advance Virtual Interrupt Controller (AVIC), +which is an extension of AMD Secure Virtual Machine (SVM) to vitualize +local APIC for guest VM. + ### sync\_console > `= <boolean>` diff --git a/xen/arch/x86/hvm/svm/Makefile b/xen/arch/x86/hvm/svm/Makefile index 760d295..e0e4a59 100644 --- a/xen/arch/x86/hvm/svm/Makefile +++ b/xen/arch/x86/hvm/svm/Makefile @@ -1,4 +1,5 @@ obj-y += asid.o +obj-y += avic.o obj-y += emulate.o obj-bin-y += entry.o obj-y += intr.o diff --git a/xen/arch/x86/hvm/svm/avic.c b/xen/arch/x86/hvm/svm/avic.c new file mode 100644 index 0000000..b62f982 --- /dev/null +++ b/xen/arch/x86/hvm/svm/avic.c @@ -0,0 +1,232 @@ +/* + * avic.c: implements AMD Advance Virtual Interrupt Controller (AVIC) support + * Copyright (c) 2016, Advanced Micro Devices, Inc. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; If not, see <http://www.gnu.org/licenses/>. + */ + +#include <xen/domain_page.h> +#include <xen/sched.h> +#include <xen/stdbool.h> +#include <asm/acpi.h> +#include <asm/apicdef.h> +#include <asm/event.h> +#include <asm/hvm/emulate.h> +#include <asm/hvm/nestedhvm.h> +#include <asm/hvm/support.h> +#include <asm/hvm/svm/avic.h> +#include <asm/hvm/vlapic.h> +#include <asm/p2m.h> +#include <asm/page.h> + +/* + * Note: Current max index allowed for physical APIC ID table is 255. + */ +#define AVIC_PHY_APIC_ID_MAX 0xFF + +#define AVIC_DOORBELL 0xc001011b + +#define AVIC_HPA_SHIFT 12 +#define AVIC_HPA_MASK (((1ULL << 40) - 1) << AVIC_HPA_SHIFT) +#define AVIC_VAPIC_BAR_MASK AVIC_HPA_MASK + +/* + * Note: + * Currently, svm-avic mode is not supported with nested virtualization. + * Therefore, it is not yet currently enabled by default. Once the support + * is in-place, this should be enabled by default. + */ +bool svm_avic = 0; +boolean_param("svm-avic", svm_avic); + +static struct avic_phy_apic_id_ent * +avic_get_phy_apic_id_ent(const struct vcpu *v, unsigned int index) +{ + struct avic_phy_apic_id_ent *avic_phy_apic_id_table; + struct svm_domain *d = &v->domain->arch.hvm_domain.svm; + + if ( !d->avic_phy_apic_id_table_mfn ) + return NULL; + + /* + * Note: APIC ID = 0xff is used for broadcast. + * APIC ID > 0xff is reserved. + */ + if ( index >= 0xff ) + return NULL; + + avic_phy_apic_id_table = mfn_to_virt(d->avic_phy_apic_id_table_mfn); + + return &avic_phy_apic_id_table[index]; +} + +int svm_avic_dom_init(struct domain *d) +{ + int ret = 0; + struct page_info *pg; + unsigned long mfn; + + if ( !svm_avic ) + return 0; + + /* + * Note: + * AVIC hardware walks the nested page table to check permissions, + * but does not use the SPA address specified in the leaf page + * table entry since it uses address in the AVIC_BACKING_PAGE pointer + * field of the VMCB. Therefore, we set up a dummy page for APIC _mfn(0). + */ + if ( !d->arch.hvm_domain.svm.avic_access_page_done ) + { + set_mmio_p2m_entry(d, paddr_to_pfn(APIC_DEFAULT_PHYS_BASE), + _mfn(0), PAGE_ORDER_4K, + p2m_get_hostp2m(d)->default_access); + d->arch.hvm_domain.svm.avic_access_page_done = true; + } + + /* Init AVIC logical APIC ID table */ + pg = alloc_domheap_page(d, MEMF_no_owner); + if ( !pg ) + { + gdprintk(XENLOG_ERR, + "%d: AVIC logical APIC ID table could not be allocated.\n", + d->domain_id); + ret = -ENOMEM; + goto err_out; + } + mfn = page_to_mfn(pg); + clear_domain_page(_mfn(mfn)); + d->arch.hvm_domain.svm.avic_log_apic_id_table_mfn = mfn; + + /* Init AVIC physical APIC ID table */ + pg = alloc_domheap_page(d, MEMF_no_owner); + if ( !pg ) + { + gdprintk(XENLOG_ERR, + "%d: AVIC physical APIC ID table could not be allocated.\n", + d->domain_id); + ret = -ENOMEM; + goto err_out; + } + mfn = page_to_mfn(pg); + clear_domain_page(_mfn(mfn)); + d->arch.hvm_domain.svm.avic_phy_apic_id_table_mfn = mfn; + + return ret; + err_out: + svm_avic_dom_destroy(d); + return ret; +} + +void svm_avic_dom_destroy(struct domain *d) +{ + if ( !svm_avic ) + return; + + if ( d->arch.hvm_domain.svm.avic_phy_apic_id_table_mfn ) + { + free_domheap_page(mfn_to_page(d->arch.hvm_domain.svm.avic_phy_apic_id_table_mfn)); + d->arch.hvm_domain.svm.avic_phy_apic_id_table_mfn = 0; + } + + if ( d->arch.hvm_domain.svm.avic_log_apic_id_table_mfn ) + { + free_domheap_page(mfn_to_page(d->arch.hvm_domain.svm.avic_log_apic_id_table_mfn)); + d->arch.hvm_domain.svm.avic_log_apic_id_table_mfn = 0; + } +} + +bool svm_avic_vcpu_enabled(const struct vcpu *v) +{ + const struct arch_svm_struct *s = &v->arch.hvm_svm; + const struct vmcb_struct *vmcb = s->vmcb; + + return svm_avic && vmcb->_vintr.fields.avic_enable; +} + +static inline u32 * +avic_get_bk_page_entry(const struct vcpu *v, u32 offset) +{ + const struct vlapic *vlapic = vcpu_vlapic(v); + char *tmp; + + if ( !vlapic || !vlapic->regs_page ) + return NULL; + + tmp = (char *)page_to_virt(vlapic->regs_page); + return (u32 *)(tmp + offset); +} + +void svm_avic_update_vapic_bar(const struct vcpu *v, uint64_t data) +{ + const struct arch_svm_struct *s = &v->arch.hvm_svm; + + s->vmcb->avic_vapic_bar = data & AVIC_VAPIC_BAR_MASK; + s->vmcb->cleanbits.fields.avic = 0; +} + +int svm_avic_init_vmcb(struct vcpu *v) +{ + paddr_t ma; + u32 *apic_id_reg; + struct arch_svm_struct *s = &v->arch.hvm_svm; + struct vmcb_struct *vmcb = s->vmcb; + struct svm_domain *d = &v->domain->arch.hvm_domain.svm; + const struct vlapic *vlapic = vcpu_vlapic(v); + struct avic_phy_apic_id_ent entry; + + if ( !svm_avic ) + return 0; + + if ( !vlapic || !vlapic->regs_page ) + return -EINVAL; + + apic_id_reg = avic_get_bk_page_entry(v, APIC_ID); + if ( !apic_id_reg ) + return -EINVAL; + + s->avic_last_phy_id = avic_get_phy_apic_id_ent(v, *apic_id_reg >> 24); + if ( !s->avic_last_phy_id ) + return -EINVAL; + + vmcb->avic_bk_pg_pa = page_to_maddr(vlapic->regs_page) & AVIC_HPA_MASK; + ma = d->avic_log_apic_id_table_mfn; + vmcb->avic_log_apic_id = (ma << PAGE_SHIFT) & AVIC_HPA_MASK; + ma = d->avic_phy_apic_id_table_mfn; + vmcb->avic_phy_apic_id = (ma << PAGE_SHIFT) & AVIC_HPA_MASK; + vmcb->avic_phy_apic_id |= AVIC_PHY_APIC_ID_MAX; + + entry = *(s->avic_last_phy_id); + smp_rmb(); + entry.bk_pg_ptr = (vmcb->avic_bk_pg_pa & AVIC_HPA_MASK) >> AVIC_HPA_SHIFT; + entry.is_running = 0; + entry.valid = 1; + *(s->avic_last_phy_id) = entry; + smp_wmb(); + + svm_avic_update_vapic_bar(v, APIC_DEFAULT_PHYS_BASE); + + vmcb->_vintr.fields.avic_enable = 1; + + return 0; +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 37bd6c4..cef29b2 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -48,6 +48,7 @@ #include <asm/hvm/svm/asid.h> #include <asm/hvm/svm/svm.h> #include <asm/hvm/svm/vmcb.h> +#include <asm/hvm/svm/avic.h> #include <asm/hvm/svm/emulate.h> #include <asm/hvm/svm/intr.h> #include <asm/hvm/svm/svmdebug.h> @@ -1162,11 +1163,12 @@ void svm_host_osvw_init() static int svm_domain_initialise(struct domain *d) { - return 0; + return svm_avic_dom_init(d); } static void svm_domain_destroy(struct domain *d) { + svm_avic_dom_destroy(d); } static int svm_vcpu_initialise(struct vcpu *v) @@ -1459,6 +1461,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_svm_decode, "DecodeAssists"); P(cpu_has_pause_filter, "Pause-Intercept Filter"); P(cpu_has_tsc_ratio, "TSC Rate MSR"); + P(cpu_has_svm_avic, "AVIC"); #undef P if ( !printed ) @@ -1799,6 +1802,10 @@ static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) switch ( msr ) { + case MSR_IA32_APICBASE: + if ( svm_avic_vcpu_enabled(v) ) + svm_avic_update_vapic_bar(v, msr_content); + break; case MSR_IA32_SYSENTER_CS: case MSR_IA32_SYSENTER_ESP: case MSR_IA32_SYSENTER_EIP: diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 9ea014f..9ee7fc7 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -28,6 +28,7 @@ #include <asm/msr-index.h> #include <asm/p2m.h> #include <asm/hvm/support.h> +#include <asm/hvm/svm/avic.h> #include <asm/hvm/svm/svm.h> #include <asm/hvm/svm/svmdebug.h> @@ -225,6 +226,8 @@ static int construct_vmcb(struct vcpu *v) vmcb->_general1_intercepts |= GENERAL1_INTERCEPT_PAUSE; } + svm_avic_init_vmcb(v); + vmcb->cleanbits.bytes = 0; return 0; diff --git a/xen/include/asm-x86/hvm/svm/avic.h b/xen/include/asm-x86/hvm/svm/avic.h new file mode 100644 index 0000000..16b433c --- /dev/null +++ b/xen/include/asm-x86/hvm/svm/avic.h @@ -0,0 +1,40 @@ +#ifndef _SVM_AVIC_H_ +#define _SVM_AVIC_H_ + +enum avic_incmp_ipi_err_code { + AVIC_INCMP_IPI_ERR_INVALID_INT_TYPE, + AVIC_INCMP_IPI_ERR_TARGET_NOT_RUN, + AVIC_INCMP_IPI_ERR_INV_TARGET, + AVIC_INCMP_IPI_ERR_INV_BK_PAGE, +}; + +struct __attribute__ ((__packed__)) +avic_log_apic_id_ent { + u32 guest_phy_apic_id : 8; + u32 res : 23; + u32 valid : 1; +}; + +struct __attribute__ ((__packed__)) +avic_phy_apic_id_ent { + u64 host_phy_apic_id : 8; + u64 res1 : 4; + u64 bk_pg_ptr : 40; + u64 res2 : 10; + u64 is_running : 1; + u64 valid : 1; +}; + +extern bool_t svm_avic; + +int svm_avic_dom_init(struct domain *d); +void svm_avic_dom_destroy(struct domain *d); + +int svm_avic_init_vcpu(struct vcpu *v); +void svm_avic_destroy_vcpu(struct vcpu *v); +bool_t svm_avic_vcpu_enabled(const struct vcpu *v); + +void svm_avic_update_vapic_bar(const struct vcpu *v,uint64_t data); +int svm_avic_init_vmcb(struct vcpu *v); + +#endif /* _SVM_AVIC_H_ */ diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index c954b7e..fea61bb 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -81,6 +81,7 @@ extern u32 svm_feature_flags; #define SVM_FEATURE_FLUSHBYASID 6 /* TLB flush by ASID support */ #define SVM_FEATURE_DECODEASSISTS 7 /* Decode assists support */ #define SVM_FEATURE_PAUSEFILTER 10 /* Pause intercept filter support */ +#define SVM_FEATURE_AVIC 13 /* AVIC support */ #define cpu_has_svm_feature(f) test_bit(f, &svm_feature_flags) #define cpu_has_svm_npt cpu_has_svm_feature(SVM_FEATURE_NPT) @@ -91,6 +92,7 @@ extern u32 svm_feature_flags; #define cpu_has_svm_decode cpu_has_svm_feature(SVM_FEATURE_DECODEASSISTS) #define cpu_has_pause_filter cpu_has_svm_feature(SVM_FEATURE_PAUSEFILTER) #define cpu_has_tsc_ratio cpu_has_svm_feature(SVM_FEATURE_TSCRATEMSR) +#define cpu_has_svm_avic cpu_has_svm_feature(SVM_FEATURE_AVIC) #define SVM_PAUSEFILTER_INIT 3000 diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 43cb98e..d3d045f 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -496,6 +496,24 @@ struct __packed vmcb_struct { }; struct svm_domain { + /* + * This per-domain table is used by the hardware to locate + * the vAPIC backing page to be used to deliver interrupts + * based on the guest physical APIC ID. + */ + paddr_t avic_phy_apic_id_table_mfn; + + /* + * This per-domain table is used by the hardware to map + * logically addressed interrupt requests (w/ guest logical APIC id) + * to the guest physical APIC ID. + */ + paddr_t avic_log_apic_id_table_mfn; + + u32 avic_max_vcpu_id; + bool avic_access_page_done; + spinlock_t avic_ldr_mode_lock; + u32 avic_ldr_mode; }; struct arch_svm_struct { @@ -529,6 +547,9 @@ struct arch_svm_struct { u64 length; u64 status; } osvw; + + struct avic_phy_apic_id_ent *avic_last_phy_id; + u32 avic_last_ldr; }; struct vmcb_struct *alloc_vmcb(void); -- 1.9.1 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.