[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 00/10] x86/cpuid: Switch to using XEN_DOMCTL_set_cpumsr_policy

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 13 Sep 2019 20:27:49 +0100
Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
Cc: Juergen Gross <jgross@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 13 Sep 2019 19:28:14 +0000
Ironport-sdr: +r7UFfIaLadPzg6rTnPgaZyq30BYHCWlfB/IDddjV9YpwMH81m+UGgO8LgYraewcSU7PWb6QMA sm5TLcdZnOLtWMQ0913r9Y6507zUFCUyZY3f8xmGoJo3pul6QSdiCLkXuQbzZAXzWqtp/iOvhm Ao4GsObPvn4uFsGnaI71UK0a63iTDiVvrgmwO5RiJol3IKDuNRp3nicoog7/ocJEr/PAjyMCXE fi0mU7IEFwqsZdwaLjD85qx/M288gQDsZKtPzo5i+pIVERt+8OghMt8QbBrb7uI0gEa8YcgWsf mS0=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This is the next part of the Xen/Toolstack CPUID/MSR work.  With most of the
pieces in place, implement XEN_DOMCTL_set_cpumsr_policy to obsolete the
problematic XEN_DOMCTL_set_cpuid.

Key improvements:

  1) The API supports configuring static MSR settings for the domain, a
     capbility which Xen has never had before.
  2) The hypercall supports saying no when the toolstack tries to pass
     problematic data.
  3) The domain builder no longer uses native CPUID instructions for
     constructing guest policies, which is and has always been erroneous
     behaviour.
  4) Vastily reduce the number of hypercalls for typicaly guest construction,
     by not issuing a hypercall per CPUID leaf.

Patch 3 has been posted before, but a long time ago and it has changed
substantially, so I've decided to start the version numbering from fresh.

This series can be found in git from from:
  
http://xenbits.xen.org/gitweb/?p=people/andrewcoop/xen.git;a=shortlog;h=refs/heads/xen-cpuid

Large changes from v2:
 * Split several changes out into earlier patches.  Rebase around.
 * Introduce dom0=no-cpuid-faulting to restore previous behaviour.

See individual patches for changes.

Andrew Cooper (10):
  x86/msr: Offer CPUID Faulting to PVH control domains
  libx86: Proactively initialise error pointers
  libx86: Introduce x86_cpu_policies_are_compatible()
  x86/cpuid: Split update_domain_cpuid_info() in half
  x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy
  tools/libxc: Pre-cleanup for xc_cpuid_{set,apply_policy}()
  tools/libxc: Rework xc_cpuid_set() to use {get,set}_cpu_policy()
  tools/libxc: Rework xc_cpuid_apply_policy() to use {get,set}_cpu_policy()
  x86/domctl: Drop XEN_DOMCTL_set_cpuid
  x86/cpuid: Enable CPUID Faulting for PV control domains by default

 docs/misc/xen-command-line.pandoc        |  19 +-
 tools/flask/policy/modules/dom0.te       |   2 +-
 tools/flask/policy/modules/xen.if        |   2 +-
 tools/libxc/include/xenctrl.h            |   7 +-
 tools/libxc/xc_cpuid_x86.c               | 928 +++++++++++--------------------
 tools/tests/cpu-policy/Makefile          |   2 +-
 tools/tests/cpu-policy/test-cpu-policy.c | 115 +++-
 xen/arch/x86/cpu/common.c                |  29 +-
 xen/arch/x86/dom0_build.c                |   2 +
 xen/arch/x86/domctl.c                    | 258 ++++-----
 xen/arch/x86/msr.c                       |   5 +-
 xen/include/asm-x86/setup.h              |   1 +
 xen/include/public/domctl.h              |  29 +-
 xen/include/xen/lib/x86/cpu-policy.h     |  26 +
 xen/include/xen/lib/x86/cpuid.h          |  17 +-
 xen/include/xen/lib/x86/msr.h            |   4 +-
 xen/lib/x86/Makefile                     |   1 +
 xen/lib/x86/cpuid.c                      |   5 +
 xen/lib/x86/msr.c                        |   3 +
 xen/lib/x86/policy.c                     |  54 ++
 xen/xsm/flask/hooks.c                    |   4 +-
 xen/xsm/flask/policy/access_vectors      |   4 +-
 22 files changed, 692 insertions(+), 825 deletions(-)
 create mode 100644 xen/lib/x86/policy.c

-- 
2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH v2 10/10] x86/cpuid: Enable CPUID Faulting for PV control domains by default
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 04/10] x86/cpuid: Split update_domain_cpuid_info() in half
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 09/10] x86/domctl: Drop XEN_DOMCTL_set_cpuid
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 06/10] tools/libxc: Pre-cleanup for xc_cpuid_{set, apply_policy}()
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 08/10] tools/libxc: Rework xc_cpuid_apply_policy() to use {get, set}_cpu_policy()
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 05/10] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 03/10] libx86: Introduce x86_cpu_policies_are_compatible()
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 07/10] tools/libxc: Rework xc_cpuid_set() to use {get, set}_cpu_policy()
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 01/10] x86/msr: Offer CPUID Faulting to PVH control domains
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 02/10] libx86: Proactively initialise error pointers
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [PATCH v2 01/10] x86/msr: Offer CPUID Faulting to PVH control domains
Next by Date: [Xen-devel] [PATCH v2 07/10] tools/libxc: Rework xc_cpuid_set() to use {get, set}_cpu_policy()
Previous by thread: [Xen-devel] [PATCH] xen/arm: platform: additional Raspberry Pi compatible string
Next by thread: [Xen-devel] [PATCH v2 02/10] libx86: Proactively initialise error pointers
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.