Xen project Mailing List

[PATCH v3 07/13] libs/guest: obtain a compatible cpu policy from two input ones

From: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Fri, 30 Apr 2021 17:52:05 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bSU9iAR9gJn2F5NIkLs9bGfJT3MYOFmgJtTRnRYEooQ=; b=oQj8IoWi5UigYuNu9u+X1w9pXAKIR9JEbRhGsN0hyEvs4sgTLgjNuytjxcCk2R8K6LOZJWqnZo4cb1o0RlhSwlaH5S/zIn9W5oszvIrEfTcL+k+v2SUnjD+2WHub03yQuKp/t/N9CYjesweYy4P/nyoJF2VKC0SLRLjm5MjOVp6WchZ4TXo6pVrTHrx2soLBX6gwspnwkHmpmUKWHGpS+qmDUUMcm1mJgG4a5p3kilD9+DPbVGs1JD1KTeZHEn6RJdmW3ypHBg1tUPkrRz4+CiM2By6rKtnb8fx7ZIm6/REEBWaN8rG2rmiu1UTvABdNtVB6MFFyTdiP7GyEntdFFw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ojt4ltiOBhCVhLDbT0cNZUsJFhC6jPvTAD6k8OEsueM3tfJmo3mzS9Ayn2zhs78lfqZLORL+ZQ1KowmA9rAeD4B37l3lkXxHTESArur9jMup0S1h3dwuzJM3K97ygC8O4TnlQxuORl3WPpeAwEekyf2zB47nIxB+OePOp05rmQGX6sJzy0OHGqudt3vrwGgF1iIb/sC/kIJjIx/qgKvapKXRBkyr3T9izSfx+zm4OAk2KLYEh846nvhnLUrjSQTmsIzC2KrZaQu6v0LpikB9P7lDmganP1rQy2kmdYsXWDlIE9zc1vmZsdGkUX6IRsNLN/pN+/JNUWim53KKNKhimw==

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>

Delivery-date: Fri, 30 Apr 2021 15:54:23 +0000

Ironport-hdrordr: A9a23:e9XNhKi8I2ic2ZpxYRQOxFmxJ3BQX0hw3DAbvn1ZSRFFG/Gwv/ uF2NwGyB75jysQUnk8mdaGfJKNW2/Y6IQd2+QsFJ+Ydk3DtHGzJI9vqbHjzTrpBjHk+odmv5 tIW5NVTOf9BV0St63HySGzGdo43Z2j+Kenme/Rwx5WPHhXQotn6Bp0DRveN0VwShVPC5ZRLu vl2uNsoT28dXMLKvmqH3VtZZmJm/TnnI/rCCR2YiIPxxKJiVqThoLSMx/d5RsGViMK/LFKyx miryXcxoGO98620QXd0Wi71eUdpPLExsFYDMKBzug5Qw+c7jqAX4hqV72csD1dmojGhDkXue LBrBs6M8N452m5RBDTnTLWxwLi3DwygkWD9XakgGDuqcG8ZDU2B9spv/M6TjLl6lEttNw57a RT32jxjes1MTr8mk3GhuTgZlVPrA6ZsHAimekcgzh0So0FcoJcqoQZ4Qd8DIoANDiS0vFqLM BeSOXnoNpGe1KTaH7U+kN1xsa3Y3g1FhCaBmAfp82u1SRMlnwR9TpW+OUv2lM7sL4tQZhN4O rJdo5ykqtVc8MQZaVhQMAMXNWwEW6IZR7XKmqdLRDGGcg8Sjzwgq+yxI9wyPCheZQOwpd3so /GSklkuWk7fF+rBtaJ2JFN7xDRUGSwVTng0ahllthEk4y5YICuHTyISVgoncflie4YGNfnV/ G6P48TA/KLFxqsJa95mynFH7VCI3gXV8MY/vwhXUiVn87NIor28ujScPPZIqvxAS8pM1mPQE crbXzWHoFt/0qrUnj3jFz6QHX2YHHy+pp2Dezd5OgcyI8EM4VWqQgLgVGl5sWGQAcy85AeTQ 9bGvfKg6m7rW658SLj9GNyICdQCU5T/fH9SX9QvBQLNEn1aL4HvN2adQlprT66Dy46a/mTPB 9Uplxx967yEoeZwjo6Dcm7dkiAiWEImX6MR5AAu6GK6Mv/YKkkBpI+VKEZL3SOKzVF3SJR7E ZKckstW1LWHDKGs9TfsLUkQMXkM+RarCjuC8hOsn7bvVibvqgUNwEmdg/rd9WWjwYoTydTnX tr/cYk8fe9sD6yNGoyh/k5OlVQaGKRRKlLFhiBeZ88oMGXRChgCWiNnjCUkBc1Zy7j8FgTnH XoKWmOdejMGUc1gAEQ7o/6tFd1fH6aZUR+dzRztpB8D33Pvh9IoJi2T7v212uacV0ZxO4BdD nDfDsJOwtrg9S6zgScljrHFXIowPwVT5rgJaVmd7HYwXW2LoKU0akAAv9P5Z5gcMn0rfVja5 PtRyaFaDfjT+850Q2coXgofCFytXk/iPvtnBno9nKx0nIzCefbSW4WD40zMpWZ9SzpVvyI2J J2gZYusey8Pn74Z9SGxavUBgQzXi/7sCqzVaUluJpUtaU9uP9vBJHdSyLPz2wC0xMkLsv4/X luMJhT8fTEIMtocMMTcS4CoQZsm9SLMUcxsgv5RuU5ZkoginfHP9WPp7rEwIBffHGptU/1Ix 2Y9SYY4vLOGy2E3rQeA7grIWtXZFMngU4Sid+qZsnVEkGya+pH/FCmKXezf79WVbidFdwr32 lHysDNm/XSajHx1w/RtyZqO65C826oRsWpHQKHcNQ4guCSKBCLmaul4Mm6kTfxR3+6ci0j9P F4XF1VaNhfgT8/i4By2jSuS8XM0zAYr2c=

Ironport-sdr: H0k3LhR/vJx7/Lnl4HN4xlu6fAWOYGa8wdMDQ3zlbYoQALrKsctKSvEl/6uL4WRfs/nx3DqSte Qfoi/CTCPDGvbUJpV+B10xrEuqxnXQi0otSqrvt98ucr54b2jX8SFn9p31fGEckYEbKJYS52hS EC9zzYNmGP3/vHsbsiGDGY6iHY1WsvlHPcUtlI0mMwWqJI8heJ+PSuaQXION31LxXlUpSpFgBq ldsRGtQc+rcOflbMeWYS48ivwZ281YliPGC4Mwmg8ViXkQRummvQ3XgCfT2M9NfYcfolv0iijo g8k=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Introduce a helper to obtain a compatible cpu policy based on two input cpu policies. Currently this is done by and'ing all CPUID feature leaves and MSR entries, except for MSR_ARCH_CAPABILITIES which has the RSBA bit or'ed. The _AC macro is pulled from libxl_internal.h into xen-tools/libs.h since it's required in order to use the msr-index.h header. Note there's no need to place this helper in libx86, since the calculation of a compatible policy shouldn't be done from the hypervisor. No callers of the interface introduced. Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- Changes since v2: - Add some comments. - Remove stray double semicolon. - AND all 0x7 subleaves (except 0.EAX). - Explicitly handle MSR indexes in a switch statement. - Error out when an unhandled MSR is found. - Add handling of leaf 0x80000021. Changes since v1: - Only AND the feature parts of cpuid. - Use a binary search to find the matching leaves and msr entries. - Remove default case from MSR level function. --- tools/include/xen-tools/libs.h | 5 ++ tools/include/xenctrl.h | 4 + tools/libs/guest/xg_cpuid_x86.c | 137 ++++++++++++++++++++++++++++++ tools/libs/light/libxl_internal.h | 2 - 4 files changed, 146 insertions(+), 2 deletions(-) diff --git a/tools/include/xen-tools/libs.h b/tools/include/xen-tools/libs.h index a16e0c38070..b9e89f9a711 100644 --- a/tools/include/xen-tools/libs.h +++ b/tools/include/xen-tools/libs.h @@ -63,4 +63,9 @@ #define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1)) #endif +#ifndef _AC +#define __AC(X,Y) (X##Y) +#define _AC(X,Y) __AC(X,Y) +#endif + #endif /* __XEN_TOOLS_LIBS__ */ diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 5f699c09509..c41d794683c 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2622,6 +2622,10 @@ int xc_cpu_policy_update_msrs(xc_interface *xch, xc_cpu_policy_t policy, /* Compatibility calculations. */ bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host, const xc_cpu_policy_t guest); +int xc_cpu_policy_calc_compatible(xc_interface *xch, + const xc_cpu_policy_t p1, + const xc_cpu_policy_t p2, + xc_cpu_policy_t out); int xc_get_cpu_levelling_caps(xc_interface *xch, uint32_t *caps); int xc_get_cpu_featureset(xc_interface *xch, uint32_t index, diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index 6b8bae00334..be2056469aa 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -32,6 +32,7 @@ enum { #include <xen/arch-x86/cpufeatureset.h> }; +#include <xen/asm/msr-index.h> #include <xen/asm/x86-vendors.h> #include <xen/lib/x86/cpu-policy.h> @@ -949,3 +950,139 @@ bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host, return false; } + +static bool level_msr(const xen_msr_entry_t *e1, const xen_msr_entry_t *e2, + xen_msr_entry_t *out) +{ + *out = (xen_msr_entry_t){ .idx = e1->idx }; + + switch ( e1->idx ) + { + case MSR_INTEL_PLATFORM_INFO: + out->val = e1->val & e2->val; + return true; + + case MSR_ARCH_CAPABILITIES: + out->val = e1->val & e2->val; + /* + * Set RSBA if present on any of the input values to notice the guest + * might run on vulnerable hardware at some point. + */ + out->val |= (e1->val | e2->val) & ARCH_CAPS_RSBA; + return true; + } + + return false; +} + +/* Only level featuresets so far. */ +static bool level_leaf(const xen_cpuid_leaf_t *l1, const xen_cpuid_leaf_t *l2, + xen_cpuid_leaf_t *out) +{ + *out = (xen_cpuid_leaf_t){ + .leaf = l1->leaf, + .subleaf = l2->subleaf, + }; + + switch ( l1->leaf ) + { + case 0x1: + case 0x80000001: + out->c = l1->c & l2->c; + out->d = l1->d & l2->d; + return true; + + case 0xd: + if ( l1->subleaf != 1 ) + break; + /* + * Only take Da1 into account, the rest of subleaves will be dropped + * and recalculated by recalculate_xstate. + */ + out->a = l1->a & l2->a; + return true; + + case 0x7: + if ( l1->subleaf ) + /* subleaf 0 EAX contains the max subleaf count. */ + out->a = l1->a & l2->a; + out->b = l1->b & l2->b; + out->c = l1->c & l2->c; + out->d = l1->d & l2->d; + return true; + + case 0x80000007: + out->d = l1->d & l2->d; + return true; + + case 0x80000008: + out->b = l1->b & l2->b; + return true; + + case 0x80000021: + out->a = l1->a & l2->a; + return true; + } + + return false; +} + +int xc_cpu_policy_calc_compatible(xc_interface *xch, + const xc_cpu_policy_t p1, + const xc_cpu_policy_t p2, + xc_cpu_policy_t out) +{ + unsigned int nr_leaves, nr_msrs, i, index; + unsigned int p1_nr_leaves, p2_nr_leaves; + unsigned int p1_nr_entries, p2_nr_entries; + int rc; + + p1_nr_leaves = p2_nr_leaves = ARRAY_SIZE(p1->leaves); + p1_nr_entries = p2_nr_entries = ARRAY_SIZE(p1->entries); + + rc = xc_cpu_policy_serialise(xch, p1, p1->leaves, &p1_nr_leaves, + p1->entries, &p1_nr_entries); + if ( rc ) + return rc; + rc = xc_cpu_policy_serialise(xch, p2, p2->leaves, &p2_nr_leaves, + p2->entries, &p2_nr_entries); + if ( rc ) + return rc; + + index = 0; + for ( i = 0; i < p1_nr_leaves; i++ ) + { + xen_cpuid_leaf_t *l1 = &p1->leaves[i]; + xen_cpuid_leaf_t *l2 = find_leaf(p2->leaves, p2_nr_leaves, + l1->leaf, l1->subleaf); + + if ( l2 && level_leaf(l1, l2, &out->leaves[index]) ) + index++; + } + nr_leaves = index; + + index = 0; + for ( i = 0; i < p1_nr_entries; i++ ) + { + xen_msr_entry_t *e1 = &p1->entries[i]; + xen_msr_entry_t *e2 = find_entry(p2->entries, p2_nr_entries, e1->idx); + + if ( !e2 ) + continue; + if ( !level_msr(e1, e2, &out->entries[index++]) ) + { + ERROR("Unable to level MSR index %#x", e1->idx); + return -EINVAL; + } + } + nr_msrs = index; + + rc = deserialize_policy(xch, out, nr_leaves, nr_msrs); + if ( rc ) + { + errno = -rc; + rc = -1; + } + + return rc; +} diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index 44a2f3c8fe3..5709bcb93fa 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -126,8 +126,6 @@ #define PVSHIM_CMDLINE "pv-shim console=xen,pv" /* Size macros. */ -#define __AC(X,Y) (X##Y) -#define _AC(X,Y) __AC(X,Y) #define MB(_mb) (_AC(_mb, ULL) << 20) #define GB(_gb) (_AC(_gb, ULL) << 30) -- 2.31.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.