[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/6] x86/hvm: Context switch MSR_PKRS
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Mon, 9 Jan 2023 16:55:19 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pATHQcznDD7E4YnvVRui+umjWBsKGx9P56qzl2XFL7s=; b=dCzKNwRkV2Tp0yxG/4/tXPOZsMwWlCkFcBsaBB4mRai+VLUzK/uHeCjnMdbh1lSrE8g83dFKnfX8sIS7iZ+oj083mK3RNGTBm/eaUcBV+ZmGhwNTqpb5QAFKFus5E4FHcom7jpf+An66qGNUJBGO+Xqod8uVyG0gl16pLEJ8bYwblv/URztNO8RG3j+GaTeAsqqRS9GQ4a3682Y+yiKM81aXG1qJvY9AsXtkcMaw2RIeuxV2okcNnnKmiWm1eAyJY9GNuKl6ARh08qmaJ0avKDpeiiIQDIS+7C8iX+EiOdyDADZBwXJMs9KSGkyac9m4myeyNHe7eG1sURoXplD62w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lGlAGjlDW6g/Gn/CR7frhd8ZnApQJxjrnIBFnK9n8kbjYzlyYjKff4q4Xs4l3KA0lKyjVJ9nkuJzSy0vT390KVKViZO76mM2MySHukuG2fultcwZUsWKg4ElZ++NTFtbSh88iGeOef8Rd3V+BMgDMsSsQbwgyWpG4VqFY9xbaq7CcwgNpcQcLmE54vS8P3JpmdDt7TbWPXf47+RofKujQz67ZdOvyjsn1PMKmZd2+we8qIt0OPHj9MsQiqTpQM4sgula/pe61o+zxZEDGgvonWfLbpGG+ainF1+4kqHetRLGA6pvBHWMPSE/lQoWOOYWkAw1y7YqL0we5x0CxxRsAQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Mon, 09 Jan 2023 16:55:37 +0000
- Ironport-data: A9a23:unsM9qBUjYjI+RVW/xHiw5YqxClBgxIJ4kV8jS/XYbTApDMh0WBWx jdMWW6CaKzfYTPyfI0ja9vi9UxXupKAzIQ2QQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nNHuCnYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFtcpvlDs15K6p4GpA7wRlDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw3bhqXXEU7 /ojJDkTLRze2OTm7K6+Vbw57igjBJGD0II3nFhFlGicJtF/BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTI++xuvDW7IA9ZidABNPL8fNCQSNoTtUGfv m/cpEzyAw0ANczZwj2Amp6prr6WwnOlBNNCfFG+3v5zwwas2m89MSFIfBi2oNqcmnGTAesKf iT4/QJr98De7neDTNPwQhm5q36spQMHVpxbFOhSwB6J4rrZ5UCeHGdsZj1Mdt0g8tM3TDoC1 1mVktevDjtq2JWFRHTY+rqKoDeaPSkOMXREdSICVREC4dTovMc0lB2nczp4OKu8j9mwEjapx TmP9XE6n+9K0pNN0Lin91fahT7qvoLOUgM++gTQWCSi8x99Y4mmIYev7DA38Mp9EWpQdXHZ1 FBspiRUxLpm4U2l/MBVfNgwIQ==
- Ironport-hdrordr: A9a23:4Wti2K/ax8+Q1zoBBgZuk+DcI+orL9Y04lQ7vn2ZLiY4TiX4ra +TdZEgviMc5wx+ZJhNo7G90cu7MBDhHO9OgbX5VI3KNGOKhILCFvAB0WKN+UyFJwTOssJbyK d8Y+xfJbTLfD9HZB/BkWyFL+o=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHX8mME5A98miRws0CbcM4WT1rTvaw83q0AglvS2wA=
- Thread-topic: [PATCH 3/6] x86/hvm: Context switch MSR_PKRS
On 21/12/2021 11:56 am, Jan Beulich wrote:
> On 16.12.2021 10:54, Andrew Cooper wrote:
>> @@ -42,4 +45,49 @@ static inline void wrpkru(uint32_t pkru)
>> :: "a" (pkru), "d" (0), "c" (0) );
>> }
>>
>> +/*
>> + * Xen does not use PKS.
>> + *
>> + * Guest kernel use is expected to be one default key, except for tiny
>> windows
>> + * with a double write to switch to a non-default key in a permitted
>> critical
>> + * section.
>> + *
>> + * As such, we want MSR_PKRS un-intercepted. Furthermore, as we only need
>> it
>> + * in Xen for emulation or migration purposes (i.e. possibly never in a
>> + * domain's lifetime), we don't want to re-sync the hardware value on every
>> + * vmexit.
>> + *
>> + * Therefore, we read and cache the guest value in ctxt_switch_from(), in
>> the
>> + * expectation that we can short-circuit the write in ctxt_switch_to().
>> + * During regular operations in current context, the guest value is in
>> + * hardware and the per-cpu cache is stale.
>> + */
>> +DECLARE_PER_CPU(uint32_t, pkrs);
>> +
>> +static inline uint32_t rdpkrs(void)
>> +{
>> + uint32_t pkrs, tmp;
>> +
>> + rdmsr(MSR_PKRS, pkrs, tmp);
>> +
>> + return pkrs;
>> +}
>> +
>> +static inline uint32_t rdpkrs_and_cache(void)
>> +{
>> + return this_cpu(pkrs) = rdpkrs();
>> +}
>> +
>> +static inline void wrpkrs(uint32_t pkrs)
>> +{
>> + uint32_t *this_pkrs = &this_cpu(pkrs);
>> +
>> + if ( *this_pkrs != pkrs )
> For this to work, I think we need to clear PKRS during CPU init; I
> admit I didn't peek ahead in the series to check whether you do so
> later on in the series. At least the version of the SDM I'm looking
> at doesn't even specify reset state of 0 for this MSR. But even if
> it did, it would likely be as for PKRU - unchanged after INIT. Yet
> INIT is all that CPUs go through when e.g. parking / unparking them.
While trying to address this, I've noticed that we don't sanitise PKRU
during CPU init either.
This will explode in a fun way if e.g. we kexec into a new Xen, but
leave PKEY 0 with AD/WD, and try building a PV dom0.
As soon as we've fully context switched into a vCPU context, we'll pick
up the 0 from XSTATE and do the right thing by default.
~Andrew
|