[PATCH 01/18] Nested Virtualization: tools

[PATCH 01/18] Nested Virtualization: tools

[Christoph Egger]

[-- Attachment #1: Type: text/plain, Size: 354 bytes --]


Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>



-- 
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Karl-Hammerschmidt-Str. 34, 85609 Dornach b. Muenchen
Geschaeftsfuehrer: Andrew Bowd, Thomas M. McCoy, Giuliano Meroni
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632

[-- Attachment #2: xen_nh01_tools.diff --]
[-- Type: text/x-diff, Size: 5341 bytes --]

# HG changeset patch
# User cegger
# Date 1271330288 -7200
tools: Add nestedhvm guest config option.

diff -r 2d96bc60035c -r 0e6fd40c25bf tools/libxc/xc_cpuid_x86.c
--- a/tools/libxc/xc_cpuid_x86.c
+++ b/tools/libxc/xc_cpuid_x86.c
@@ -95,6 +95,7 @@ static void amd_xc_cpuid_policy(
         /* Filter all other features according to a whitelist. */
         regs[2] &= ((is_64bit ? bitmaskof(X86_FEATURE_LAHF_LM) : 0) |
                     bitmaskof(X86_FEATURE_CMP_LEGACY) |
+                    bitmaskof(X86_FEATURE_SVME) |
                     bitmaskof(X86_FEATURE_ALTMOVCR) |
                     bitmaskof(X86_FEATURE_ABM) |
                     bitmaskof(X86_FEATURE_SSE4A) |
@@ -142,7 +143,8 @@ static void intel_xc_cpuid_policy(
         int is_64bit = hypervisor_is_64bit(xc) && is_pae;
 
         /* Only a few features are advertised in Intel's 0x80000001. */
-        regs[2] &= (is_64bit ? bitmaskof(X86_FEATURE_LAHF_LM) : 0);
+        regs[2] &= (is_64bit ? bitmaskof(X86_FEATURE_LAHF_LM) : 0) |
+                    bitmaskof(X86_FEATURE_SVME);
         regs[3] &= ((is_pae ? bitmaskof(X86_FEATURE_NX) : 0) |
                     (is_64bit ? bitmaskof(X86_FEATURE_LM) : 0) |
                     (is_64bit ? bitmaskof(X86_FEATURE_SYSCALL) : 0) |
diff -r 2d96bc60035c -r 0e6fd40c25bf tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py
+++ b/tools/python/xen/xend/XendConfig.py
@@ -176,6 +176,7 @@ XENAPI_PLATFORM_CFG_TYPES = {
     'vhpt': int,
     'guest_os_type': str,
     'hap': int,
+    'nestedhvm' : int,
     'xen_extended_power_mgmt': int,
     'pci_msitranslate': int,
     'pci_power_mgmt': int,
@@ -2226,6 +2227,9 @@ class XendConfig(dict):
             return not self.is_hvm()
         return False
 
+    def is_nestedhvm(self):
+        return self['platform'].get('nestedhvm', 0)
+
     def update_platform_pci(self):
         pci = []
         for dev_type, dev_info in self.all_devices_sxpr():
diff -r 2d96bc60035c -r 0e6fd40c25bf tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py
+++ b/tools/python/xen/xend/XendDomainInfo.py
@@ -2511,9 +2511,11 @@ class XendDomainInfo:
         self.restart_in_progress = False
 
         hap = 0
+        nestedhvm = 0
         hvm = self.info.is_hvm()
         if hvm:
             hap = self.info.is_hap()
+            nestedhvm = self.info.is_nestedhvm()
             info = xc.xeninfo()
             if 'hvm' not in info['xen_caps']:
                 raise VmError("HVM guest support is unavailable: is VT/AMD-V "
@@ -2540,7 +2542,7 @@ class XendDomainInfo:
         oos = self.info['platform'].get('oos', 1)
         oos_off = 1 - int(oos)
 
-        flags = (int(hvm) << 0) | (int(hap) << 1) | (int(s3_integrity) << 2) | (int(oos_off) << 3)
+        flags = (int(hvm) << 0) | (int(hap) << 1) | (int(s3_integrity) << 2) | (int(oos_off) << 3) | (int(nestedhvm) << 4)
 
         try:
             self.domid = xc.domain_create(
diff -r 2d96bc60035c -r 0e6fd40c25bf tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -633,6 +633,11 @@ gopts.var('hap', val='HAP',
           use="""Hap status (0=hap is disabled;
           1=hap is enabled.""")
 
+gopts.var('nestedhvm', val='NESTEDHVM',
+          fn=set_int, default=0,
+          use="""Nested HVM status (0=Nested HVM is disabled;
+          1=Nested HVM is enabled.""")
+
 gopts.var('s3_integrity', val='TBOOT_MEMORY_PROTECT',
           fn=set_int, default=1,
           use="""Should domain memory integrity be verified during S3?
@@ -1069,7 +1074,7 @@ def configure_hvm(config_image, vals):
              'isa',
              'keymap',
              'localtime',
-             'nographic',
+             'nestedhvm', 'nographic',
              'opengl', 'oos',
              'pae', 'pci', 'pci_msitranslate', 'pci_power_mgmt',
              'rtc_timeoffset',
diff -r 2d96bc60035c -r 0e6fd40c25bf xen/common/domctl.c
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -393,7 +393,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( supervisor_mode_kernel ||
              (op->u.createdomain.flags &
              ~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap |
-               XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off)) )
+               XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off |
+               XEN_DOMCTL_CDF_nestedhvm)) )
             break;
 
         dom = op->domain;
diff -r 2d96bc60035c -r 0e6fd40c25bf xen/include/public/domctl.h
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -60,10 +60,13 @@ struct xen_domctl_createdomain {
  /* Should domain memory integrity be verifed by tboot during Sx? */
 #define _XEN_DOMCTL_CDF_s3_integrity  2
 #define XEN_DOMCTL_CDF_s3_integrity   (1U<<_XEN_DOMCTL_CDF_s3_integrity)
-    uint32_t flags;
  /* Disable out-of-sync shadow page tables? */
 #define _XEN_DOMCTL_CDF_oos_off       3
 #define XEN_DOMCTL_CDF_oos_off        (1U<<_XEN_DOMCTL_CDF_oos_off)
+ /* Enable nested HVM (only valid with XEN_DOMCTL_CDF_hvm_guest) */
+#define _XEN_DOMCTL_CDF_nestedhvm     4
+#define XEN_DOMCTL_CDF_nestedhvm      (1U<<_XEN_DOMCTL_CDF_nestedhvm)
+    uint32_t flags;
 };
 typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
 DEFINE_XEN_GUEST_HANDLE(xen_domctl_createdomain_t);

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: [PATCH 01/18] Nested Virtualization: tools

[Tim Deegan]

At 13:22 +0100 on 15 Apr (1271337756), Christoph Egger wrote:
> diff -r 2d96bc60035c -r 0e6fd40c25bf xen/include/public/domctl.h
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -60,10 +60,13 @@ struct xen_domctl_createdomain {
>   /* Should domain memory integrity be verifed by tboot during Sx? */
>  #define _XEN_DOMCTL_CDF_s3_integrity  2
>  #define XEN_DOMCTL_CDF_s3_integrity   (1U<<_XEN_DOMCTL_CDF_s3_integrity)
> -    uint32_t flags;
>   /* Disable out-of-sync shadow page tables? */
>  #define _XEN_DOMCTL_CDF_oos_off       3
>  #define XEN_DOMCTL_CDF_oos_off        (1U<<_XEN_DOMCTL_CDF_oos_off)
> + /* Enable nested HVM (only valid with XEN_DOMCTL_CDF_hvm_guest) */
> +#define _XEN_DOMCTL_CDF_nestedhvm     4
> +#define XEN_DOMCTL_CDF_nestedhvm      (1U<<_XEN_DOMCTL_CDF_nestedhvm)
> +    uint32_t flags;
>  };
>  typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
>  DEFINE_XEN_GUEST_HANDLE(xen_domctl_createdomain_t);

Does this need its own hyperacll flag?  Couldn't we just gate it on
whether the cpuid policy allows SVM?

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, XenServer Engineering
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

Re: [PATCH 01/18] Nested Virtualization: tools

[Tim Deegan]

At 11:36 +0100 on 16 Apr (1271417812), Tim Deegan wrote:
> At 13:22 +0100 on 15 Apr (1271337756), Christoph Egger wrote:
> > diff -r 2d96bc60035c -r 0e6fd40c25bf xen/include/public/domctl.h
> > --- a/xen/include/public/domctl.h
> > +++ b/xen/include/public/domctl.h
> > @@ -60,10 +60,13 @@ struct xen_domctl_createdomain {
> >   /* Should domain memory integrity be verifed by tboot during Sx? */
> >  #define _XEN_DOMCTL_CDF_s3_integrity  2
> >  #define XEN_DOMCTL_CDF_s3_integrity   (1U<<_XEN_DOMCTL_CDF_s3_integrity)
> > -    uint32_t flags;
> >   /* Disable out-of-sync shadow page tables? */
> >  #define _XEN_DOMCTL_CDF_oos_off       3
> >  #define XEN_DOMCTL_CDF_oos_off        (1U<<_XEN_DOMCTL_CDF_oos_off)
> > + /* Enable nested HVM (only valid with XEN_DOMCTL_CDF_hvm_guest) */
> > +#define _XEN_DOMCTL_CDF_nestedhvm     4
> > +#define XEN_DOMCTL_CDF_nestedhvm      (1U<<_XEN_DOMCTL_CDF_nestedhvm)
> > +    uint32_t flags;
> >  };
> >  typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
> >  DEFINE_XEN_GUEST_HANDLE(xen_domctl_createdomain_t);
> 
> Does this need its own hyperacll flag?  Couldn't we just gate it on
> whether the cpuid policy allows SVM?

Actually, more generally:  Keir, can you give us an opinion on which
things like this belong in DOMCTL_CDF_ and which in HVM_PARAM_ (and
which in their own hypercalls or not at all?)

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, XenServer Engineering
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

Re: [PATCH 01/18] Nested Virtualization: tools

[Keir Fraser]

On 16/04/2010 11:43, "Tim Deegan" <Tim.Deegan@citrix.com> wrote:

>>>  typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
>>>  DEFINE_XEN_GUEST_HANDLE(xen_domctl_createdomain_t);
>> 
>> Does this need its own hyperacll flag?  Couldn't we just gate it on
>> whether the cpuid policy allows SVM?
> 
> Actually, more generally:  Keir, can you give us an opinion on which
> things like this belong in DOMCTL_CDF_ and which in HVM_PARAM_ (and
> which in their own hypercalls or not at all?)

Yes, this should be hooked off CPUID configuration, or an HVM_PARAM. We only
allocate DOMCTL_CDF flags for things which need for whatever reason to be
configured/enabled really early. Shadow stuff is a good example, as the
shadow logic is hard enough without switching modes after a domain is
created - hence there we have DOMCTL_CDF flags so it can just be set up
right all in one go. I don't think nestedhvm has such difficulties.

 -- Keir