From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Ed White <edmund.h.white@intel.com>, xen-devel@lists.xen.org
Cc: ian.jackson@eu.citrix.com, tim@xen.org, keir@xen.org,
ian.campbell@citrix.com, jbeulich@suse.com
Subject: Re: [PATCH 02/11] VMX: implement suppress #VE.
Date: Mon, 12 Jan 2015 16:43:11 +0000 [thread overview]
Message-ID: <54B3F99F.1070107@citrix.com> (raw)
In-Reply-To: <1420838801-11704-3-git-send-email-edmund.h.white@intel.com>
On 09/01/15 21:26, Ed White wrote:
> In preparation for selectively enabling hardware #VE in a later patch,
> set suppress #VE on all EPTE's on #VE-capable hardware.
>
> Suppress #VE should always be the default condition for two reasons:
> it is generally not safe to deliver #VE into a guest unless that guest
> has been modified to receive it; and even then for most EPT violations only
> the hypervisor is able to handle the violation.
>
> Signed-off-by: Ed White <edmund.h.white@intel.com>
> ---
> xen/arch/x86/mm/p2m-ept.c | 34 +++++++++++++++++++++++++++++++++-
> xen/include/asm-x86/hvm/vmx/vmx.h | 1 +
> 2 files changed, 34 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
> index eb8b5f9..2b9f07c 100644
> --- a/xen/arch/x86/mm/p2m-ept.c
> +++ b/xen/arch/x86/mm/p2m-ept.c
> @@ -41,7 +41,7 @@
> #define is_epte_superpage(ept_entry) ((ept_entry)->sp)
> static inline bool_t is_epte_valid(ept_entry_t *e)
> {
> - return (e->epte != 0 && e->sa_p2mt != p2m_invalid);
> + return (e->valid != 0 && e->sa_p2mt != p2m_invalid);
> }
>
> /* returns : 0 for success, -errno otherwise */
> @@ -194,6 +194,19 @@ static int ept_set_middle_entry(struct p2m_domain *p2m, ept_entry_t *ept_entry)
>
> ept_entry->r = ept_entry->w = ept_entry->x = 1;
>
> + /* Disable #VE on all entries */
> + if ( cpu_has_vmx_virt_exceptions )
> + {
> + ept_entry_t *table = __map_domain_page(pg);
> +
> + for ( int i = 0; i < EPT_PAGETABLE_ENTRIES; i++ )
Style - please declare i in the upper scope, and it should be unsigned.
> + table[i].suppress_ve = 1;
> +
> + unmap_domain_page(table);
> +
> + ept_entry->suppress_ve = 1;
> + }
> +
> return 1;
> }
>
> @@ -243,6 +256,10 @@ static int ept_split_super_page(struct p2m_domain *p2m, ept_entry_t *ept_entry,
> epte->sp = (level > 1);
> epte->mfn += i * trunk;
> epte->snp = (iommu_enabled && iommu_snoop);
> +
> + if ( cpu_has_vmx_virt_exceptions )
> + epte->suppress_ve = 1;
> +
> ASSERT(!epte->rsvd1);
>
> ept_p2m_type_to_flags(epte, epte->sa_p2mt, epte->access);
> @@ -753,6 +770,9 @@ ept_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
> ept_p2m_type_to_flags(&new_entry, p2mt, p2ma);
> }
>
> + if ( cpu_has_vmx_virt_exceptions )
> + new_entry.suppress_ve = 1;
> +
> rc = atomic_write_ept_entry(ept_entry, new_entry, target);
> if ( unlikely(rc) )
> old_entry.epte = 0;
> @@ -1069,6 +1089,18 @@ int ept_p2m_init(struct p2m_domain *p2m)
> /* set EPT page-walk length, now it's actual walk length - 1, i.e. 3 */
> ept->ept_wl = 3;
>
> + /* Disable #VE on all entries */
> + if ( cpu_has_vmx_virt_exceptions )
> + {
> + ept_entry_t *table =
> + map_domain_page(pagetable_get_pfn(p2m_get_pagetable(p2m)));
> +
> + for ( int i = 0; i < EPT_PAGETABLE_ENTRIES; i++ )
> + table[i].suppress_ve = 1;
Is it safe setting SVE on an entry which is not known to be a superpage
or not present? The manual states that the bit is ignored in this case,
but I am concerned that, as with SVE, this bit will suddenly gain
meaning in the future.
> +
> + unmap_domain_page(table);
> + }
> +
> if ( !zalloc_cpumask_var(&ept->synced_mask) )
> return -ENOMEM;
>
> diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h
> index 8bae195..70fee74 100644
> --- a/xen/include/asm-x86/hvm/vmx/vmx.h
> +++ b/xen/include/asm-x86/hvm/vmx/vmx.h
> @@ -49,6 +49,7 @@ typedef union {
> suppress_ve : 1; /* bit 63 - suppress #VE */
> };
> u64 epte;
> + u64 valid : 63; /* entire EPTE except suppress #VE bit */
I am not sure 'valid' is a sensible name here. As it is only used in
is_epte_valid(), might it be better to just use ->epte and a bitmask for
everything other than the #VE bit?
~Andrew
> } ept_entry_t;
>
> typedef struct {
next prev parent reply other threads:[~2015-01-12 16:43 UTC|newest]
Thread overview: 135+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-09 21:26 [PATCH 00/11] Alternate p2m: support multiple copies of host p2m Ed White
2015-01-09 21:26 ` [PATCH 01/11] VMX: VMFUNC and #VE definitions and detection Ed White
2015-01-12 13:06 ` Andrew Cooper
2015-01-13 18:50 ` Ed White
2015-01-14 14:38 ` Andrew Cooper
2015-01-09 21:26 ` [PATCH 02/11] VMX: implement suppress #VE Ed White
2015-01-12 16:43 ` Andrew Cooper [this message]
2015-01-12 17:45 ` Ed White
2015-01-13 18:36 ` Ed White
2015-01-15 16:25 ` Tim Deegan
2015-01-15 18:46 ` Ed White
2015-01-16 17:22 ` Tim Deegan
2015-03-25 17:30 ` Ed White
2015-03-26 10:15 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 03/11] x86/HVM: Hardware alternate p2m support detection Ed White
2015-01-12 17:08 ` Andrew Cooper
2015-01-12 17:46 ` Ed White
2015-01-15 16:32 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 04/11] x86/MM: Improve p2m type checks Ed White
2015-01-12 17:48 ` Andrew Cooper
2015-01-13 19:39 ` Ed White
2015-01-15 16:36 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 05/11] x86/altp2m: basic data structures and support routines Ed White
2015-01-13 11:28 ` Andrew Cooper
2015-01-13 19:49 ` Ed White
2015-03-25 20:59 ` Ed White
2015-03-26 10:48 ` Tim Deegan
2015-03-26 18:00 ` Ed White
2015-01-15 16:48 ` Tim Deegan
2015-01-15 16:53 ` Jan Beulich
2015-01-15 18:49 ` Ed White
2015-01-16 7:37 ` Jan Beulich
2015-01-16 17:23 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 06/11] VMX/altp2m: add code to support EPTP switching and #VE Ed White
2015-01-13 11:58 ` Andrew Cooper
2015-01-15 16:56 ` Tim Deegan
2015-01-15 18:55 ` Ed White
2015-01-16 17:50 ` Tim Deegan
2015-01-16 17:57 ` Ed White
2015-01-09 21:26 ` [PATCH 07/11] x86/altp2m: introduce p2m_ram_rw_ve type Ed White
2015-01-15 17:03 ` Tim Deegan
2015-01-15 20:38 ` Ed White
2015-01-16 8:20 ` Jan Beulich
2015-01-16 17:14 ` Ed White
2015-01-19 8:49 ` Jan Beulich
2015-01-19 19:53 ` Ed White
2015-01-16 17:52 ` Tim Deegan
2015-01-16 18:35 ` Ed White
2015-01-17 9:37 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 08/11] x86/altp2m: add remaining support routines Ed White
2015-01-15 17:25 ` Tim Deegan
2015-01-15 20:57 ` Ed White
2015-01-16 18:04 ` Tim Deegan
2015-01-15 17:33 ` Tim Deegan
2015-01-15 21:00 ` Ed White
2015-01-16 8:24 ` Jan Beulich
2015-01-16 17:17 ` Ed White
2015-01-19 8:52 ` Jan Beulich
2015-01-16 18:09 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 09/11] x86/altp2m: define and implement alternate p2m HVMOP types Ed White
2015-01-15 17:09 ` Tim Deegan
2015-01-15 20:43 ` Ed White
2015-01-16 17:57 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 10/11] x86/altp2m: fix log-dirty handling Ed White
2015-01-15 17:20 ` Tim Deegan
2015-01-15 20:49 ` Ed White
2015-01-16 17:59 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 11/11] x86/altp2m: alternate p2m memory events Ed White
2015-01-09 22:06 ` [PATCH 00/11] Alternate p2m: support multiple copies of host p2m Andrew Cooper
2015-01-09 22:21 ` Ed White
2015-01-09 22:41 ` Andrew Cooper
2015-01-09 23:04 ` Ed White
2015-01-12 10:00 ` Jan Beulich
2015-01-12 17:36 ` Ed White
2015-01-13 8:56 ` Jan Beulich
2015-01-13 11:28 ` Ian Jackson
2015-01-13 17:42 ` Ed White
2015-01-12 12:17 ` Ian Jackson
2015-01-12 17:39 ` Ed White
2015-01-12 17:43 ` Ian Jackson
2015-01-12 17:50 ` Ed White
2015-01-12 18:00 ` Ian Jackson
2015-01-12 18:31 ` Ed White
2015-01-13 10:21 ` Tamas K Lengyel
2015-01-13 18:25 ` Ed White
2015-01-13 11:16 ` Ian Jackson
2015-01-12 17:51 ` Andrew Cooper
2015-01-13 19:01 ` Andrew Cooper
2015-01-13 20:02 ` Ed White
2015-01-13 20:45 ` Andrew Cooper
2015-01-13 21:30 ` Ed White
2015-01-14 7:04 ` Jan Beulich
2015-01-14 10:31 ` Tamas K Lengyel
2015-01-14 11:09 ` Jan Beulich
2015-01-14 11:28 ` Tamas K Lengyel
2015-01-14 17:35 ` Ed White
2015-01-15 8:16 ` Jan Beulich
2015-01-15 17:28 ` Ed White
2015-01-15 17:45 ` Tim Deegan
2015-01-15 18:44 ` Ed White
2015-03-04 23:06 ` Tamas K Lengyel
2015-03-04 23:41 ` Ed White
2015-03-05 10:51 ` Tamas K Lengyel
2015-03-13 17:38 ` Ed White
2015-03-05 10:36 ` Tim Deegan
2015-03-05 10:58 ` Tamas K Lengyel
2015-03-05 11:13 ` Tim Deegan
2015-01-16 7:35 ` Jan Beulich
2015-01-16 16:54 ` Ed White
2015-01-15 10:39 ` Tamas K Lengyel
2015-01-15 17:31 ` Ed White
2015-01-16 10:43 ` Tamas K Lengyel
2015-01-16 17:21 ` Ed White
2015-03-05 13:45 ` Egger, Christoph
2015-01-14 7:01 ` Jan Beulich
2015-01-15 16:15 ` Tim Deegan
2015-01-15 18:23 ` Ed White
2015-01-16 8:12 ` Jan Beulich
2015-01-16 17:01 ` Ed White
2015-01-16 18:33 ` Tim Deegan
2015-01-16 20:32 ` Ed White
2015-01-17 9:34 ` Tim Deegan
2015-01-16 21:43 ` Ed White
2015-01-17 9:49 ` Tim Deegan
2015-01-19 19:35 ` Ed White
2015-01-17 9:31 ` Tim Deegan
2015-01-17 15:01 ` Andrew Cooper
2015-01-19 12:17 ` Tim Deegan
2015-01-19 21:54 ` Ed White
2015-01-20 8:47 ` Jan Beulich
2015-01-20 18:43 ` Ed White
2015-01-22 15:42 ` Tim Deegan
2015-01-22 19:15 ` Ed White
2015-03-25 17:41 ` Ed White
2015-03-26 10:40 ` Tim Deegan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B3F99F.1070107@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=edmund.h.white@intel.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.