From: Ed White <edmund.h.white@intel.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>, xen-devel@lists.xen.org
Cc: ian.jackson@eu.citrix.com, tim@xen.org, keir@xen.org,
ian.campbell@citrix.com, jbeulich@suse.com
Subject: Re: [PATCH 02/11] VMX: implement suppress #VE.
Date: Mon, 12 Jan 2015 09:45:07 -0800 [thread overview]
Message-ID: <54B40823.4000002@intel.com> (raw)
In-Reply-To: <54B3F99F.1070107@citrix.com>
On 01/12/2015 08:43 AM, Andrew Cooper wrote:
> On 09/01/15 21:26, Ed White wrote:
>> In preparation for selectively enabling hardware #VE in a later patch,
>> set suppress #VE on all EPTE's on #VE-capable hardware.
>>
>> Suppress #VE should always be the default condition for two reasons:
>> it is generally not safe to deliver #VE into a guest unless that guest
>> has been modified to receive it; and even then for most EPT violations only
>> the hypervisor is able to handle the violation.
>>
>> Signed-off-by: Ed White <edmund.h.white@intel.com>
>> ---
>> xen/arch/x86/mm/p2m-ept.c | 34 +++++++++++++++++++++++++++++++++-
>> xen/include/asm-x86/hvm/vmx/vmx.h | 1 +
>> 2 files changed, 34 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
>> index eb8b5f9..2b9f07c 100644
>> --- a/xen/arch/x86/mm/p2m-ept.c
>> +++ b/xen/arch/x86/mm/p2m-ept.c
>> @@ -41,7 +41,7 @@
>> #define is_epte_superpage(ept_entry) ((ept_entry)->sp)
>> static inline bool_t is_epte_valid(ept_entry_t *e)
>> {
>> - return (e->epte != 0 && e->sa_p2mt != p2m_invalid);
>> + return (e->valid != 0 && e->sa_p2mt != p2m_invalid);
>> }
>>
>> /* returns : 0 for success, -errno otherwise */
>> @@ -194,6 +194,19 @@ static int ept_set_middle_entry(struct p2m_domain *p2m, ept_entry_t *ept_entry)
>>
>> ept_entry->r = ept_entry->w = ept_entry->x = 1;
>>
>> + /* Disable #VE on all entries */
>> + if ( cpu_has_vmx_virt_exceptions )
>> + {
>> + ept_entry_t *table = __map_domain_page(pg);
>> +
>> + for ( int i = 0; i < EPT_PAGETABLE_ENTRIES; i++ )
>
> Style - please declare i in the upper scope, and it should be unsigned.
>
>> + table[i].suppress_ve = 1;
>> +
>> + unmap_domain_page(table);
>> +
>> + ept_entry->suppress_ve = 1;
>> + }
>> +
>> return 1;
>> }
>>
>> @@ -243,6 +256,10 @@ static int ept_split_super_page(struct p2m_domain *p2m, ept_entry_t *ept_entry,
>> epte->sp = (level > 1);
>> epte->mfn += i * trunk;
>> epte->snp = (iommu_enabled && iommu_snoop);
>> +
>> + if ( cpu_has_vmx_virt_exceptions )
>> + epte->suppress_ve = 1;
>> +
>> ASSERT(!epte->rsvd1);
>>
>> ept_p2m_type_to_flags(epte, epte->sa_p2mt, epte->access);
>> @@ -753,6 +770,9 @@ ept_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>> ept_p2m_type_to_flags(&new_entry, p2mt, p2ma);
>> }
>>
>> + if ( cpu_has_vmx_virt_exceptions )
>> + new_entry.suppress_ve = 1;
>> +
>> rc = atomic_write_ept_entry(ept_entry, new_entry, target);
>> if ( unlikely(rc) )
>> old_entry.epte = 0;
>> @@ -1069,6 +1089,18 @@ int ept_p2m_init(struct p2m_domain *p2m)
>> /* set EPT page-walk length, now it's actual walk length - 1, i.e. 3 */
>> ept->ept_wl = 3;
>>
>> + /* Disable #VE on all entries */
>> + if ( cpu_has_vmx_virt_exceptions )
>> + {
>> + ept_entry_t *table =
>> + map_domain_page(pagetable_get_pfn(p2m_get_pagetable(p2m)));
>> +
>> + for ( int i = 0; i < EPT_PAGETABLE_ENTRIES; i++ )
>> + table[i].suppress_ve = 1;
>
> Is it safe setting SVE on an entry which is not known to be a superpage
> or not present? The manual states that the bit is ignored in this case,
> but I am concerned that, as with SVE, this bit will suddenly gain
> meaning in the future.
>
It is safe to do this. Never say never, but I am aware of no plans to
overload this bit, and I would know. Unless you feel strongly about it,
I would prefer to leave this as-is, since changing it would make the code
more complex.
>> +
>> + unmap_domain_page(table);
>> + }
>> +
>> if ( !zalloc_cpumask_var(&ept->synced_mask) )
>> return -ENOMEM;
>>
>> diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h
>> index 8bae195..70fee74 100644
>> --- a/xen/include/asm-x86/hvm/vmx/vmx.h
>> +++ b/xen/include/asm-x86/hvm/vmx/vmx.h
>> @@ -49,6 +49,7 @@ typedef union {
>> suppress_ve : 1; /* bit 63 - suppress #VE */
>> };
>> u64 epte;
>> + u64 valid : 63; /* entire EPTE except suppress #VE bit */
>
> I am not sure 'valid' is a sensible name here. As it is only used in
> is_epte_valid(), might it be better to just use ->epte and a bitmask for
> everything other than the #VE bit?
>
This seemed more in the style of the code I was changing, but I can do it
as you suggest.
Ed
>> } ept_entry_t;
>>
>> typedef struct {
>
>
next prev parent reply other threads:[~2015-01-12 17:45 UTC|newest]
Thread overview: 135+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-09 21:26 [PATCH 00/11] Alternate p2m: support multiple copies of host p2m Ed White
2015-01-09 21:26 ` [PATCH 01/11] VMX: VMFUNC and #VE definitions and detection Ed White
2015-01-12 13:06 ` Andrew Cooper
2015-01-13 18:50 ` Ed White
2015-01-14 14:38 ` Andrew Cooper
2015-01-09 21:26 ` [PATCH 02/11] VMX: implement suppress #VE Ed White
2015-01-12 16:43 ` Andrew Cooper
2015-01-12 17:45 ` Ed White [this message]
2015-01-13 18:36 ` Ed White
2015-01-15 16:25 ` Tim Deegan
2015-01-15 18:46 ` Ed White
2015-01-16 17:22 ` Tim Deegan
2015-03-25 17:30 ` Ed White
2015-03-26 10:15 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 03/11] x86/HVM: Hardware alternate p2m support detection Ed White
2015-01-12 17:08 ` Andrew Cooper
2015-01-12 17:46 ` Ed White
2015-01-15 16:32 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 04/11] x86/MM: Improve p2m type checks Ed White
2015-01-12 17:48 ` Andrew Cooper
2015-01-13 19:39 ` Ed White
2015-01-15 16:36 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 05/11] x86/altp2m: basic data structures and support routines Ed White
2015-01-13 11:28 ` Andrew Cooper
2015-01-13 19:49 ` Ed White
2015-03-25 20:59 ` Ed White
2015-03-26 10:48 ` Tim Deegan
2015-03-26 18:00 ` Ed White
2015-01-15 16:48 ` Tim Deegan
2015-01-15 16:53 ` Jan Beulich
2015-01-15 18:49 ` Ed White
2015-01-16 7:37 ` Jan Beulich
2015-01-16 17:23 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 06/11] VMX/altp2m: add code to support EPTP switching and #VE Ed White
2015-01-13 11:58 ` Andrew Cooper
2015-01-15 16:56 ` Tim Deegan
2015-01-15 18:55 ` Ed White
2015-01-16 17:50 ` Tim Deegan
2015-01-16 17:57 ` Ed White
2015-01-09 21:26 ` [PATCH 07/11] x86/altp2m: introduce p2m_ram_rw_ve type Ed White
2015-01-15 17:03 ` Tim Deegan
2015-01-15 20:38 ` Ed White
2015-01-16 8:20 ` Jan Beulich
2015-01-16 17:14 ` Ed White
2015-01-19 8:49 ` Jan Beulich
2015-01-19 19:53 ` Ed White
2015-01-16 17:52 ` Tim Deegan
2015-01-16 18:35 ` Ed White
2015-01-17 9:37 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 08/11] x86/altp2m: add remaining support routines Ed White
2015-01-15 17:25 ` Tim Deegan
2015-01-15 20:57 ` Ed White
2015-01-16 18:04 ` Tim Deegan
2015-01-15 17:33 ` Tim Deegan
2015-01-15 21:00 ` Ed White
2015-01-16 8:24 ` Jan Beulich
2015-01-16 17:17 ` Ed White
2015-01-19 8:52 ` Jan Beulich
2015-01-16 18:09 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 09/11] x86/altp2m: define and implement alternate p2m HVMOP types Ed White
2015-01-15 17:09 ` Tim Deegan
2015-01-15 20:43 ` Ed White
2015-01-16 17:57 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 10/11] x86/altp2m: fix log-dirty handling Ed White
2015-01-15 17:20 ` Tim Deegan
2015-01-15 20:49 ` Ed White
2015-01-16 17:59 ` Tim Deegan
2015-01-09 21:26 ` [PATCH 11/11] x86/altp2m: alternate p2m memory events Ed White
2015-01-09 22:06 ` [PATCH 00/11] Alternate p2m: support multiple copies of host p2m Andrew Cooper
2015-01-09 22:21 ` Ed White
2015-01-09 22:41 ` Andrew Cooper
2015-01-09 23:04 ` Ed White
2015-01-12 10:00 ` Jan Beulich
2015-01-12 17:36 ` Ed White
2015-01-13 8:56 ` Jan Beulich
2015-01-13 11:28 ` Ian Jackson
2015-01-13 17:42 ` Ed White
2015-01-12 12:17 ` Ian Jackson
2015-01-12 17:39 ` Ed White
2015-01-12 17:43 ` Ian Jackson
2015-01-12 17:50 ` Ed White
2015-01-12 18:00 ` Ian Jackson
2015-01-12 18:31 ` Ed White
2015-01-13 10:21 ` Tamas K Lengyel
2015-01-13 18:25 ` Ed White
2015-01-13 11:16 ` Ian Jackson
2015-01-12 17:51 ` Andrew Cooper
2015-01-13 19:01 ` Andrew Cooper
2015-01-13 20:02 ` Ed White
2015-01-13 20:45 ` Andrew Cooper
2015-01-13 21:30 ` Ed White
2015-01-14 7:04 ` Jan Beulich
2015-01-14 10:31 ` Tamas K Lengyel
2015-01-14 11:09 ` Jan Beulich
2015-01-14 11:28 ` Tamas K Lengyel
2015-01-14 17:35 ` Ed White
2015-01-15 8:16 ` Jan Beulich
2015-01-15 17:28 ` Ed White
2015-01-15 17:45 ` Tim Deegan
2015-01-15 18:44 ` Ed White
2015-03-04 23:06 ` Tamas K Lengyel
2015-03-04 23:41 ` Ed White
2015-03-05 10:51 ` Tamas K Lengyel
2015-03-13 17:38 ` Ed White
2015-03-05 10:36 ` Tim Deegan
2015-03-05 10:58 ` Tamas K Lengyel
2015-03-05 11:13 ` Tim Deegan
2015-01-16 7:35 ` Jan Beulich
2015-01-16 16:54 ` Ed White
2015-01-15 10:39 ` Tamas K Lengyel
2015-01-15 17:31 ` Ed White
2015-01-16 10:43 ` Tamas K Lengyel
2015-01-16 17:21 ` Ed White
2015-03-05 13:45 ` Egger, Christoph
2015-01-14 7:01 ` Jan Beulich
2015-01-15 16:15 ` Tim Deegan
2015-01-15 18:23 ` Ed White
2015-01-16 8:12 ` Jan Beulich
2015-01-16 17:01 ` Ed White
2015-01-16 18:33 ` Tim Deegan
2015-01-16 20:32 ` Ed White
2015-01-17 9:34 ` Tim Deegan
2015-01-16 21:43 ` Ed White
2015-01-17 9:49 ` Tim Deegan
2015-01-19 19:35 ` Ed White
2015-01-17 9:31 ` Tim Deegan
2015-01-17 15:01 ` Andrew Cooper
2015-01-19 12:17 ` Tim Deegan
2015-01-19 21:54 ` Ed White
2015-01-20 8:47 ` Jan Beulich
2015-01-20 18:43 ` Ed White
2015-01-22 15:42 ` Tim Deegan
2015-01-22 19:15 ` Ed White
2015-03-25 17:41 ` Ed White
2015-03-26 10:40 ` Tim Deegan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B40823.4000002@intel.com \
--to=edmund.h.white@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.