From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: kevin.tian@intel.com, suravee.suthikulpanit@amd.com,
andrew.cooper3@citrix.com, tim@xen.org,
dietmar.hahn@ts.fujitsu.com, xen-devel@lists.xen.org,
Aravind.Gopalakrishnan@amd.com, jun.nakajima@intel.com,
dgdegra@tycho.nsa.gov
Subject: Re: [PATCH v21 02/14] x86/VPMU: Add public xenpmu.h
Date: Mon, 18 May 2015 12:12:56 -0400 [thread overview]
Message-ID: <555A0F88.3010303@oracle.com> (raw)
In-Reply-To: <555A1E14020000780007B425@mail.emea.novell.com>
On 05/18/2015 11:15 AM, Jan Beulich wrote:
>>>> On 08.05.15 at 23:06, <boris.ostrovsky@oracle.com> wrote:
>> --- /dev/null
>> +++ b/xen/include/public/arch-x86/pmu.h
>> @@ -0,0 +1,122 @@
>> +#ifndef __XEN_PUBLIC_ARCH_X86_PMU_H__
>> +#define __XEN_PUBLIC_ARCH_X86_PMU_H__
>> +
>> +/* x86-specific PMU definitions */
>> +
>> +/* AMD PMU registers and structures */
>> +struct xen_pmu_amd_ctxt {
>> + /* Offsets to counter and control MSRs (relative to xen_pmu_arch.c.amd)
>> */
>> + uint32_t counters;
>> + uint32_t ctrls;
>> +};
>> +typedef struct xen_pmu_amd_ctxt xen_pmu_amd_ctxt_t;
>> +DEFINE_XEN_GUEST_HANDLE(xen_pmu_amd_ctxt_t);
>> +
>> +/* Intel PMU registers and structures */
>> +struct xen_pmu_cntr_pair {
>> + uint64_t counter;
>> + uint64_t control;
>> +};
>> +typedef struct xen_pmu_cntr_pair xen_pmu_cntr_pair_t;
>> +DEFINE_XEN_GUEST_HANDLE(xen_pmu_cntr_pair_t);
>> +
>> +struct xen_pmu_intel_ctxt {
>> + uint64_t global_ctrl;
>> + uint64_t global_ovf_ctrl;
>> + uint64_t global_status;
>> + uint64_t fixed_ctrl;
>> + uint64_t ds_area;
>> + uint64_t pebs_enable;
>> + uint64_t debugctl;
>> + /*
>> + * Offsets to fixed and architectural counter MSRs (relative to
>> + * xen_pmu_arch.c.intel)
>> + */
>> + uint32_t fixed_counters;
>> + uint32_t arch_counters;
>> +};
>> +typedef struct xen_pmu_intel_ctxt xen_pmu_intel_ctxt_t;
>> +DEFINE_XEN_GUEST_HANDLE(xen_pmu_intel_ctxt_t);
>> +
>> +/* Sampled domain's registers */
>> +struct xen_pmu_regs {
>> + uint64_t ip;
>> + uint64_t sp;
>> + uint64_t flags;
>> + uint16_t cs;
>> + uint16_t ss;
>> + uint8_t cpl;
>> + uint8_t pad[3];
>> +};
>> +typedef struct xen_pmu_regs xen_pmu_regs_t;
>> +DEFINE_XEN_GUEST_HANDLE(xen_pmu_regs_t);
>> +
>> +/* PMU flags */
>> +#define PMU_CACHED (1<<0) /* PMU MSRs are cached in the context */
>> +
>> +/*
>> + * Architecture-specific information describing state of the processor at
>> + * the time of PMU interrupt.
>> + * Fields of this structure marked as RW for guest can only be written by the
>> + * guest when PMU_CACHED bit in pmu_flags is set (which is done by the
>> + * hypervisor during PMU interrupt). Hypervisor will read updated data in
>> + * XENPMU_flush hypercall and clear PMU_CACHED bit.
>> + */
>> +struct xen_pmu_arch {
>> + union {
>> + /*
>> + * Processor's registers at the time of interrupt.
>> + * RW for hypervisor, RO for guests.
>> + */
>> + struct xen_pmu_regs regs;
>> + /* Padding for adding new registers to xen_pmu_regs in the future */
>> +#define XENPMU_REGS_PAD_SZ 64
>> + uint8_t pad[XENPMU_REGS_PAD_SZ];
>> + } r;
>> +
>> + /* RW for hypervisor, RO for guest */
>> + uint64_t pmu_flags;
>> +
>> + /*
>> + * APIC LVTPC register.
>> + * RW for both hypervisor and guest.
>> + * Only APIC_LVT_MASKED bit is loaded by the hypervisor into hardware
>> + * during XENPMU_flush.
>> + */
>> + union {
>> + uint32_t lapic_lvtpc;
>> + uint64_t pad;
>> + } l;
>> +
>> + /*
>> + * Vendor-specific PMU registers.
>> + * RW for both hypervisor and guest.
>> + * Guest's updates to this field are verified and then loaded by the
>> + * hypervisor into hardware during XENPMU_flush
>> + */
>> + union {
>> + struct xen_pmu_amd_ctxt amd;
>> + struct xen_pmu_intel_ctxt intel;
>> +
>> + /*
>> + * Padding for contexts (fixed parts only, does not include MSR banks
>> + * that are specified by offsets)
>> + */
>> +#define XENPMU_CTXT_PAD_SZ 128
>> + uint8_t pad[XENPMU_CTXT_PAD_SZ];
>> + } c;
>> +};
> Marking all the fields RW for the hypervisor is certainly correct from
> a permissions pov, but requires close auditing that the hypervisor
> doesn't ever read a field twice, potentially getting different results
> and hence inconsistent internal state. Therefore - do all of the fields
> _need_ to be RW for the hypervisor? If not, marking the ones
> where this isn't needed as WO would be much preferred, to limit
> the scope of whats needs to be audited.
Right, all arch-independent bits are WO for hypervisor as are
xen_pmu_regs above. I in fact meant to label them as such but for
reasons that I can't remember now decided to mark them as RW.
-boris
> Same of course applies to
> all the arch-independent bits further down (which didn't get
> annotated so far).
next prev parent reply other threads:[~2015-05-18 16:12 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-08 21:06 [PATCH v21 00/14] x86/PMU: Xen PMU PV(H) support Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 01/14] common/symbols: Export hypervisor symbols to privileged guest Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 02/14] x86/VPMU: Add public xenpmu.h Boris Ostrovsky
2015-05-18 15:15 ` Jan Beulich
2015-05-18 16:12 ` Boris Ostrovsky [this message]
2015-05-19 6:48 ` Jan Beulich
2015-05-19 14:40 ` Boris Ostrovsky
2015-05-19 15:33 ` Jan Beulich
2015-05-08 21:06 ` [PATCH v21 03/14] x86/VPMU: Make vpmu not HVM-specific Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 04/14] x86/VPMU: Interface for setting PMU mode and flags Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 05/14] x86/VPMU: Initialize VPMUs with __initcall Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 06/14] x86/VPMU: Initialize PMU for PV(H) guests Boris Ostrovsky
2015-05-18 15:19 ` Jan Beulich
2015-05-08 21:06 ` [PATCH v21 07/14] x86/VPMU: Save VPMU state for PV guests during context switch Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 08/14] x86/VPMU: When handling MSR accesses, leave fault injection to callers Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 09/14] x86/VPMU: Add support for PMU register handling on PV guests Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 10/14] x86/VPMU: Use pre-computed masks when checking validity of MSRs Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 11/14] x86/VPMU: Handle PMU interrupts for PV(H) guests Boris Ostrovsky
2015-05-18 9:43 ` Dietmar Hahn
2015-05-18 15:11 ` Boris Ostrovsky
2015-05-18 15:39 ` Jan Beulich
2015-05-18 16:19 ` Boris Ostrovsky
2015-05-19 6:50 ` Jan Beulich
2015-05-08 21:06 ` [PATCH v21 12/14] x86/VPMU: Merge vpmu_rdmsr and vpmu_wrmsr Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 13/14] x86/VPMU: Add privileged PMU mode Boris Ostrovsky
2015-05-08 21:06 ` [PATCH v21 14/14] x86/VPMU: Move VPMU files up from hvm/ directory Boris Ostrovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=555A0F88.3010303@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=Aravind.Gopalakrishnan@amd.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=dietmar.hahn@ts.fujitsu.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.