From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Jan Beulich <JBeulich@suse.com>
Subject: [PATCH 10/10] x86/cpuid: Always enable faulting for the control domain
Date: Mon, 20 Feb 2017 11:00:34 +0000 [thread overview]
Message-ID: <1487588434-4359-11-git-send-email-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <1487588434-4359-1-git-send-email-andrew.cooper3@citrix.com>
The domain builder in libxc no longer depends on leaked CPUID information to
properly construct HVM domains. Remove the control domain exclusion.
On capable hardware, this prevents all unintended leakage of hardware CPUID
values into the control domain, and brings the hypervisor leaves into view.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
---
xen/arch/x86/cpu/intel.c | 18 +++---------------
1 file changed, 3 insertions(+), 15 deletions(-)
diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c
index 2e20327..238c47d 100644
--- a/xen/arch/x86/cpu/intel.c
+++ b/xen/arch/x86/cpu/intel.c
@@ -159,22 +159,10 @@ static void intel_ctxt_switch_levelling(const struct vcpu *next)
if (cpu_has_cpuid_faulting) {
/*
- * We *should* be enabling faulting for the control domain.
- *
- * Unfortunately, the domain builder (having only ever been a
- * PV guest) expects to be able to see host cpuid state in a
- * native CPUID instruction, to correctly build a CPUID policy
- * for HVM guests (notably the xstate leaves).
- *
- * This logic is fundimentally broken for HVM toolstack
- * domains, and faulting causes PV guests to behave like HVM
- * guests from their point of view.
- *
- * Future development plans will move responsibility for
- * generating the maximum full cpuid policy into Xen, at which
- * this problem will disappear.
+ * Always enable faulting for all PV domains. Enable faulting
+ * for HVM guests if they have configured it.
*/
- set_cpuid_faulting(nextd && !is_control_domain(nextd) &&
+ set_cpuid_faulting(nextd &&
(is_pv_domain(nextd) ||
next->arch.cpuid_faulting));
return;
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-02-20 11:00 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-20 11:00 [PATCH 00/10] x86/cpuid: Remove the legacy infrastructure Andrew Cooper
2017-02-20 11:00 ` [PATCH 01/10] x86/cpuid: Disallow policy updates once the domain is running Andrew Cooper
2017-02-21 16:37 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 02/10] x86/gen-cpuid: Clarify the intended meaning of AVX wrt feature dependencies Andrew Cooper
2017-02-21 16:40 ` Jan Beulich
2017-02-21 16:41 ` Andrew Cooper
2017-02-21 16:47 ` Jan Beulich
2017-02-21 16:53 ` Andrew Cooper
2017-02-21 17:07 ` Jan Beulich
2017-02-21 17:12 ` Andrew Cooper
2017-02-21 17:17 ` Jan Beulich
2017-02-21 17:42 ` Andrew Cooper
2017-02-22 7:13 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 03/10] x86/cpuid: Handle leaf 0x1 in guest_cpuid() Andrew Cooper
2017-02-21 16:59 ` Jan Beulich
2017-02-21 17:13 ` Andrew Cooper
2017-02-21 17:20 ` Jan Beulich
2017-02-21 17:29 ` Andrew Cooper
2017-02-22 7:16 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 04/10] x86/cpuid: Handle leaf 0x4 " Andrew Cooper
2017-02-21 17:16 ` Jan Beulich
2017-02-21 17:35 ` Andrew Cooper
2017-02-22 7:23 ` Jan Beulich
2017-02-22 7:55 ` Andrew Cooper
2017-03-10 16:27 ` [PATCH v2 " Andrew Cooper
2017-03-13 12:03 ` Jan Beulich
2017-03-13 12:51 ` Andrew Cooper
2017-03-13 13:05 ` Jan Beulich
2017-03-13 13:24 ` Andrew Cooper
2017-03-13 13:36 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 05/10] x86/cpuid: Handle leaf 0x5 " Andrew Cooper
2017-02-21 17:22 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 06/10] x86/cpuid: Handle leaf 0x6 " Andrew Cooper
2017-02-21 17:25 ` Jan Beulich
2017-02-21 17:40 ` Andrew Cooper
2017-02-21 17:44 ` Andrew Cooper
2017-02-22 7:31 ` Jan Beulich
2017-02-22 8:23 ` Andrew Cooper
2017-02-22 9:12 ` Andrew Cooper
2017-02-22 9:26 ` Jan Beulich
2017-02-27 14:30 ` Andrew Cooper
2017-03-10 16:32 ` [PATCH v2 " Andrew Cooper
2017-03-13 12:04 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 07/10] x86/cpuid: Handle leaf 0xa " Andrew Cooper
2017-02-22 9:11 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 08/10] x86/cpuid: Handle leaf 0xb " Andrew Cooper
2017-02-22 9:16 ` Jan Beulich
2017-02-22 10:22 ` Andrew Cooper
2017-02-22 10:37 ` Jan Beulich
2017-02-27 15:05 ` Andrew Cooper
2017-03-10 16:44 ` [PATCH v2 " Andrew Cooper
2017-03-13 12:13 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 09/10] x86/cpuid: Drop legacy CPUID infrastructure Andrew Cooper
2017-02-22 9:19 ` Jan Beulich
2017-02-20 11:00 ` Andrew Cooper [this message]
2017-02-22 9:23 ` [PATCH 10/10] x86/cpuid: Always enable faulting for the control domain Jan Beulich
2017-02-22 10:00 ` Andrew Cooper
2017-02-22 10:10 ` Jan Beulich
2017-02-27 15:10 ` Andrew Cooper
2017-02-28 9:31 ` Jan Beulich
2017-03-10 17:10 ` Andrew Cooper
2017-03-13 11:48 ` Jan Beulich
2017-03-14 15:06 ` Wei Liu
2017-03-14 15:13 ` Jan Beulich
2017-03-14 16:05 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1487588434-4359-11-git-send-email-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).