* [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2
@ 2017-02-27 3:26 Haozhong Zhang
2017-02-27 3:26 ` [PATCH v3 2/2] x86/hvm: check HAP before enabling nested VMX Haozhong Zhang
2017-02-28 15:15 ` [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2 Jan Beulich
0 siblings, 2 replies; 4+ messages in thread
From: Haozhong Zhang @ 2017-02-27 3:26 UTC (permalink / raw)
To: xen-devel; +Cc: Andrew Cooper, Jan Beulich, Haozhong Zhang
For a HVM domain, if a vcpu is in the nested guest mode,
__raw_copy_to_guest(), __copy_to_guest() and __copy_field_to_guest()
used by update_runstate_area() and update_secondary_system_time() will
copy data to L2 guest rather than the L1 guest.
This commit temporally clears the nested guest flag before all guest
copies in update_runstate_area() and update_secondary_system_time(),
and restores the flag after those guest copy operations.
The flag clear/restore is combined with the existing
smap_policy_change() which is renamed to update_guest_memory_policy().
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
---
Changes since v2:
* Combine the fix with existing smap_policy_change() which is renamed to
update_guest_memory_policy().
---
xen/arch/x86/domain.c | 39 +++++++++++++++++++++++++++++++--------
xen/arch/x86/time.c | 9 +++++----
xen/include/asm-x86/domain.h | 10 ++++++++--
3 files changed, 44 insertions(+), 14 deletions(-)
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 7d3071e..0bf1909 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -50,6 +50,7 @@
#include <asm/mpspec.h>
#include <asm/ldt.h>
#include <asm/hvm/hvm.h>
+#include <asm/hvm/nestedhvm.h>
#include <asm/hvm/support.h>
#include <asm/hvm/viridian.h>
#include <asm/debugreg.h>
@@ -200,12 +201,33 @@ void dump_pageframe_info(struct domain *d)
spin_unlock(&d->page_alloc_lock);
}
-smap_check_policy_t smap_policy_change(struct vcpu *v,
- smap_check_policy_t new_policy)
+void update_guest_memory_policy(struct vcpu *v,
+ struct guest_memory_policy *policy)
{
- smap_check_policy_t old_policy = v->arch.smap_check_policy;
- v->arch.smap_check_policy = new_policy;
- return old_policy;
+ smap_check_policy_t old_smap_policy = v->arch.smap_check_policy;
+ bool old_guest_mode = nestedhvm_is_n2(v);
+ bool new_guest_mode = policy->nested_guest_mode;
+
+ v->arch.smap_check_policy = policy->smap_policy;
+ policy->smap_policy = old_smap_policy;
+
+ /*
+ * When 'v' is in the nested guest mode, all guest copy
+ * functions/macros which finally call paging_gva_to_gfn()
+ * transfer data to/from L2 guest. If the copy is intended for L1
+ * guest, we must first clear the nested guest flag (by setting
+ * policy->nested_guest_mode to false) before the copy and then
+ * restore the nested guest flag (by setting
+ * policy->nested_guest_mode to true) after the copy.
+ */
+ if ( unlikely(old_guest_mode != new_guest_mode) )
+ {
+ if ( new_guest_mode )
+ nestedhvm_vcpu_enter_guestmode(v);
+ else
+ nestedhvm_vcpu_exit_guestmode(v);
+ policy->nested_guest_mode = old_guest_mode;
+ }
}
#ifndef CONFIG_BIGMEM
@@ -1929,13 +1951,14 @@ static void paravirt_ctxt_switch_to(struct vcpu *v)
bool_t update_runstate_area(struct vcpu *v)
{
bool_t rc;
- smap_check_policy_t smap_policy;
+ struct guest_memory_policy policy =
+ { .smap_policy = SMAP_CHECK_ENABLED, .nested_guest_mode = false };
void __user *guest_handle = NULL;
if ( guest_handle_is_null(runstate_guest(v)) )
return 1;
- smap_policy = smap_policy_change(v, SMAP_CHECK_ENABLED);
+ update_guest_memory_policy(v, &policy);
if ( VM_ASSIST(v->domain, runstate_update_flag) )
{
@@ -1969,7 +1992,7 @@ bool_t update_runstate_area(struct vcpu *v)
(void *)(&v->runstate.state_entry_time + 1) - 1, 1);
}
- smap_policy_change(v, smap_policy);
+ update_guest_memory_policy(v, &policy);
return rc;
}
diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c
index 3ad2ab0..faa638b 100644
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -991,17 +991,18 @@ bool_t update_secondary_system_time(struct vcpu *v,
struct vcpu_time_info *u)
{
XEN_GUEST_HANDLE(vcpu_time_info_t) user_u = v->arch.time_info_guest;
- smap_check_policy_t saved_policy;
+ struct guest_memory_policy policy =
+ { .smap_policy = SMAP_CHECK_ENABLED, .nested_guest_mode = false };
if ( guest_handle_is_null(user_u) )
return 1;
- saved_policy = smap_policy_change(v, SMAP_CHECK_ENABLED);
+ update_guest_memory_policy(v, &policy);
/* 1. Update userspace version. */
if ( __copy_field_to_guest(user_u, u, version) == sizeof(u->version) )
{
- smap_policy_change(v, saved_policy);
+ update_guest_memory_policy(v, &policy);
return 0;
}
wmb();
@@ -1012,7 +1013,7 @@ bool_t update_secondary_system_time(struct vcpu *v,
u->version = version_update_end(u->version);
__copy_field_to_guest(user_u, u, version);
- smap_policy_change(v, saved_policy);
+ update_guest_memory_policy(v, &policy);
return 1;
}
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 2839a73..7b05c84 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -577,8 +577,14 @@ struct arch_vcpu
} monitor;
};
-smap_check_policy_t smap_policy_change(struct vcpu *v,
- smap_check_policy_t new_policy);
+struct guest_memory_policy
+{
+ smap_check_policy_t smap_policy;
+ bool nested_guest_mode;
+};
+
+void update_guest_memory_policy(struct vcpu *v,
+ struct guest_memory_policy *policy);
/* Shorthands to improve code legibility. */
#define hvm_vmx hvm_vcpu.u.vmx
--
2.10.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v3 2/2] x86/hvm: check HAP before enabling nested VMX
2017-02-27 3:26 [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2 Haozhong Zhang
@ 2017-02-27 3:26 ` Haozhong Zhang
2017-02-28 15:11 ` Jan Beulich
2017-02-28 15:15 ` [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2 Jan Beulich
1 sibling, 1 reply; 4+ messages in thread
From: Haozhong Zhang @ 2017-02-27 3:26 UTC (permalink / raw)
To: xen-devel; +Cc: Andrew Cooper, Jan Beulich, Haozhong Zhang
The current implementation of nested VMX cannot work without HAP.
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
---
Changes since v2:
* Add the check by dropping the cpu_has_svm check.
---
xen/arch/x86/hvm/hvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 6621d62..f4666be 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4123,7 +4123,7 @@ static int hvmop_set_param(
* Remove the check below once we have
* shadow-on-shadow.
*/
- if ( cpu_has_svm && !paging_mode_hap(d) && a.value )
+ if ( !paging_mode_hap(d) && a.value )
rc = -EINVAL;
if ( a.value &&
d->arch.hvm_domain.params[HVM_PARAM_ALTP2M] )
--
2.10.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v3 2/2] x86/hvm: check HAP before enabling nested VMX
2017-02-27 3:26 ` [PATCH v3 2/2] x86/hvm: check HAP before enabling nested VMX Haozhong Zhang
@ 2017-02-28 15:11 ` Jan Beulich
0 siblings, 0 replies; 4+ messages in thread
From: Jan Beulich @ 2017-02-28 15:11 UTC (permalink / raw)
To: Haozhong Zhang; +Cc: Andrew Cooper, xen-devel
>>> On 27.02.17 at 04:26, <haozhong.zhang@intel.com> wrote:
> The current implementation of nested VMX cannot work without HAP.
>
> Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2
2017-02-27 3:26 [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2 Haozhong Zhang
2017-02-27 3:26 ` [PATCH v3 2/2] x86/hvm: check HAP before enabling nested VMX Haozhong Zhang
@ 2017-02-28 15:15 ` Jan Beulich
1 sibling, 0 replies; 4+ messages in thread
From: Jan Beulich @ 2017-02-28 15:15 UTC (permalink / raw)
To: Haozhong Zhang; +Cc: Andrew Cooper, xen-devel
>>> On 27.02.17 at 04:26, <haozhong.zhang@intel.com> wrote:
> For a HVM domain, if a vcpu is in the nested guest mode,
> __raw_copy_to_guest(), __copy_to_guest() and __copy_field_to_guest()
> used by update_runstate_area() and update_secondary_system_time() will
> copy data to L2 guest rather than the L1 guest.
>
> This commit temporally clears the nested guest flag before all guest
> copies in update_runstate_area() and update_secondary_system_time(),
> and restores the flag after those guest copy operations.
>
> The flag clear/restore is combined with the existing
> smap_policy_change() which is renamed to update_guest_memory_policy().
>
> Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-02-28 15:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-27 3:26 [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2 Haozhong Zhang
2017-02-27 3:26 ` [PATCH v3 2/2] x86/hvm: check HAP before enabling nested VMX Haozhong Zhang
2017-02-28 15:11 ` Jan Beulich
2017-02-28 15:15 ` [PATCH v3 1/2] xen/x86: ensure copying runstate/time to L1 rather than L2 Jan Beulich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).