From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>,
wei.liu2@citrix.com, George.Dunlap@eu.citrix.com,
andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com,
dfaggioli@suse.com, jbeulich@suse.com
Subject: [PATCH RFC v2 06/12] x86: add a xpti command line parameter
Date: Mon, 22 Jan 2018 13:32:50 +0100 [thread overview]
Message-ID: <20180122123256.1431-7-jgross@suse.com> (raw)
In-Reply-To: <20180122123256.1431-1-jgross@suse.com>
Add a command line parameter for controlling Xen page table isolation
(XPTI): per default it is on for non-AMD systems in 64 bit pv domains.
Possible settings are:
- true: switched on even on AMD systems
- false: switched off for all
- nodom0: switched off for dom0
Signed-off-by: Juergen Gross <jgross@suse.com>
---
docs/misc/xen-command-line.markdown | 18 ++++++++++++
xen/arch/x86/pv/domain.c | 55 +++++++++++++++++++++++++++++++++++++
xen/include/asm-x86/domain.h | 2 ++
3 files changed, 75 insertions(+)
diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index f5214defbb..90202a5cc9 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1911,6 +1911,24 @@ In the case that x2apic is in use, this option switches between physical and
clustered mode. The default, given no hint from the **FADT**, is cluster
mode.
+### xpti
+> `= nodom0 | default | <boolean>`
+
+> Default: `false` on AMD hardware, `true` everywhere else.
+
+> Can be modified at runtime
+
+Override default selection of whether to isolate 64-bit PV guest page
+tables.
+
+`true` activates page table isolation even on AMD hardware.
+
+`false` deactivates page table isolation on all systems.
+
+`nodom0` deactivates page table isolation for dom0.
+
+`default` switch to default settings.
+
### xsave
> `= <boolean>`
diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c
index 74e9e667d2..7d50f9bc19 100644
--- a/xen/arch/x86/pv/domain.c
+++ b/xen/arch/x86/pv/domain.c
@@ -6,6 +6,7 @@
#include <xen/domain_page.h>
#include <xen/errno.h>
+#include <xen/init.h>
#include <xen/lib.h>
#include <xen/sched.h>
@@ -17,6 +18,40 @@
#undef page_to_mfn
#define page_to_mfn(pg) _mfn(__page_to_mfn(pg))
+static __read_mostly enum {
+ XPTI_DEFAULT,
+ XPTI_ON,
+ XPTI_OFF,
+ XPTI_NODOM0
+} opt_xpti = XPTI_DEFAULT;
+
+static int parse_xpti(const char *s)
+{
+ int rc = 0;
+
+ switch ( parse_bool(s, NULL) )
+ {
+ case 0:
+ opt_xpti = XPTI_OFF;
+ break;
+ case 1:
+ opt_xpti = XPTI_ON;
+ break;
+ default:
+ if ( !strcmp(s, "default") )
+ opt_xpti = XPTI_DEFAULT;
+ else if ( !strcmp(s, "nodom0") )
+ opt_xpti = XPTI_NODOM0;
+ else
+ rc = -EINVAL;
+ break;
+ }
+
+ return rc;
+}
+
+custom_runtime_param("xpti", parse_xpti);
+
static void noreturn continue_nonidle_domain(struct vcpu *v)
{
check_wakeup_from_wait();
@@ -76,6 +111,8 @@ int switch_compat(struct domain *d)
goto undo_and_fail;
}
+ d->arch.pv_domain.xpti = false;
+
domain_set_alloc_bitsize(d);
recalculate_cpuid_policy(d);
@@ -212,6 +249,24 @@ int pv_domain_initialise(struct domain *d, unsigned int domcr_flags,
/* 64-bit PV guest by default. */
d->arch.is_32bit_pv = d->arch.has_32bit_shinfo = 0;
+ switch (opt_xpti)
+ {
+ case XPTI_OFF:
+ d->arch.pv_domain.xpti = false;
+ break;
+ case XPTI_ON:
+ d->arch.pv_domain.xpti = true;
+ break;
+ case XPTI_NODOM0:
+ d->arch.pv_domain.xpti = boot_cpu_data.x86_vendor != X86_VENDOR_AMD &&
+ d->domain_id != 0 &&
+ d->domain_id != hardware_domid;
+ break;
+ case XPTI_DEFAULT:
+ d->arch.pv_domain.xpti = boot_cpu_data.x86_vendor != X86_VENDOR_AMD;
+ break;
+ }
+
return 0;
fail:
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 4679d5477d..f1230ac621 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -257,6 +257,8 @@ struct pv_domain
struct mapcache_domain mapcache;
struct cpuidmasks *cpuidmasks;
+
+ bool xpti;
};
struct monitor_write_data {
--
2.13.6
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-01-22 12:37 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-22 12:32 [PATCH RFC v2 00/12] xen/x86: use per-vcpu stacks for 64 bit pv domains Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 01/12] x86: cleanup processor.h Juergen Gross
2018-01-22 12:52 ` Jan Beulich
[not found] ` <5A65ECA502000078001A111C@suse.com>
2018-01-22 14:10 ` Juergen Gross
2018-01-22 14:25 ` Andrew Cooper
2018-01-22 14:32 ` Jan Beulich
2018-01-22 12:32 ` [PATCH RFC v2 02/12] x86: don't use hypervisor stack size for dumping guest stacks Juergen Gross
2018-01-23 9:26 ` Jan Beulich
[not found] ` <5A670DEF02000078001A16AF@suse.com>
2018-01-23 9:58 ` Juergen Gross
2018-01-23 10:11 ` Jan Beulich
[not found] ` <5A67187C02000078001A1742@suse.com>
2018-01-23 10:19 ` Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 03/12] x86: do a revert of e871e80c38547d9faefc6604532ba3e985e65873 Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 04/12] x86: revert 5784de3e2067ed73efc2fe42e62831e8ae7f46c4 Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 05/12] x86: don't access saved user regs via rsp in trap handlers Juergen Gross
2018-01-30 14:49 ` Jan Beulich
[not found] ` <5A70941B02000078001A3BF0@suse.com>
2018-01-30 16:33 ` Juergen Gross
2018-01-22 12:32 ` Juergen Gross [this message]
2018-01-30 15:39 ` [PATCH RFC v2 06/12] x86: add a xpti command line parameter Jan Beulich
[not found] ` <5A709FDF02000078001A3C2C@suse.com>
2018-01-30 16:51 ` Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 07/12] x86: allow per-domain mappings without NX bit or with specific mfn Juergen Gross
2018-01-29 17:06 ` Jan Beulich
[not found] ` <5A6F62B602000078001A3810@suse.com>
2018-01-30 8:02 ` Juergen Gross
2018-01-30 8:41 ` Jan Beulich
2018-01-31 10:30 ` Jan Beulich
2018-01-22 12:32 ` [PATCH RFC v2 08/12] xen/x86: use dedicated function for tss initialization Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 09/12] x86: enhance syscall stub to work in per-domain mapping Juergen Gross
2018-01-30 15:11 ` Jan Beulich
[not found] ` <5A70991902000078001A3C16@suse.com>
2018-01-30 16:50 ` Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 10/12] x86: allocate per-vcpu stacks for interrupt entries Juergen Gross
2018-01-30 15:40 ` Jan Beulich
2018-02-09 12:35 ` Juergen Gross
2018-02-13 9:10 ` Jan Beulich
[not found] ` <5A70A01402000078001A3C30@suse.com>
2018-01-30 17:12 ` Juergen Gross
2018-01-31 10:18 ` Jan Beulich
2018-01-22 12:32 ` [PATCH RFC v2 11/12] x86: modify interrupt handlers to support stack switching Juergen Gross
2018-01-30 16:07 ` Jan Beulich
[not found] ` <5A70A63D02000078001A3C7C@suse.com>
2018-01-30 17:19 ` Juergen Gross
2018-01-31 10:36 ` Jan Beulich
[not found] ` <5A71AA4202000078001A3F56@suse.com>
2018-02-02 15:42 ` Juergen Gross
2018-01-22 12:32 ` [PATCH RFC v2 12/12] x86: activate per-vcpu stacks in case of xpti Juergen Gross
2018-01-30 16:33 ` Jan Beulich
[not found] ` <5A70AC7F02000078001A3CA6@suse.com>
2018-01-30 17:33 ` Juergen Gross
2018-01-31 10:40 ` Jan Beulich
2018-01-22 12:50 ` [PATCH RFC v2 00/12] xen/x86: use per-vcpu stacks for 64 bit pv domains Jan Beulich
[not found] ` <5A65EC0A02000078001A1118@suse.com>
2018-01-22 14:18 ` Juergen Gross
2018-01-22 14:22 ` Jan Beulich
[not found] ` <5A6601D302000078001A1230@suse.com>
2018-01-22 14:38 ` Juergen Gross
2018-01-22 14:48 ` Jan Beulich
[not found] ` <5A6607DB02000078001A127B@suse.com>
2018-01-22 15:00 ` Juergen Gross
2018-01-22 16:51 ` Jan Beulich
2018-01-22 18:39 ` Andrew Cooper
2018-01-22 18:48 ` George Dunlap
2018-01-22 19:02 ` Andrew Cooper
2018-01-23 8:36 ` Jan Beulich
2018-01-23 11:23 ` Andrew Cooper
2018-01-23 11:06 ` George Dunlap
2018-01-23 6:34 ` Juergen Gross
2018-01-23 7:21 ` Juergen Gross
2018-01-23 8:53 ` Jan Beulich
[not found] ` <5A67061F02000078001A1669@suse.com>
2018-01-23 9:24 ` Juergen Gross
2018-01-23 9:31 ` Jan Beulich
[not found] ` <5A670F0E02000078001A16C9@suse.com>
2018-01-23 10:10 ` Juergen Gross
2018-01-23 11:45 ` Andrew Cooper
2018-01-23 13:31 ` Juergen Gross
2018-01-23 13:24 ` Dario Faggioli
2018-01-23 16:45 ` George Dunlap
2018-01-23 16:56 ` Juergen Gross
2018-01-23 17:33 ` George Dunlap
2018-01-24 7:37 ` Jan Beulich
[not found] ` <5A6624A602000078001A1375@suse.com>
2018-01-23 5:50 ` Juergen Gross
2018-01-23 8:40 ` Jan Beulich
[not found] ` <5A67030F02000078001A164B@suse.com>
2018-01-23 9:45 ` Juergen Gross
2018-01-22 21:45 ` Konrad Rzeszutek Wilk
2018-01-23 6:38 ` Juergen Gross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180122123256.1431-7-jgross@suse.com \
--to=jgross@suse.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=dfaggioli@suse.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).