[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] VMX: don't blindly enable descriptor table exiting control
commit 91115f8b6e4792e2caf3dde405ea068060569bfb Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Wed Apr 19 13:26:55 2017 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Wed Apr 19 13:26:55 2017 +0200 VMX: don't blindly enable descriptor table exiting control This is an optional feature and hence we should check for it before use. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx> Release-acked-by: Julien Grall <julien.grall@xxxxxxx> --- xen/arch/x86/hvm/vmx/vmcs.c | 8 ++++++++ xen/arch/x86/hvm/vmx/vmx.c | 5 ++++- xen/arch/x86/monitor.c | 3 +++ xen/include/asm-x86/hvm/vmx/vmcs.h | 2 ++ xen/include/asm-x86/monitor.h | 6 ++++-- 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 99c77b9..8103b20 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -226,6 +226,7 @@ static int vmx_init_vmcs_config(void) opt = (SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | SECONDARY_EXEC_WBINVD_EXITING | SECONDARY_EXEC_ENABLE_EPT | + SECONDARY_EXEC_DESCRIPTOR_TABLE_EXITING | SECONDARY_EXEC_ENABLE_RDTSCP | SECONDARY_EXEC_PAUSE_LOOP_EXITING | SECONDARY_EXEC_ENABLE_INVPCID | @@ -1020,6 +1021,13 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm_vmx.secondary_exec_control = vmx_secondary_exec_control; + /* + * Disable descriptor table exiting: It's controlled by the VM event + * monitor requesting it. + */ + v->arch.hvm_vmx.secondary_exec_control &= + ~SECONDARY_EXEC_DESCRIPTOR_TABLE_EXITING; + /* Disable VPID for now: we decide when to enable it on VMENTER. */ v->arch.hvm_vmx.secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_VPID; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index ad83108..ab52e40 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2325,7 +2325,6 @@ static struct hvm_function_table __initdata vmx_function_table = { .handle_cd = vmx_handle_cd, .set_info_guest = vmx_set_info_guest, .set_rdtsc_exiting = vmx_set_rdtsc_exiting, - .set_descriptor_access_exiting = vmx_set_descriptor_access_exiting, .nhvm_vcpu_initialise = nvmx_vcpu_initialise, .nhvm_vcpu_destroy = nvmx_vcpu_destroy, .nhvm_vcpu_reset = nvmx_vcpu_reset, @@ -2446,6 +2445,10 @@ const struct hvm_function_table * __init start_vmx(void) return NULL; } + if ( cpu_has_vmx_dt_exiting ) + vmx_function_table.set_descriptor_access_exiting = + vmx_set_descriptor_access_exiting; + /* * Do not enable EPT when (!cpu_has_vmx_pat), to prevent security hole * (refer to http://xenbits.xen.org/xsa/advisory-60.html). diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c index eeb67f5..449c64c 100644 --- a/xen/arch/x86/monitor.c +++ b/xen/arch/x86/monitor.c @@ -219,6 +219,9 @@ int arch_monitor_domctl_event(struct domain *d, if ( unlikely(old_status == requested_status) ) return -EEXIST; + if ( !hvm_funcs.set_descriptor_access_exiting ) + return -EOPNOTSUPP; + domain_pause(d); ad->monitor.descriptor_access_enabled = requested_status; diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index dc5d91f..9507bd2 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -274,6 +274,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) +#define cpu_has_vmx_dt_exiting \ + (vmx_secondary_exec_control & SECONDARY_EXEC_DESCRIPTOR_TABLE_EXITING) #define cpu_has_vmx_vpid \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) #define cpu_has_monitor_trap_flag \ diff --git a/xen/include/asm-x86/monitor.h b/xen/include/asm-x86/monitor.h index c3d2699..81a133b 100644 --- a/xen/include/asm-x86/monitor.h +++ b/xen/include/asm-x86/monitor.h @@ -77,13 +77,15 @@ static inline uint32_t arch_monitor_get_capabilities(struct domain *d) (1U << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST) | (1U << XEN_DOMCTL_MONITOR_EVENT_DEBUG_EXCEPTION) | (1U << XEN_DOMCTL_MONITOR_EVENT_CPUID) | - (1U << XEN_DOMCTL_MONITOR_EVENT_INTERRUPT) | - (1U << XEN_DOMCTL_MONITOR_EVENT_DESC_ACCESS); + (1U << XEN_DOMCTL_MONITOR_EVENT_INTERRUPT); /* Since we know this is on VMX, we can just call the hvm func */ if ( hvm_is_singlestep_supported() ) capabilities |= (1U << XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP); + if ( hvm_funcs.set_descriptor_access_exiting ) + capabilities |= (1U << XEN_DOMCTL_MONITOR_EVENT_DESC_ACCESS); + return capabilities; } -- generated by git-patchbot for /home/xen/git/xen.git#master _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |