Xen project Mailing List

[xen master] x86/hvm: Disable MPX by default

Date: Mon, 22 Jun 2020 09:56:03 +0000

Delivery-date: Mon, 22 Jun 2020 09:56:04 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit 54463aa79dac70a9d92f55650c7b8fe3e9fcc967 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Mon Feb 24 17:15:56 2020 +0000 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Wed Jun 17 13:54:12 2020 +0100 x86/hvm: Disable MPX by default Memory Protection eXtension support has been dropped from GCC and Linux, and will be dropped from future Intel CPUs. With all other default/max pieces in place, move MPX from default to max. This means that VMs won't be offered it by default, but can explicitly opt into using it via cpuid="host,mpx=1" in their vm.cfg file. The difference as visible to the guest is: diff --git a/default b/mpx index 0e91765d6b..c8c33cd584 100644 --- a/default +++ b/mpx @@ -13,15 +13,17 @@ Native cpuid: 00000004:00000004 -> 00000000:00000000:00000000:00000000 00000005:ffffffff -> 00000000:00000000:00000000:00000000 00000006:ffffffff -> 00000000:00000000:00000000:00000000 - 00000007:00000000 -> 00000000:009c2fbb:00000000:9c000400 + 00000007:00000000 -> 00000000:009c6fbb:00000000:9c000400 00000008:ffffffff -> 00000000:00000000:00000000:00000000 00000009:ffffffff -> 00000000:00000000:00000000:00000000 0000000a:ffffffff -> 00000000:00000000:00000000:00000000 0000000b:ffffffff -> 00000000:00000000:00000000:00000000 0000000c:ffffffff -> 00000000:00000000:00000000:00000000 - 0000000d:00000000 -> 00000007:00000240:00000340:00000000 + 0000000d:00000000 -> 0000001f:00000240:00000440:00000000 0000000d:00000001 -> 0000000f:00000240:00000000:00000000 0000000d:00000002 -> 00000100:00000240:00000000:00000000 + 0000000d:00000003 -> 00000040:000003c0:00000000:00000000 + 0000000d:00000004 -> 00000040:00000400:00000000:00000000 40000000:ffffffff -> 40000005:566e6558:65584d4d:4d4d566e 40000001:ffffffff -> 0004000e:00000000:00000000:00000000 40000002:ffffffff -> 00000001:40000000:00000000:00000000 Adjust the legacy restore path in libxc to cope safely with pre-4.14 VMs. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Release-acked-by: Paul Durrant <paul@xxxxxxx> --- tools/libxc/xc_cpuid_x86.c | 48 ++++++++++++++++++----------- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c index b6b5dc88a2..6e80fcd1d2 100644 --- a/tools/libxc/xc_cpuid_x86.c +++ b/tools/libxc/xc_cpuid_x86.c @@ -436,6 +436,8 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, xen_cpuid_leaf_t *leaves = NULL; struct cpuid_policy *p = NULL; uint32_t err_leaf = -1, err_subleaf = -1, err_msr = -1; + uint32_t host_featureset[FEATURESET_NR_ENTRIES] = {}; + uint32_t len = ARRAY_SIZE(host_featureset); if ( xc_domain_getinfo(xch, domid, 1, &di) != 1 || di.domid != domid ) @@ -458,6 +460,22 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, (p = calloc(1, sizeof(*p))) == NULL ) goto out; + /* Get the host policy. */ + rc = xc_get_cpu_featureset(xch, XEN_SYSCTL_cpu_featureset_host, + &len, host_featureset); + if ( rc ) + { + /* Tolerate "buffer too small", as we've got the bits we need. */ + if ( errno == ENOBUFS ) + rc = 0; + else + { + PERROR("Failed to obtain host featureset"); + rc = -errno; + goto out; + } + } + /* Get the domain's default policy. */ nr_msrs = 0; rc = xc_get_system_cpu_policy(xch, di.hvm ? XEN_SYSCTL_cpu_policy_hvm_default @@ -479,6 +497,18 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, goto out; } + /* + * Account for feature which have been disabled by default since Xen 4.13, + * so migrated-in VM's don't risk seeing features disappearing. + */ + if ( restore ) + { + if ( di.hvm ) + { + p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); + } + } + if ( featureset ) { uint32_t disabled_features[FEATURESET_NR_ENTRIES], @@ -530,24 +560,6 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, if ( !di.hvm ) { - uint32_t host_featureset[FEATURESET_NR_ENTRIES] = {}; - uint32_t len = ARRAY_SIZE(host_featureset); - - rc = xc_get_cpu_featureset(xch, XEN_SYSCTL_cpu_featureset_host, - &len, host_featureset); - if ( rc ) - { - /* Tolerate "buffer too small", as we've got the bits we need. */ - if ( errno == ENOBUFS ) - rc = 0; - else - { - PERROR("Failed to obtain host featureset"); - rc = -errno; - goto out; - } - } - /* * On hardware without CPUID Faulting, PV guests see real topology. * As a consequence, they also need to see the host htt/cmp fields. diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 5ca35d9d97..af1b8a96a6 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -207,7 +207,7 @@ XEN_CPUFEATURE(INVPCID, 5*32+10) /*H Invalidate Process Context ID */ XEN_CPUFEATURE(RTM, 5*32+11) /*A Restricted Transactional Memory */ XEN_CPUFEATURE(PQM, 5*32+12) /* Platform QoS Monitoring */ XEN_CPUFEATURE(NO_FPU_SEL, 5*32+13) /*! FPU CS/DS stored as zero */ -XEN_CPUFEATURE(MPX, 5*32+14) /*S Memory Protection Extensions */ +XEN_CPUFEATURE(MPX, 5*32+14) /*s Memory Protection Extensions */ XEN_CPUFEATURE(PQE, 5*32+15) /* Platform QoS Enforcement */ XEN_CPUFEATURE(AVX512F, 5*32+16) /*A AVX-512 Foundation Instructions */ XEN_CPUFEATURE(AVX512DQ, 5*32+17) /*A AVX-512 Doubleword & Quadword Instrs */ -- generated by git-patchbot for /home/xen/git/xen.git#master

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.