|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.15] VMX: tertiary execution control infrastructure
commit 97a6db38f364e7e2b5f906e46b753815e1dcbef7
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Feb 7 13:46:11 2024 +0100
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Apr 9 17:16:32 2024 +0100
VMX: tertiary execution control infrastructure
This is a prereq to enabling e.g. the MSRLIST feature.
Note that the PROCBASED_CTLS3 MSR is different from other VMX feature
reporting MSRs, in that all 64 bits report allowed 1-settings.
vVMX code is left alone, though, for the time being.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
(cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2)
---
xen/arch/x86/hvm/vmx/vmcs.c | 57 ++++++++++++++++++++++++++++++++++----
xen/arch/x86/hvm/vmx/vmx.c | 6 ++++
xen/include/asm-x86/hvm/vmx/vmcs.h | 13 +++++++++
xen/include/asm-x86/hvm/vmx/vmx.h | 1 +
xen/include/asm-x86/msr-index.h | 1 +
5 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 237b13459d..888239ce0f 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -173,6 +173,7 @@ static int parse_ept_param_runtime(const char *s)
u32 vmx_pin_based_exec_control __read_mostly;
u32 vmx_cpu_based_exec_control __read_mostly;
u32 vmx_secondary_exec_control __read_mostly;
+uint64_t vmx_tertiary_exec_control __read_mostly;
u32 vmx_vmexit_control __read_mostly;
u32 vmx_vmentry_control __read_mostly;
u64 vmx_ept_vpid_cap __read_mostly;
@@ -236,10 +237,32 @@ static u32 adjust_vmx_controls(
return ctl;
}
-static bool_t cap_check(const char *name, u32 expected, u32 saw)
+static uint64_t adjust_vmx_controls2(
+ const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr,
+ bool *mismatch)
+{
+ uint64_t vmx_msr, ctl = ctl_min | ctl_opt;
+
+ rdmsrl(msr, vmx_msr);
+
+ ctl &= vmx_msr; /* bit == 0 ==> must be zero */
+
+ /* Ensure minimum (required) set of control bits are supported. */
+ if ( ctl_min & ~ctl )
+ {
+ *mismatch = true;
+ printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n",
+ smp_processor_id(), name, ctl, ctl_min);
+ }
+
+ return ctl;
+}
+
+static bool cap_check(
+ const char *name, unsigned long expected, unsigned long saw)
{
if ( saw != expected )
- printk("VMX %s: saw %#x expected %#x\n", name, saw, expected);
+ printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected);
return saw != expected;
}
@@ -249,6 +272,7 @@ static int vmx_init_vmcs_config(bool bsp)
u32 _vmx_pin_based_exec_control;
u32 _vmx_cpu_based_exec_control;
u32 _vmx_secondary_exec_control = 0;
+ uint64_t _vmx_tertiary_exec_control = 0;
u64 _vmx_ept_vpid_cap = 0;
u64 _vmx_misc_cap = 0;
u32 _vmx_vmexit_control;
@@ -282,7 +306,8 @@ static int vmx_init_vmcs_config(bool bsp)
opt = (CPU_BASED_ACTIVATE_MSR_BITMAP |
CPU_BASED_TPR_SHADOW |
CPU_BASED_MONITOR_TRAP_FLAG |
- CPU_BASED_ACTIVATE_SECONDARY_CONTROLS);
+ CPU_BASED_ACTIVATE_SECONDARY_CONTROLS |
+ CPU_BASED_ACTIVATE_TERTIARY_CONTROLS);
_vmx_cpu_based_exec_control = adjust_vmx_controls(
"CPU-Based Exec Control", min, opt,
MSR_IA32_VMX_PROCBASED_CTLS, &mismatch);
@@ -343,6 +368,15 @@ static int vmx_init_vmcs_config(bool bsp)
MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch);
}
+ if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS )
+ {
+ uint64_t opt = 0;
+
+ _vmx_tertiary_exec_control = adjust_vmx_controls2(
+ "Tertiary Exec Control", 0, opt,
+ MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch);
+ }
+
/* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */
if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT |
SECONDARY_EXEC_ENABLE_VPID) )
@@ -473,6 +507,7 @@ static int vmx_init_vmcs_config(bool bsp)
vmx_pin_based_exec_control = _vmx_pin_based_exec_control;
vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control;
vmx_secondary_exec_control = _vmx_secondary_exec_control;
+ vmx_tertiary_exec_control = _vmx_tertiary_exec_control;
vmx_ept_vpid_cap = _vmx_ept_vpid_cap;
vmx_vmexit_control = _vmx_vmexit_control;
vmx_vmentry_control = _vmx_vmentry_control;
@@ -508,6 +543,9 @@ static int vmx_init_vmcs_config(bool bsp)
mismatch |= cap_check(
"Secondary Exec Control",
vmx_secondary_exec_control, _vmx_secondary_exec_control);
+ mismatch |= cap_check(
+ "Tertiary Exec Control",
+ vmx_tertiary_exec_control, _vmx_tertiary_exec_control);
mismatch |= cap_check(
"VMExit Control",
vmx_vmexit_control, _vmx_vmexit_control);
@@ -1084,6 +1122,7 @@ static int construct_vmcs(struct vcpu *v)
v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING;
v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control;
+ v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control;
/*
* Disable features which we don't want active by default:
@@ -1152,6 +1191,10 @@ static int construct_vmcs(struct vcpu *v)
__vmwrite(SECONDARY_VM_EXEC_CONTROL,
v->arch.hvm.vmx.secondary_exec_control);
+ if ( cpu_has_vmx_tertiary_exec_control )
+ __vmwrite(TERTIARY_VM_EXEC_CONTROL,
+ v->arch.hvm.vmx.tertiary_exec_control);
+
/* MSR access bitmap. */
if ( cpu_has_vmx_msr_bitmap )
{
@@ -2071,10 +2114,12 @@ void vmcs_dump_vcpu(struct vcpu *v)
vmr(HOST_PERF_GLOBAL_CTRL));
printk("*** Control State ***\n");
- printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n",
+ printk("PinBased=%08x CPUBased=%08x\n",
vmr32(PIN_BASED_VM_EXEC_CONTROL),
- vmr32(CPU_BASED_VM_EXEC_CONTROL),
- vmr32(SECONDARY_VM_EXEC_CONTROL));
+ vmr32(CPU_BASED_VM_EXEC_CONTROL));
+ printk("SecondaryExec=%08x TertiaryExec=%016lx\n",
+ vmr32(SECONDARY_VM_EXEC_CONTROL),
+ vmr(TERTIARY_VM_EXEC_CONTROL));
printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl);
printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n",
vmr32(EXCEPTION_BITMAP),
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 8bb4a6e042..a7f9fefa8c 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -584,6 +584,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v)
v->arch.hvm.vmx.secondary_exec_control);
}
+void vmx_update_tertiary_exec_control(const struct vcpu *v)
+{
+ __vmwrite(TERTIARY_VM_EXEC_CONTROL,
+ v->arch.hvm.vmx.tertiary_exec_control);
+}
+
void vmx_update_exception_bitmap(struct vcpu *v)
{
u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode)
diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h
b/xen/include/asm-x86/hvm/vmx/vmcs.h
index 8073af323b..9b246b802b 100644
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -125,6 +125,7 @@ struct vmx_vcpu {
/* Cache of cpu execution control. */
u32 exec_control;
u32 secondary_exec_control;
+ uint64_t tertiary_exec_control;
u32 exception_bitmap;
uint64_t shadow_gs;
@@ -207,6 +208,7 @@ void vmx_vmcs_reload(struct vcpu *v);
#define CPU_BASED_RDTSC_EXITING 0x00001000
#define CPU_BASED_CR3_LOAD_EXITING 0x00008000
#define CPU_BASED_CR3_STORE_EXITING 0x00010000
+#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000
#define CPU_BASED_CR8_LOAD_EXITING 0x00080000
#define CPU_BASED_CR8_STORE_EXITING 0x00100000
#define CPU_BASED_TPR_SHADOW 0x00200000
@@ -269,6 +271,14 @@ extern u32 vmx_vmentry_control;
#define SECONDARY_EXEC_TSC_SCALING 0x02000000
extern u32 vmx_secondary_exec_control;
+#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL)
+#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL)
+#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL)
+#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL)
+#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL)
+#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL)
+extern uint64_t vmx_tertiary_exec_control;
+
#define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001
#define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040
#define VMX_EPT_MEMORY_TYPE_UC 0x00000100
@@ -304,6 +314,8 @@ extern u64 vmx_ept_vpid_cap;
(vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP)
#define cpu_has_vmx_secondary_exec_control \
(vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS)
+#define cpu_has_vmx_tertiary_exec_control \
+ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS)
#define cpu_has_vmx_ept \
(vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT)
#define cpu_has_vmx_dt_exiting \
@@ -423,6 +435,7 @@ enum vmcs_field {
VIRT_EXCEPTION_INFO = 0x0000202a,
XSS_EXIT_BITMAP = 0x0000202c,
TSC_MULTIPLIER = 0x00002032,
+ TERTIARY_VM_EXEC_CONTROL = 0x00002034,
GUEST_PHYSICAL_ADDRESS = 0x00002400,
VMCS_LINK_POINTER = 0x00002800,
GUEST_IA32_DEBUGCTL = 0x00002802,
diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h
b/xen/include/asm-x86/hvm/vmx/vmx.h
index 534e9fc221..a651cb3465 100644
--- a/xen/include/asm-x86/hvm/vmx/vmx.h
+++ b/xen/include/asm-x86/hvm/vmx/vmx.h
@@ -103,6 +103,7 @@ void vmx_update_debug_state(struct vcpu *v);
void vmx_update_exception_bitmap(struct vcpu *v);
void vmx_update_cpu_exec_control(struct vcpu *v);
void vmx_update_secondary_exec_control(struct vcpu *v);
+void vmx_update_tertiary_exec_control(const struct vcpu *v);
#define POSTED_INTR_ON 0
#define POSTED_INTR_SN 1
diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h
index 5433ee199d..7fd9864a2e 100644
--- a/xen/include/asm-x86/msr-index.h
+++ b/xen/include/asm-x86/msr-index.h
@@ -312,6 +312,7 @@
#define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f
#define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490
#define MSR_IA32_VMX_VMFUNC 0x491
+#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492
/* K7/K8 MSRs. Not complete. See the architecture manual for a more
complete list. */
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.15
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |