Xen project Mailing List

Re: [Xen-devel] [PATCH v2 0/5] VMX MSRs policy for Nested Virt: part 1

To: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>

Date: Thu, 27 Jul 2017 07:48:15 +0000

Accept-language: en-US

Cc: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>

Delivery-date: Thu, 27 Jul 2017 07:48:44 +0000

Dlp-product: dlpe-windows

Dlp-reaction: no-action

Dlp-version: 10.0.102.7

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AQHTBIOCcRnq0HmQzECHsBKzyOMl0aJnUCQQ

Thread-topic: [PATCH v2 0/5] VMX MSRs policy for Nested Virt: part 1

> From: Sergey Dyasli [mailto:sergey.dyasli@xxxxxxxxxx] > Sent: Monday, July 24, 2017 9:48 PM > > The end goal of having VMX MSRs policy is to be able to manage > L1 VMX features. This patch series is the first part of this work. > There is no functional change to what L1 sees in VMX MSRs at this > point. But each domain will have a policy object which allows to > sensibly query what VMX features the domain has. This will unblock > some other nested virtualization work items. > > Currently, when nested virt is enabled, the set of L1 VMX features > is fixed and calculated by nvmx_msr_read_intercept() as an intersection > between the full set of Xen's supported L1 VMX features, the set of > actual H/W features and, for MSR_IA32_VMX_EPT_VPID_CAP, the set of > features that Xen uses. > > The above makes L1 VMX feature set inconsistent between different H/W > and there is no ability to control what features are available to L1. > The overall set of issues has much in common with CPUID policy. > > Part 1 introduces struct vmx_msr_policy and the following instances: > > * Raw policy (raw_vmx_msr_policy) -- the actual contents of H/W VMX MSRs > * VVMX max policy (vvmx_max_msr_policy) -- the end result of > nvmx_msr_read_intercept() on current H/W it's clearer to call it max_vvmx_msr_policy > * Per-domain policy (d->arch.vmx_msr) -- the copy of VVMX max policy > (for now) > > In the future it should be possible to independently configure the VMX > policy for each domain using some new domctl. > > There is no "Host policy" object because Xen already has a set of > variables (vmx_pin_based_exec_control and others) which represent > the set of VMX features that Xen uses. There are features that Xen > doesn't use (e.g. CPU_BASED_PAUSE_EXITING) but they are available to L1. > This makes it not worthy to introduce "Host policy" at this stage. > > v1 --> v2: > - Rebased to the latest master > - hvm_max_vmx_msr_policy is renamed to vvmx_max_msr_policy > - Dropped the debug patch > - Other changes are available on a per-patch basis > > Sergey Dyasli (5): > x86/vmx: add struct vmx_msr_policy > x86/vmx: add raw_vmx_msr_policy > x86/vmx: refactor vmx_init_vmcs_config() > x86/vvmx: add vvmx_max_msr_policy > x86/vvmx: add per domain vmx msr policy > > xen/arch/x86/domain.c | 6 + > xen/arch/x86/hvm/vmx/vmcs.c | 269 +++++++++++++++++--------- > xen/arch/x86/hvm/vmx/vmx.c | 2 + > xen/arch/x86/hvm/vmx/vvmx.c | 296 ++++++++++++++-------------- > xen/include/asm-x86/domain.h | 2 + > xen/include/asm-x86/hvm/vmx/vmcs.h | 383 > +++++++++++++++++++++++++++++++++++++ > xen/include/asm-x86/hvm/vmx/vvmx.h | 3 + > xen/include/asm-x86/msr-index.h | 1 + > 8 files changed, 722 insertions(+), 240 deletions(-) > > -- > 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.