[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/4] x86: stop handling MSR_IA32_BNDCFGS save/restore in implementation code



> -----Original Message-----
> From: Xen-devel [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Jan Beulich
> Sent: 13 March 2019 15:55
> To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Paul Durrant 
> <Paul.Durrant@xxxxxxxxxx>
> Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>; Kevin Tian 
> <kevin.tian@xxxxxxxxx>; Wei Liu
> <wei.liu2@xxxxxxxxxx>; Jun Nakajima <jun.nakajima@xxxxxxxxx>; Roger Pau Monne 
> <roger.pau@xxxxxxxxxx>
> Subject: Re: [Xen-devel] [PATCH v2 1/4] x86: stop handling MSR_IA32_BNDCFGS 
> save/restore in
> implementation code
> 
> >>> On 11.03.19 at 19:09, <paul.durrant@xxxxxxxxxx> wrote:
> > v2:
> >  - Addressed comments from Jan by largely removing hunks
> 
> I think you've removed more than I was expecting, but I'm fine
> this way.
> 
> > @@ -158,6 +158,13 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, 
> > uint64_t *val)
> >          ret = guest_rdmsr_x2apic(v, msr, val);
> >          break;
> >
> > +    case MSR_IA32_BNDCFGS:
> > +        if ( !is_hvm_domain(d) || !cp->feat.mpx ||
> > +             !hvm_get_guest_bndcfgs(v, val) )
> > +            goto gp_fault;
> > +
> > +        break;
> > +
> >      case 0x40000000 ... 0x400001ff:
> >          if ( is_viridian_domain(d) )
> >          {
> > @@ -319,6 +326,13 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t 
> > val)
> >          ret = guest_wrmsr_x2apic(v, msr, val);
> >          break;
> >
> > +    case MSR_IA32_BNDCFGS:
> > +        if ( !is_hvm_domain(d) || !cp->feat.mpx ||
> > +             !hvm_set_guest_bndcfgs(v, val) )
> > +            goto gp_fault;
> 
> In both cases the is_hvm_*() check looks to be redundant, as
> for PV guests cp->feat.mpx can't be set. Personally I'd prefer
> this to be an ASSERT() instead, but I'd listen to Andrew (as
> the main author of this code) saying otherwise.

I'm ok with an ASSERT but I'll check with Andrew as you suggest.

> 
> > --- a/xen/include/asm-x86/msr.h
> > +++ b/xen/include/asm-x86/msr.h
> > @@ -328,7 +328,7 @@ int init_vcpu_msr_policy(struct vcpu *v);
> >   * These functions are also used by the migration logic, so need to cope 
> > with
> >   * being used outside of v's context.
> >   */
> > -int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val);
> > +int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val);
> 
> I find this pretty undesirable, and I'd like to at least put out
> for discussion a means how to avoid it: Any entity being
> passed a const struct vcpu *cv can get hold of a non-const
> one by doing
> 
>     struct vcpu *v = cv->domain->vcpu[cv->vcpu_id];
> 

Looks kind of odd, but of course it will certainly work.

> Of course this shouldn't be used arbitrarily, but to hide an
> implementation detail like that of vmx_vmcs_enter() I think
> this could be justified. Thoughts?
> 

I guess the question is at what level to do this? Probably in the hvm code 
rather than in the vmx code.

  Paul 

> Jan
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxxx
> https://lists.xenproject.org/mailman/listinfo/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.