[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v1 7/7] x86/vmx: switch IPT MSRs on vmentry/vmexit


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Michał Leszczyński <michal.leszczynski@xxxxxxx>
  • From: "Kang, Luwei" <luwei.kang@xxxxxxxxx>
  • Date: Wed, 17 Jun 2020 23:30:20 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NbMPmNMCRf31sEUYAuqQ9dIp2fsZdxHCJN5Tg4Qo0l8=; b=HGin0GwZSnDeA2/QJME8hNKjOJng1ayQE8VDCMJQMCJ5/WXgSPqLO6KB8YoRZDpp1uR/989HNZ3gc/61ymBPoNwMoWLVRXFwnXc3NbaVIuk8Wb0W8ujytl+Ow6rmZL36JPCoxMGiTHFGu/AC8igfJYbJ6xeNyTGYES3+DwY+vQsTJFYbvWHa86ghKSwpkjQm9ONWiTbSOeTQbTCm+ReUIdVFSom3apQMg8p1SUUl/mqBKLFnvI+Bnq4yYJnaX4NYSdQmGJblgvMONKcZHe/5t2/6pceTiOO6LN2lXqFE5lxp4AsQGNVh6Fn3iLBO9b10X7QW9jOAr2Bhu/2FwTB2Qw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NuGfLQ7FhDXmPVyiYK1g3IX2OHA87waAHB53igWKn9lRPBa6KuC6x66XWa2lqzhTLoky5gqSd7iTkloXnJo4p7FMsjvC/0YBZQme1EoY/BZzmZ/aIAWmHvQNv0SCb/2OQIHzluG7GKYJQYv1ANf3TWWoz9ualvjWqebv0u9HPGmeLUL0UogyZCJTel29qG0BTwp79okIfGVQpA3RP4sSf21GtPAlfmpazu9P2s1M+O7DU4kGI517jK240wLvDMKsQHLMkv/Wrz0Ukf3Dmt5RnT1cwb4u0Fu0ttVVNX6JyETd4VtiZd3m3bAQKc6YBDOvSKJOFtE2zkpNmXfBJsNjew==
  • Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=intel.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Tian, Kevin" <kevin.tian@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>
  • Delivery-date: Wed, 17 Jun 2020 23:30:26 +0000
  • Dlp-product: dlpe-windows
  • Dlp-reaction: no-action
  • Dlp-version: 11.2.0.6
  • Ironport-sdr: E6pNozX2IuE+MqZdflOlU9Y+GieO86k+l5sAOi/HCXLK+WxnXKCuCybI9cET3L8q5Ub4QXswzz KA74ZQuyGFSQ==
  • Ironport-sdr: n2p3/vyP3iCSioJUGvV2RNH8TzPCAX31ijwnjc5ryiHP6Y1JUg5ep4tpPQDVvugUNPxDiRIQbG 6TBVEzjLTC5Q==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHWRLorqrdGrNJzv0i3WWOReT69qqjdbEMA
  • Thread-topic: [PATCH v1 7/7] x86/vmx: switch IPT MSRs on vmentry/vmexit

> > On Wed, Jun 17, 2020 at 01:54:45PM +0200, Michał Leszczyński wrote:
> >> ----- 17 cze 2020 o 11:09, Roger Pau Monné roger.pau@xxxxxxxxxx napisał(a):
> >>
> >>> 24 Virtual Machine Control Structures -> 24.8 VM-entry Control
> >>> Fields -> 24.8.1 VM-Entry Controls Software should consult the VMX
> capability MSRs IA32_VMX_ENTRY_CTLS to determine how it should set the
> reserved bits.
> >> Please look at bit position 18 "Load IA32_RTIT_CTL".
> > I think this is something different from what I was referring to.
> > Those options you refer to (load/clear IA32_RTIT_CTL) deal with
> > loading/storing a specific field on the vmcs that maps to the guest
> > IA32_RTIT_CTL.
> >
> > OTOH MSR load lists can be used to load and store any arbitrary MSR on
> > vmentry/vmexit, see section 26.4 LOADING MSRS on the SDM. There's
> > already infrastructure on Xen to do so, see vmx_{add/del/find}_msr.
> 
> If I remember the historic roadmaps correctly, there are 3 cases.
> 
> The first hardware to support PT (Broadwell?) prohibited its use completely in
> VMX operations.  In this case, we can use it to trace PV guests iff we don't
> enable VMX in hardware to begin with.
> 
> This was relaxed in later hardware (Skylake?) to permit use within VMX
> operations, but without any help in the VMCS.  (i.e. manual context switching
> per this patch, or MSR load lists as noted in the SDM.)
> 
> Subsequent support for "virtualised PT" was added (IceLake?) which adds the
> load/save controls, and the ability to translate the output buffer under EPT.
> 
> 
> All of this is from memory so I'm quite possibly wrong with details, but I 
> believe
> this is why the current complexity exists.

Yes, It include 3 cases.
1. Before IA32_VMX_MISC[bit 14]:
     Intel PT doesn't support tracing in VMX operation. Execution of the VMXON 
instruction clears IA32_RTIT_CTL.TraceEn and any attempt to write IA32_RTIT_CTL 
in VMX operation causes a general-protection exception (#GP)
2. Support IA32_VMX_MISC[bit 14] but no EPT to direct PT output:
    Intel PT can be enabled across VMX but the address of Intel PT buffer is 
always HPA from HW point of view. There is not VMCS support in this stage. The 
MSR load list can be used for Intel PT context switch(VM-Entry/Exit).
3. Intel PT VM improvements (start from Icelake):
    Add a new guest IA32_RTIT_CTL field in VMCS, and HW treat the PT output 
addresses as GPA and translate them using EPT.

Thanks,
Luwei Kang

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.