[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/vmx: Remove IO bitmap from minimal VMX requirements

  • To: Hubert Jasudowicz <hubert.jasudowicz@xxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Fri, 15 Jan 2021 15:44:20 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2bbQhR6YzVwSKrJm+LuxmgY9h6W5Ng6OgoocsaITNrU=; b=BhtfYWBq0tDTxW5tliJHaiPq5aWfjzV4ADUmGNb5yDnS9ZLc86gBYu183/JMk1v3wrfjxEg7gb9f5wqzUncd5O77Sq4DJQAvLFKhMVCvjjaY9AJ9hhGC+qsWegiB6dpRc1cKrwH/wOboaP6a7eC2Vk46iFTWMMpUwltNShrb8huN1b097rhypQppMiq3oU+KVwCIPL05Rg/xTGZAXgyq8M6i4EZGEYzw6a3mUb3zBlzF4WDeU0ehk6tHwMQSbdKVHSuxLRQOijz12HynIrLqbpa7TinHAIh/EUdrga7bdIoAPMWG9D007UQx0zgtT2QApKPtKQ6wAKDKtO6lF7uzug==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bz6TJyeEgJeaQ33w6NUXtnKcJUM7OgjdoSoxonoCXlV9QpbU1WyaqUBhV0iSYx9n4LajLUdDOk7FrfGPrEV3gYbORNN8tRaFEmymqaREW6S8Wevcc4MyhxNVDDCMa9aJ7Fq48zYqqUP/RTMhYE+k2Nuds0KPhbm3YK2KfdlE7V+ypJG1vZkGSELo8eX29nlb+bHxL/FVpxgF/d3U1DXNdIjh4n4ZvtrZ0SeOW6xqemv+NBjSe/L7cX9KxdUCNhr+mv4SyiztPpOl7Hj4qTIHEoOX83UvHFh401XRQdifXVqFJm23z4gFm+lTIwcarZVIA+khOildBh07+U1OjkN+yA==
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Michał Leszczyński <michal.leszczynski@xxxxxxx>
  • Delivery-date: Fri, 15 Jan 2021 14:44:37 +0000
  • Ironport-sdr: Q1SVD+uHkm4e/e/jXYgZEtMutNbqDUUIB9EkytamFYc2lxaewUIsUTXBfpQNyTjha7nS25MvnD oTCG2dvvIcE0Qakyxkk7GSU/daFwaRVzX6xqAdy9bZrKYxNYnl7GQORj+LzF7xF7Nqv6HH5BJQ KhwgZ2By1HErUf2MC3XIYBwO2W35ILVRAADl5uo6yYPFMhMVX4I7TAbkQYGqyreGIChMh2oECR OvH6F0/lT1jN9MH9pUc37wt3+d8xna/+drUBgvEy+eNc6zzO9ztVU3BEMWxPkZRIKalk+OxlTb IuA=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri, Jan 15, 2021 at 03:30:50PM +0100, Hubert Jasudowicz wrote:
> This patch is a result of a downstream bug report[1]. Xen fails to
> create a HVM domain while running under VMware Fusion 12.1.0 on
> a modern Intel Core i9 CPU:
> 
> (XEN) VMX: CPU0 has insufficient CPU-Based Exec Control (b5b9fffe; requires 
> 2299968c)
> (XEN) VMX: failed to initialise.
> 
> It seems that Apple hypervisor API doesn't support this feature[2].
> 
> Move this bit from minimal required features to optional.
> 
> [1] https://github.com/CERT-Polska/drakvuf-sandbox/issues/418
> [2] https://developer.apple.com/documentation/hypervisor/cpu_based_io_bitmaps
> 
> Signed-off-by: Hubert Jasudowicz <hubert.jasudowicz@xxxxxxx>
> ---
>  xen/arch/x86/hvm/vmx/vmcs.c        | 8 +++++---
>  xen/include/asm-x86/hvm/vmx/vmcs.h | 2 ++
>  2 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
> index 164535f8f0..bad4d6e206 100644
> --- a/xen/arch/x86/hvm/vmx/vmcs.c
> +++ b/xen/arch/x86/hvm/vmx/vmcs.c
> @@ -276,10 +276,10 @@ static int vmx_init_vmcs_config(void)
>             CPU_BASED_MONITOR_EXITING |
>             CPU_BASED_MWAIT_EXITING |
>             CPU_BASED_MOV_DR_EXITING |
> -           CPU_BASED_ACTIVATE_IO_BITMAP |
>             CPU_BASED_USE_TSC_OFFSETING |
>             CPU_BASED_RDTSC_EXITING);
>      opt = (CPU_BASED_ACTIVATE_MSR_BITMAP |
> +           CPU_BASED_ACTIVATE_IO_BITMAP |
>             CPU_BASED_TPR_SHADOW |
>             CPU_BASED_MONITOR_TRAP_FLAG |
>             CPU_BASED_ACTIVATE_SECONDARY_CONTROLS);
> @@ -1168,8 +1168,10 @@ static int construct_vmcs(struct vcpu *v)
>      }
>  
>      /* I/O access bitmap. */
> -    __vmwrite(IO_BITMAP_A, __pa(d->arch.hvm.io_bitmap));
> -    __vmwrite(IO_BITMAP_B, __pa(d->arch.hvm.io_bitmap) + PAGE_SIZE);
> +    if ( cpu_has_vmx_io_bitmap ) {
> +        __vmwrite(IO_BITMAP_A, __pa(d->arch.hvm.io_bitmap));
> +        __vmwrite(IO_BITMAP_B, __pa(d->arch.hvm.io_bitmap) + PAGE_SIZE);
> +    }

Maybe I'm missing something, but don't you need to expand
EXIT_REASON_IO_INSTRUCTION in vmx_vmexit_handler when there's no IO
bitmap support so that all the emulation is bypassed and the IO port
access is replayed by Xen?

I think you don't strictly need to modify EXIT_REASON_IO_INSTRUCTION
and can use the existing g2m_ioport_list infrastructure to add the
allowed ports present on the bitmap and prevent them from being
forwarded to the IOREQ server.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.