Xen project Mailing List

Re: [PATCH v2 1/2] x86/boot: Clear XD_DISABLE from the early boot path

To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 16 Jun 2023 20:43:14 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tDaYED4IRlGS3YbCLDGiQK3+y0vatorHAbYvkdhSWeM=; b=M7uS2dzkbBdjat5cefhRsTUuUqHrg/Q6xZWj5t+PSewwFmxHVBXGZHRIPlXMN4I3ebZ5tDL8sbosSg/bNU+VDrAquhWWy9NJsRcD6BkCDDCwovyL6yop2Ob7hWWXDULY3gHie8cQ1CgMTcHsvaRoIPKftzROydvv8m4FstxNMGMZJbqkT86YSF188C1JbSTLWk3TrWzGKHRt9qANRgwdhDvTfvs2a3ux+wk9tiNUWlJ6nty7FKwADTgglvWySA2Mi3LL3AiOsu0Y17pq+AM77KWfWn3FXIiKweWGcFE2o28K77iq7VlLq3YKXm4/Zksx/YozsJu9hnQEp8UEExQvJQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pg/navPRWRw1A5GYtim9/yIOjQ6VQit7PMaqA8e//3F1e9Yt42mAbXlwJ0YGhk03Zp0bMWHpIb546zKkKiHb3p2CXZNjyvO/AfXl1Fzikn/r+gk7QLmY9E8HkRlDVuJghVhxTQjhbIzXCDhV3h3KR3JMDz9ib7wh+FXsSYTO0p4HVkb5IQO0c5apZCXkUQngYCLlexdtz/Eymzbqu1IWvu0XlEcQz7iO+FV4thmq/aAkPgCopMm6nETPNJdb0W0nv5VH5kltXT9zVaP5a7ShU01dPhaU3usTBOSafaGI0juu4yIyFEWNdThMt5g5eMmWmsu3yXQKDPKa64pRRrU5cQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Fri, 16 Jun 2023 19:43:35 +0000

Ironport-data: A9a23:GGSD7KBV4DabnBVW/+niw5YqxClBgxIJ4kV8jS/XYbTApD520GZUy 2YXXTjUbPreYGqnKd0gbty08E9S7J+Hm95lQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbCRMs8pvlDs15K6p4G1B4ARlDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw2u17AkVz8 90hIxMjNhucn8WfybaKRbw57igjBJGD0II3nFhFlGmcIdN4BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTI9exuuzW7IA9ZidABNPL8fNCQSNoTtUGfv m/cpEzyAw0ANczZwj2Amp6prraWxn6iCd5KT9VU8NY3o0KpnlIfAydMUACfoNCoi3SPWeBmf hl8Fi0G6PJaGFaQZtD5Uh+xpnKeuVgCUt5UHu89wAqJzbfYpQ2eAwAsXjNHLdArqsIybTgrz UOS2cPkAyR1t7+YQm7b8a2bxRuwMyUIKW4JZQcfUBAIpdLkpekbkRbnXttlVqmvgbXI9SrYx jmLqG0ygusVhMtSj6Gjpwmf3nSru4TDSRMz6kPPRGW54whlZYmjIYu19Vzc6vUGJ4GcJrWcg EU5dwGlxLhmJfmweOalGY3hwJnBCy65DQDh

Ironport-hdrordr: A9a23:z3Kd/Kgfe4ebgyqgOkUg90UlvXBQXh4ji2hC6mlwRA09TyX5ra 2TdZUgpHrJYVMqMk3I9uruBEDtex3hHP1OkOss1NWZPDUO0VHARO1fBOPZqAEIcBeOldK1u5 0AT0B/YueAd2STj6zBkXSF+wBL+qj6zEiq792usEuEVWtRGsVdB58SMHfiLqVxLjM2YqYRJd 6nyedsgSGvQngTZtTTPAh/YwCSz+e78q4PeHQ9dmca1DU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 15/06/2023 4:31 pm, Alejandro Vallejo wrote: > diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S > index 09bebf8635..ce62eae6f3 100644 > --- a/xen/arch/x86/boot/head.S > +++ b/xen/arch/x86/boot/head.S > @@ -142,8 +142,8 @@ efi_platform: > > .section .init.text, "ax", @progbits > > -bad_cpu: > - add $sym_offs(.Lbad_cpu_msg),%esi # Error message > +.Lbad_cpu: > + add $sym_offs(.Lbad_cpu_msg),%esi > jmp .Lget_vtb > not_multiboot: > add $sym_offs(.Lbad_ldr_msg),%esi # Error message > @@ -647,15 +647,59 @@ trampoline_setup: > cpuid > 1: mov %edx, CPUINFO_FEATURE_OFFSET(X86_FEATURE_LM) + > sym_esi(boot_cpu_data) > > - /* Check for NX. Adjust EFER setting if available. */ > + /* Check for availability of long mode. */ > + bt $cpufeat_bit(X86_FEATURE_LM),%edx > + jnc .Lbad_cpu > + > + /* Check for NX */ > bt $cpufeat_bit(X86_FEATURE_NX), %edx > + jc .Lhas_nx_bit This part of the diff is far more legible when rebased over the 0.5/2 patch I've just emailed out. I've got the rebase locally if you want it. Although I'd suggest that this label name be .Lgot_nx. > + > + /* > + * NX appears to be unsupported, but it might be hidden. > + * > + * Intel CPUs (may) implement MSR_IA32_MISC_ENABLE. Among other > + * things this MSR has a bit that artificially hides NX support in > + * CPUID. Xen _really_ wants that feature enabled if present, so we > + * have to determine if (a) the MSR exists and if so (b) clear the > + * bit. > + * > + * For native boots this is perfectly fine because the MSR was > + * introduced before Netburst, which was the first family to > + * provide 64bit support. So we're safe simply accessing it as long > + * as long mode support has already been checked. > + * > + * For the virtualized case the MSR might not be emulated though, > + * so we make sure to do an initial check for NX in order to bypass > + * this MSR read I'd suggest reordering this a bit, and swapping some what for why. How about: --- NX appears to be unsupported, but it might be hidden. The feature is part of the AMD64 spec, but the very first Intel 64bit CPUs lacked the feature, and thereafter there was a firmware knob to disable the feature. Undo the disable if possible. All 64bit Intel CPUs support this MSR. If virtualised, expect the hypervisor to either emulate the MSR or give us NX. --- > + */ > + xor %eax,%eax > + cpuid > + cmpl $X86_VENDOR_INTEL_EBX,%ebx Where possible, spaces after commas and without size suffixes (the l on cmpl here). While not relevant here > + jnz .Lno_nx_bit The "_bit" is still redundant. Simply .Lno_nx will do. > + cmpl $X86_VENDOR_INTEL_EDX,%edx > + jnz .Lno_nx_bit > + cmpl $X86_VENDOR_INTEL_ECX,%ecx > + jnz .Lno_nx_bit > + > + /* Clear the XD_DISABLE bit */ > + movl $MSR_IA32_MISC_ENABLE, %ecx > + rdmsr > + btrl $2, %edx It's unfortunate that we don't have an asm-safe ilog2(). Oh well. > jnc 1f > - orb $EFER_NXE >> 8, 1 + sym_esi(trampoline_efer) > -1: > + wrmsr > + orb $MSR_IA32_MISC_ENABLE_XD_DISABLE >> 32, 4 + > sym_esi(trampoline_misc_enable_off) > > - /* Check for availability of long mode. */ > - bt $cpufeat_bit(X86_FEATURE_LM),%edx > - jnc bad_cpu > +1: /* Check again for NX */ Failing to clear XD_DISABLE wants to go to .Lno_nx, not to re-scan CPUID having done nothing to the MSR. > + mov $0x80000001,%eax > + cpuid > + bt $cpufeat_bit(X86_FEATURE_NX), %edx > + jnc .Lno_nx_bit > + > +.Lhas_nx_bit: > + /* Adjust EFER is NX is present */ "Adjust EFER, given that NX is present". > diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c > index 168cd58f36..46b0cd8dbb 100644 > --- a/xen/arch/x86/cpu/intel.c > +++ b/xen/arch/x86/cpu/intel.c > @@ -305,23 +305,23 @@ static void cf_check early_init_intel(struct > cpuinfo_x86 *c) > c->x86_cache_alignment = 128; > > /* Unmask CPUID levels and NX if masked: */ > - rdmsrl(MSR_IA32_MISC_ENABLE, misc_enable); > - > - disable = misc_enable & (MSR_IA32_MISC_ENABLE_LIMIT_CPUID | > - MSR_IA32_MISC_ENABLE_XD_DISABLE); > - if (disable) { > - wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable & ~disable); > - bootsym(trampoline_misc_enable_off) |= disable; > - bootsym(trampoline_efer) |= EFER_NXE; > - } > + if (rdmsr_safe(MSR_IA32_MISC_ENABLE, misc_enable) == 0) { There's no need to change rdmsrl() to rdmsr_safe(), and not doing so will shrink this diff a lot. The only thing you need to alter the re-enable NX printk(), which probably wants to move ahead of the "if (disable)" and source itself from bootsym(trampoline_misc_enable_off) instead. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.