[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/3] x86/boot: Clear XD_DISABLE from the early boot path

  • To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 30 Jun 2023 12:19:45 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ni8Ijeh5JThje52K71syHwLdMWLgxGjQ1kPpbjF+hdI=; b=ierCAGYAq574t0P8MOZ6tbX4/QFv5UHHrS+nqweHnqgCaEak8oixWSpgLzCZrK6iRPgw3iYIJ8V6+AjSmtMESFN4C4OHn5zYNWd1Kl6idbh372jQYEsvs0YwuwLhqD1oKR7Kt4rvlH9+oEWi/+cZ3XLjJH087vwVVeyw13WZCTnRkruoQQfDtMTMTMn3+m4PImit9tqRQKvbFcmhfRLCxk8u+RFXMLwL+CR8RuRiCRne67XxvrDiqfZG/n/HfrXQGa09oWF2XLqbqcveTSENQr7WOS4Ldqhweu17jeKdxSuF5jBc5ku4XMcJekiV2411XHEktpn3jZBbvz9o5DPOrA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CbifWHSW3SgyFc1D6lXN5Smhn2rCp8MHTghYDeqLCyoUZ2yAI1tFs3scn8CcmlXHe+7ytxuhDpPrCZ1cjuRZaNIs3YAEMholwcxSnFh938cRFmpbEOAij8LovMw7dkFtyOwG0fa1iv1SwXqP/29LaqoXbatj9EQM67z4wsH203WLe463HAsiv2GhkEnXcFPS/6JPNTzGj57PzRJHx2djsc1hVdu+h0oaJR8BOUCykjfB0CMs00c6vzJvfNT4B6eZ9ui5zw0EU6oe1fIC7/b4zQ2QfxUXX8U/Au2sLqTjDLsNvziVQYzC49CmiUYQGiKgGXt5eD04ryK37V9YPefpXw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Delivery-date: Fri, 30 Jun 2023 11:22:14 +0000
  • Ironport-data: A9a23:sP6+kaDllQIbmxVW/wriw5YqxClBgxIJ4kV8jS/XYbTApDJzhDFUy mpMUTqCOPbbMzCje4wibYTk9BkE65fdmNBmQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbCRMsspvlDs15K6p4G1D5gRnDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw1KFbAGZA8 sEiITldfBSZoeWXkYqWRbw57igjBJGD0II3nFhFlGmcJ9B5BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTK/exuuzK7IA9ZidABNPL8fNCQSNoTtUGfv m/cpEzyAw0ANczZwj2Amp6prraWxn+mAtNLRdVU8NZOqw2c3XUXNiQOanCmsf+X1RWkY952f hl8Fi0G6PJaGFaQZtD5Uh+xpnKeuVgCUt5UHu89wAqJzbfYpQ2eAwAsXjNHLdArqsIybTgrz UOS2cPkAyR1t7+YQm7b8a2bxQ5eIgAQJG4GICUCEg0M5oC7pJlp10qVCNF+DKSyk9v5Xynqx CyHpzQ/gLNVitMX06K8/hbMhDfESoX1czPZLz7/BgqNhj6Vrqb8D2B0wTA3Ncp9Ebs=
  • Ironport-hdrordr: A9a23:bfhXjKuSB4/GnVQ+PRysD5bc7skCKIAji2hC6mlwRA09TyXGra 2TdaUgvyMc1gx7ZJh5o6H4BEGBKUmslqKdkrNhRYtKPTOW8FdASbsP0WKM+UyGJ8STzI9gPM RbAuND4b/LfD5HZK/BiWHWferIq+P3kpxA8N2uq0uFOjsaDp2IgT0YNi+rVmlNACVWD5swE5 SRouBdoSC7RHgRZsOnQlEYQunqvbTw5d/bSC9DIyRixBiFjDuu5rK/OQOfxA0iXzRGxqpn2X TZkjb++r6ov5iAu1PhPi7onttrcenau5p+7f+3+4gow/LX+0WVjbFaKvO/VfYO0aOSARgR4Z zxSlwbTr9OAjvqDxuISF3WqkPdOX8VmgDf4E7di33vrdHmQnYxDspMgp9CchXf41c9p9050K VQ03mFu5c/N2K8oA3to9LPWh12iEysunwpnfQIg3E3a/pjVJZB6YMY509bC5EGAWbz750mCv BnCIXG6O9Rak7yVQGvgoBD+q3YYp0IJGbzfmES/siOlzRGlnFwyEUVgMQZg3cb7Zo4D51J/f 7NPKhknKxHCpZ+V9M1OM4RBc+sTmDdSxPFN2yfZVzhCaEcInrI75r6+q886u2mcIEBiJEyhJ PCWlVFsnNaQTOZNeSemJlQthzdSmS0WjrgjslY+phio7X5AKHmNCWSIWpe4fdIY89vcfEzd8 zDSK6+WcWTU1cGMbw5rjHDZw==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 29/06/2023 1:17 pm, Alejandro Vallejo wrote:
> Intel CPUs have a bit in MSR_IA32_MISC_ENABLE that may prevent the NX bit
> from being advertised. Clear it unconditionally if we can't find the NX
> feature right away on boot.
>
> The conditions for the MSR being read on early boot are (in this order):
>
> * Long Mode is supported
> * NX isn't advertised
> * The vendor is Intel
>
> The order of checks has been chosen carefully so a virtualized Xen on a
> hypervisor that doesn't emulate that MSR (but supports NX) doesn't triple
> fault trying to access the non-existing MSR.
>
> With that done, we can remove the XD_DISABLE checks in the intel-specific
> init path (as they are already done in early assembly). Keep a printk to
> highlight the fact that NX was forcefully enabled.
>
> Signed-off-by: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>

Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, with two minor
fixes.

> diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
> index 9fbd602ea5..0e02c28f37 100644
> --- a/xen/arch/x86/boot/head.S
> +++ b/xen/arch/x86/boot/head.S
> @@ -652,16 +652,53 @@ trampoline_setup:
>          cpuid
>  1:      mov     %edx, CPUINFO_FEATURE_OFFSET(X86_FEATURE_LM) + 
> sym_esi(boot_cpu_data)
>  
> -        /* Check for NX. Adjust EFER setting if available. */
> -        bt      $cpufeat_bit(X86_FEATURE_NX), %edx
> -        jnc     1f
> -        orb     $EFER_NXE >> 8, 1 + sym_esi(trampoline_efer)
> -1:
> -
>          /* Check for availability of long mode. */
>          bt      $cpufeat_bit(X86_FEATURE_LM),%edx
>          jnc     .Lbad_cpu
>  
> +        /* Check for NX */
> +        bt      $cpufeat_bit(X86_FEATURE_NX), %edx
> +        jc     .Lgot_nx
> +
> +        /*
> +         * NX appears to be unsupported, but it might be hidden.
> +         *
> +         * The feature is part of the AMD64 spec, but the very first Intel
> +         * 64bit CPUs lacked the feature, and thereafter there was a
> +         * firmware knob to disable the feature. Undo the disable if
> +         * possible.
> +         *
> +         * All 64bit Intel CPUs support this MSR. If virtualised, expect
> +         * the hypervisor to either emulate the MSR or give us NX.
> +         */
> +        xor     %eax, %eax
> +        cpuid
> +        cmp     $X86_VENDOR_INTEL_EBX, %ebx
> +        jnz     .Lno_nx
> +        cmp     $X86_VENDOR_INTEL_EDX, %edx
> +        jnz     .Lno_nx
> +        cmp     $X86_VENDOR_INTEL_ECX, %ecx
> +        jnz     .Lno_nx
> +
> +        /* Clear the XD_DISABLE bit */
> +        mov    $MSR_IA32_MISC_ENABLE, %ecx

Parameter indention here.

> diff --git a/xen/arch/x86/include/asm/x86-vendors.h 
> b/xen/arch/x86/include/asm/x86-vendors.h
> index 0a37024cbd..9191da26d7 100644
> --- a/xen/arch/x86/include/asm/x86-vendors.h
> +++ b/xen/arch/x86/include/asm/x86-vendors.h
> @@ -12,9 +12,9 @@
>  #define X86_VENDOR_UNKNOWN 0
>  
>  #define X86_VENDOR_INTEL (1 << 0)
> -#define X86_VENDOR_INTEL_EBX 0x756e6547U /* "GenuineIntel" */
> -#define X86_VENDOR_INTEL_ECX 0x6c65746eU
> -#define X86_VENDOR_INTEL_EDX 0x49656e69U
> +#define X86_VENDOR_INTEL_EBX _AC(0x756e6547, U) /* "GenuineIntel" */
> +#define X86_VENDOR_INTEL_ECX _AC(0x6c65746e, U)
> +#define X86_VENDOR_INTEL_EDX _AC(0x49656e69, U)
>  
>  #define X86_VENDOR_AMD (1 << 1)
>  #define X86_VENDOR_AMD_EBX 0x68747541U /* "AuthenticAMD" */

And all vendors should get equivalent _AC() conversions.

Can fix both on commit.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.