[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/5] x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Date: Tue, 21 Nov 2023 17:24:43 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>
Delivery-date: Tue, 21 Nov 2023 16:24:48 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Nov 16, 2023 at 02:31:05PM +0100, Jan Beulich wrote:
> ... or we fail to enable the functionality on the BSP for other reasons.
> The only place where hardware announcing the feature is recorded is the
> raw CPU policy/featureset.
> 
> Inspired by 
> https://lore.kernel.org/all/20230921114940.957141-1-pbonzini@xxxxxxxxxx/.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

> 
> --- a/xen/arch/x86/hvm/svm/svm.c
> +++ b/xen/arch/x86/hvm/svm/svm.c
> @@ -2543,6 +2543,7 @@ const struct hvm_function_table * __init
>  
>      if ( _svm_cpu_up(true) )
>      {
> +        setup_clear_cpu_cap(X86_FEATURE_SVM);
>          printk("SVM: failed to initialise.\n");
>          return NULL;
>      }
> --- a/xen/arch/x86/hvm/vmx/vmcs.c
> +++ b/xen/arch/x86/hvm/vmx/vmcs.c
> @@ -2163,6 +2163,23 @@ int __init vmx_vmcs_init(void)
>  
>      if ( !ret )
>          register_keyhandler('v', vmcs_dump, "dump VT-x VMCSs", 1);
> +    else
> +    {
> +        setup_clear_cpu_cap(X86_FEATURE_VMX);
> +
> +        /*
> +         * _vmx_vcpu_up() may have made it past feature identification.
> +         * Make sure all dependent features are off as well.
> +         */
> +        vmx_basic_msr              = 0;
> +        vmx_pin_based_exec_control = 0;
> +        vmx_cpu_based_exec_control = 0;
> +        vmx_secondary_exec_control = 0;
> +        vmx_vmexit_control         = 0;
> +        vmx_vmentry_control        = 0;
> +        vmx_ept_vpid_cap           = 0;
> +        vmx_vmfunc                 = 0;

Are there really any usages of those variables if VMX is disabled in
CPUID?

Thanks, Roger.

Follow-Ups:
- Re: [PATCH 2/5] x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware
  - From: Jan Beulich

References:
- [PATCH 0/5] x86/HVM: misc tidying
  - From: Jan Beulich
- [PATCH 2/5] x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware
  - From: Jan Beulich

Prev by Date: Re: [RFC PATCH] x86/vlapic: address a violation of MISRA C:2012 Rule 16.2
Next by Date: Re: [PATCH v3 02/14] xen/asm-generic: introduce generic device.h
Previous by thread: [PATCH 2/5] x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware
Next by thread: Re: [PATCH 2/5] x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.