|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests
Right now, the host x2APIC setting filters into the PV max and default
policies, yet PV guests cannot set MSR_APIC_BASE.EXTD or access any of the
x2APIC MSR range. Therefore they absolutely shouldn't see the x2APIC bit.
Linux has workarounds for the collateral damage caused by this leakage; it
unconditionally filters out the x2APIC CPUID bit, and EXTD when reading
MSR_APIC_BASE.
Hide the x2APIC bit in the PV default policy, but for compatibility, tolerate
incoming VMs which already saw the bit. This is logic from before the
default/max split in Xen 4.14 which wasn't correctly adjusted at the time.
Update the annotation from !A to !S which slightly better describes that it
doesn't really exist in PV guests. HVM guests, for which x2APIC can be
emulated completely, already has it unconditionally set in the max policy.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
This wants backporting as far as people can tollerate, but it's really not
obvious which commit in 4.14 should be referenced in a Fixes: tag.
---
xen/arch/x86/cpu-policy.c | 19 +++++++++++++++++--
xen/include/public/arch-x86/cpufeatureset.h | 2 +-
2 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c
index 10079c26ae24..a0205672428d 100644
--- a/xen/arch/x86/cpu-policy.c
+++ b/xen/arch/x86/cpu-policy.c
@@ -534,6 +534,14 @@ static void __init calculate_pv_max_policy(void)
*p = host_cpu_policy;
x86_cpu_policy_to_featureset(p, fs);
+ /*
+ * Xen at the time of writing (Feb 2024, 4.19 dev cycle) used to leak the
+ * host x2APIC capability into PV guests, but never supported the guest
+ * trying to turn x2APIC mode on. Tolerate an incoming VM which saw the
+ * x2APIC CPUID bit.
+ */
+ __set_bit(X86_FEATURE_X2APIC, fs);
+
for ( i = 0; i < ARRAY_SIZE(fs); ++i )
fs[i] &= pv_max_featuremask[i];
@@ -566,6 +574,14 @@ static void __init calculate_pv_def_policy(void)
*p = pv_max_cpu_policy;
x86_cpu_policy_to_featureset(p, fs);
+ /*
+ * PV guests have never been able to use x2APIC mode, but at the time of
+ * writing (Feb 2024, 4.19 dev cycle), the host value used to leak into
+ * guests. Hide it by default so new guests don't get mislead into
+ * thinking that they can use x2APIC.
+ */
+ __clear_bit(X86_FEATURE_X2APIC, fs);
+
for ( i = 0; i < ARRAY_SIZE(fs); ++i )
fs[i] &= pv_def_featuremask[i];
@@ -830,11 +846,10 @@ void recalculate_cpuid_policy(struct domain *d)
}
/*
- * Allow the toolstack to set HTT, X2APIC and CMP_LEGACY. These bits
+ * Allow the toolstack to set HTT and CMP_LEGACY. These bits
* affect how to interpret topology information in other cpuid leaves.
*/
__set_bit(X86_FEATURE_HTT, max_fs);
- __set_bit(X86_FEATURE_X2APIC, max_fs);
__set_bit(X86_FEATURE_CMP_LEGACY, max_fs);
/*
diff --git a/xen/include/public/arch-x86/cpufeatureset.h
b/xen/include/public/arch-x86/cpufeatureset.h
index be5c1b748e27..b230d3a6907d 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -123,7 +123,7 @@ XEN_CPUFEATURE(PCID, 1*32+17) /*H Process Context
ID */
XEN_CPUFEATURE(DCA, 1*32+18) /* Direct Cache Access */
XEN_CPUFEATURE(SSE4_1, 1*32+19) /*A Streaming SIMD Extensions 4.1 */
XEN_CPUFEATURE(SSE4_2, 1*32+20) /*A Streaming SIMD Extensions 4.2 */
-XEN_CPUFEATURE(X2APIC, 1*32+21) /*!A Extended xAPIC */
+XEN_CPUFEATURE(X2APIC, 1*32+21) /*!S Extended xAPIC */
XEN_CPUFEATURE(MOVBE, 1*32+22) /*A movbe instruction */
XEN_CPUFEATURE(POPCNT, 1*32+23) /*A POPCNT instruction */
XEN_CPUFEATURE(TSC_DEADLINE, 1*32+24) /*S TSC Deadline Timer */
--
2.30.2
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |