[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v9 04/10] x86/cpu-policy: re-arrange no-VMX logic

  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 7 Apr 2026 22:58:39 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5SMKV+6V9fPJ9bAtiqyRcGIZ00A5uaU7r1e265hdtEE=; b=OH3+eLsWTgjihbE+dRDqZ4rtWaLk67ZWR0cdjVQVlc+eKLxEb0ZMS1pgkIWd/Frj/CnvlbhMxBPfSoEG9slcp2YaJ+N978IDbK9TQLTyCpx6fL8pnXaMaolevZYBlrsemtYaM/SgRQsWOXEFb3gPErqNO18m9SdFrsJ5suuGTKuh3g+gx88hyu0FxH18L2VvMpYnOyH1mx/epK1N9iK+UaAX8vxvz0nS9IqHxr3uMj6tr6bB/wKpVqY5DpvO3qyOJPOoS1Pn2caax0OVScpFtogNIvC3DRW/RuvraSwMhKNvv7HgQscTec/voqj1823Zy37qRpEsAFmtTJ3vtcmQzg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oOiFAQet+oKmMXnXw+pRxN04AnJzwnTzApIer3Qbwbuo1SwvHRImVuT5bjRz/zR3RAY14j6tzhPSIJqUqxoc6BF2PjT6FTdA4Ud3gaEumApix9XSmpWuih3jXJcrMBxKrKu+T12v4P0uXfMqY9giPVfnj1U3H/r7sIcXXc+HfKvg5s63AMkUhQH5pxhiI6cJgqD+nwk0Y/p/jscbw6893Y3q63aPQl6i/tBQ3PvL6lIp7kZBLPvHwOWz+vBW0HB97iIe2+NayYPe2M7aIR+kBE9QQDfZRjxRw/SsPcnXlNwucwD6nKmMSoRaGuq4oTE5oYLIjqbu++4DyIpgcOkg1A==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 07 Apr 2026 21:59:04 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 24/11/2025 2:59 pm, Jan Beulich wrote:
> Move the PKS check into an "else" for the corresponding "if()", such
> that further adjustments (like for USER_MSR) can easily be put there as
> well.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> v5: Re-base.
> v4: New.
>
> --- a/xen/arch/x86/cpu-policy.c
> +++ b/xen/arch/x86/cpu-policy.c
> @@ -812,19 +812,20 @@ static void __init calculate_hvm_max_pol
>          if ( !cpu_has_vmx_xsaves )
>              __clear_bit(X86_FEATURE_XSAVES, fs);
>      }
> +    else
> +    {
> +        /*
> +         * Xen doesn't use PKS, so the guest support for it has opted to not 
> use
> +         * the VMCS load/save controls for efficiency reasons.  This depends 
> on
> +         * the exact vmentry/exit behaviour, so don't expose PKS in other
> +         * situations until someone has cross-checked the behaviour for 
> safety.
> +         */
> +        __clear_bit(X86_FEATURE_PKS, fs);
> +    }
>  
>      if ( !cpu_has_vmx_msrlist )
>          __clear_bit(X86_FEATURE_MSRLIST, fs);
>  
> -    /*
> -     * Xen doesn't use PKS, so the guest support for it has opted to not use
> -     * the VMCS load/save controls for efficiency reasons.  This depends on
> -     * the exact vmentry/exit behaviour, so don't expose PKS in other
> -     * situations until someone has cross-checked the behaviour for safety.
> -     */
> -    if ( !cpu_has_vmx )
> -        __clear_bit(X86_FEATURE_PKS, fs);
> -
>      /* 
>       * Make adjustments to possible (nested) virtualization features exposed
>       * to the guest
>

These clauses aren't logically doing the same thing.  So while the
compiler can merge them, I don't think it's a good idea to do so at a
source level.

The "if ( vmx ) " block we can just see the end of is for features which
need to cross-check extra VMX capabilities.  Each of RDTSCP, INVPCID and
XSAVES are #UD unless explicitly enabled.  MPX is the odd-one out,
checking the load/save capabilities.

I suspect this list is incomplete.  These cross-checks shouldn't fail on
real hardware, where the VMX capabilities should match the native
features, but nested virt is rife with enumeration bugs here.

The second "if ( !vmx )" clause is different.  This is really "I wired
up PKS based on how Intel works, and if AMD ever gains it it will
definitely need context switching changes to work".  This is in lieu of
having dedicated Intel/AMD annotations for features.

The MSRLIST addition from the prior patch is arguably misplaced, except
it's trying to cover both of the aspects.


AMD are making no obvious moves to add PKS, and I expect MSRLIST is even
lower down their priority list.

Overall, we need checks here for every guest-visible feature which:
* has VMCS/VMCB controls which are enumerated separately
* needs new context switching considerations

Maybe the "if ( !vmx )" shouldn't really be written this way.  I'm open
to suggestions, but making it an else block isn't a solution.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.