From: Zhang Yi <yi.z.zhang@linux.intel.com>
To: xen-devel@lists.xenproject.org
Cc: kevin.tian@intel.com, tamas@tklengyel.com, wei.liu2@citrix.com,
jun.nakajima@intel.com, rcojocaru@bitdefender.com,
george.dunlap@eu.citrix.com, andrew.cooper3@citrix.com,
ian.jackson@eu.citrix.com,
Zhang Yi Z <yi.z.zhang@linux.intel.com>,
jbeulich@suse.com
Subject: [PATCH RFC 02/14] xen: vmx: Added VMX SPP feature flags and VM-Execution Controls.
Date: Thu, 19 Oct 2017 16:08:46 +0800 [thread overview]
Message-ID: <1e940d889ab9594ddbabd41a02bb743aa8ad9a03.1508397860.git.yi.z.zhang@linux.intel.com> (raw)
In-Reply-To: <cover.1508397860.git.yi.z.zhang@linux.intel.com>
From: Zhang Yi Z <yi.z.zhang@linux.intel.com>
Add new secondary processor-based VM-execution control bit which
defined as "sub-page write permission", VMX Procbased MSR -
MSR_IA32_VMX_EXIT_CTLS bit 23 is the capability bit of SPP.
And VMX_SECONDARY_EXEC_CONTROL bit 23 is the enable bit of SPP.
Also we introduced a spp_enable parameter to control the
SPP is ON/OFF, Set the default is OFF as we are on the
way of enabling. we can add spp_enable=1 Xen boot cmdline
to enable Xen SPP.
Now SPP is active when the "Sub-page Write Protection"
in Secondary VM-Execution Control is set and enable the Xen
parameter by "spp_enable=1".
Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
---
xen/arch/x86/hvm/vmx/vmcs.c | 14 ++++++++++++++
xen/include/asm-x86/hvm/vmx/vmcs.h | 3 +++
2 files changed, 17 insertions(+)
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 8103b20..bee5d74 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -50,6 +50,9 @@ boolean_param("unrestricted_guest", opt_unrestricted_guest_enabled);
static bool_t __read_mostly opt_apicv_enabled = 1;
boolean_param("apicv", opt_apicv_enabled);
+static bool_t __read_mostly opt_spp_enabled = 0;
+boolean_param("spp_enable", opt_spp_enabled);
+
/*
* These two parameters are used to config the controls for Pause-Loop Exiting:
* ple_gap: upper bound on the amount of time between two successive
@@ -138,6 +141,7 @@ static void __init vmx_display_features(void)
P(cpu_has_vmx_virt_exceptions, "Virtualisation Exceptions");
P(cpu_has_vmx_pml, "Page Modification Logging");
P(cpu_has_vmx_tsc_scaling, "TSC Scaling");
+ P(cpu_has_vmx_ept_spp, "EPT Sub-page Write Protection");
#undef P
if ( !printed )
@@ -243,6 +247,8 @@ static int vmx_init_vmcs_config(void)
opt |= SECONDARY_EXEC_UNRESTRICTED_GUEST;
if ( opt_pml_enabled )
opt |= SECONDARY_EXEC_ENABLE_PML;
+ if ( opt_spp_enabled )
+ opt |= SECONDARY_EXEC_ENABLE_SPP;
/*
* "APIC Register Virtualization" and "Virtual Interrupt Delivery"
@@ -336,6 +342,14 @@ static int vmx_init_vmcs_config(void)
_vmx_secondary_exec_control &= ~ SECONDARY_EXEC_PAUSE_LOOP_EXITING;
}
+ /* SPP cannot be supported if EPT is not used */
+ if ( !(_vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) )
+ _vmx_secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_SPP;
+
+ /* Turn off opt_spp_enabled if SPP feature is not present */
+ if ( !(_vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_SPP) )
+ opt_spp_enabled = 0;
+
min = VM_EXIT_ACK_INTR_ON_EXIT;
opt = VM_EXIT_SAVE_GUEST_PAT | VM_EXIT_LOAD_HOST_PAT |
VM_EXIT_CLEAR_BNDCFGS;
diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h
index e3cdfdf..139f590 100644
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -235,6 +235,7 @@ extern u32 vmx_vmentry_control;
#define SECONDARY_EXEC_ENABLE_PML 0x00020000
#define SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS 0x00040000
#define SECONDARY_EXEC_XSAVES 0x00100000
+#define SECONDARY_EXEC_ENABLE_SPP 0x00800000
#define SECONDARY_EXEC_TSC_SCALING 0x02000000
extern u32 vmx_secondary_exec_control;
@@ -312,6 +313,8 @@ extern u64 vmx_ept_vpid_cap;
(vmx_secondary_exec_control & SECONDARY_EXEC_XSAVES)
#define cpu_has_vmx_tsc_scaling \
(vmx_secondary_exec_control & SECONDARY_EXEC_TSC_SCALING)
+#define cpu_has_vmx_ept_spp \
+ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_SPP)
#define VMCS_RID_TYPE_MASK 0x80000000
--
2.7.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-10-19 8:08 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-19 8:04 [PATCH RFC 00/14] Intel EPT-Based Sub-page Write Protection Support Zhang Yi
2017-10-19 8:08 ` [PATCH RFC 01/14] xen: vmx: Added EPT based Subpage Write Protection Doc Zhang Yi
2017-10-19 8:08 ` Zhang Yi [this message]
2017-10-19 8:09 ` [PATCH RFC 03/14] xen: vmx: Introduce the SPPTP and SPP page table Zhang Yi
2017-10-19 8:10 ` [PATCH RFC 04/14] xen: vmx: Introduce SPP-Induced vm exit and it's handle Zhang Yi
2017-10-19 8:11 ` [PATCH RFC 05/14] xen: vmx: Disable the 2M/1G superpage when SPP enabled Zhang Yi
2017-10-19 18:17 ` Tamas K Lengyel
2017-10-20 8:44 ` Yi Zhang
2017-10-24 17:43 ` Tamas K Lengyel
2017-10-25 15:32 ` Yi Zhang
2017-10-25 15:12 ` Tamas K Lengyel
2017-10-19 8:11 ` [PATCH RFC 06/14] xen: vmx: Added SPP flags in EPT leaf entry Zhang Yi
2017-10-19 8:12 ` [PATCH RFC 07/14] xen: vmx: Update the EPT leaf entry indicated with the SPP enable bit Zhang Yi
2017-10-19 8:12 ` [PATCH RFC 08/14] xen: vmx: Added setup spp page structure Zhang Yi
2017-10-19 18:26 ` Tamas K Lengyel
2017-10-20 8:43 ` Yi Zhang
2017-10-19 8:13 ` [PATCH RFC 09/14] xen: vmx: Introduce a Hyper call to set subpage Zhang Yi
2017-10-19 18:34 ` Tamas K Lengyel
2017-10-20 8:41 ` Yi Zhang
2017-10-19 8:13 ` [PATCH RFC 10/14] xen: vmx: Implement the Hypercall p2m_set_subpage Zhang Yi
2017-10-19 8:14 ` [PATCH RFC 11/14] xen: vmx: Added handle of SPP write protection fault Zhang Yi
2017-10-19 8:15 ` [PATCH RFC 12/14] xen: vmx: Support for clear EPT SPP write Protect bit Zhang Yi
2017-10-19 8:15 ` [PATCH RFC 13/14] xen: tools: Introduce the set-subpage into xenctrl Zhang Yi
2017-10-19 8:37 ` Razvan Cojocaru
2017-10-20 8:40 ` Yi Zhang
2017-10-19 8:16 ` [PATCH RFC 14/14] xen: tools: Added xen-subpage tool Zhang Yi
2017-10-19 8:42 ` Razvan Cojocaru
2017-10-20 8:39 ` Yi Zhang
2017-10-19 9:07 ` [PATCH RFC 00/14] Intel EPT-Based Sub-page Write Protection Support Razvan Cojocaru
2017-10-20 8:37 ` Yi Zhang
2017-10-20 8:39 ` Razvan Cojocaru
2017-10-20 8:39 ` Razvan Cojocaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1e940d889ab9594ddbabd41a02bb743aa8ad9a03.1508397860.git.yi.z.zhang@linux.intel.com \
--to=yi.z.zhang@linux.intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=rcojocaru@bitdefender.com \
--cc=tamas@tklengyel.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.