From: Ed White <edmund.h.white@intel.com>
To: xen-devel@lists.xen.org
Cc: Ravi Sahita <ravi.sahita@intel.com>,
Wei Liu <wei.liu2@citrix.com>,
Jun Nakajima <jun.nakajima@intel.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
Ed White <edmund.h.white@intel.com>,
Jan Beulich <jbeulich@suse.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
tlengyel@novetta.com, Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [PATCH v7 06/15] VMX/altp2m: add code to support EPTP switching and #VE.
Date: Wed, 22 Jul 2015 16:01:12 -0700 [thread overview]
Message-ID: <1437606081-6964-7-git-send-email-edmund.h.white@intel.com> (raw)
In-Reply-To: <1437606081-6964-1-git-send-email-edmund.h.white@intel.com>
Implement and hook up the code to enable VMX support of VMFUNC and #VE.
VMFUNC leaf 0 (EPTP switching) emulation is added in a later patch.
Signed-off-by: Ed White <edmund.h.white@intel.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jun Nakajima <jun.nakajima@intel.com>
---
Changes since v6:
remove casts around p2midx handling
fix veinfo semaphore initialization
mechanical changes due to patch 5 changes
xen/arch/x86/hvm/vmx/vmx.c | 139 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 139 insertions(+)
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 4f8b0e0..269d160 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -56,6 +56,7 @@
#include <asm/debugger.h>
#include <asm/apic.h>
#include <asm/hvm/nestedhvm.h>
+#include <asm/altp2m.h>
#include <asm/event.h>
#include <asm/monitor.h>
#include <public/arch-x86/cpuid.h>
@@ -1770,6 +1771,105 @@ static bool_t vmx_is_singlestep_supported(void)
return cpu_has_monitor_trap_flag;
}
+static void vmx_vcpu_update_eptp(struct vcpu *v)
+{
+ struct domain *d = v->domain;
+ struct p2m_domain *p2m = NULL;
+ struct ept_data *ept;
+
+ if ( altp2m_active(d) )
+ p2m = p2m_get_altp2m(v);
+ if ( !p2m )
+ p2m = p2m_get_hostp2m(d);
+
+ ept = &p2m->ept;
+ ept->asr = pagetable_get_pfn(p2m_get_pagetable(p2m));
+
+ vmx_vmcs_enter(v);
+
+ __vmwrite(EPT_POINTER, ept_get_eptp(ept));
+
+ if ( v->arch.hvm_vmx.secondary_exec_control &
+ SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS )
+ __vmwrite(EPTP_INDEX, vcpu_altp2m(v).p2midx);
+
+ vmx_vmcs_exit(v);
+}
+
+static void vmx_vcpu_update_vmfunc_ve(struct vcpu *v)
+{
+ struct domain *d = v->domain;
+ u32 mask = SECONDARY_EXEC_ENABLE_VM_FUNCTIONS;
+
+ if ( !cpu_has_vmx_vmfunc )
+ return;
+
+ if ( cpu_has_vmx_virt_exceptions )
+ mask |= SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS;
+
+ vmx_vmcs_enter(v);
+
+ if ( !d->is_dying && altp2m_active(d) )
+ {
+ v->arch.hvm_vmx.secondary_exec_control |= mask;
+ __vmwrite(VM_FUNCTION_CONTROL, VMX_VMFUNC_EPTP_SWITCHING);
+ __vmwrite(EPTP_LIST_ADDR, virt_to_maddr(d->arch.altp2m_eptp));
+
+ if ( cpu_has_vmx_virt_exceptions )
+ {
+ p2m_type_t t;
+ mfn_t mfn;
+
+ mfn = get_gfn_query_unlocked(d, gfn_x(vcpu_altp2m(v).veinfo_gfn), &t);
+
+ if ( mfn_x(mfn) != INVALID_MFN )
+ __vmwrite(VIRT_EXCEPTION_INFO, mfn_x(mfn) << PAGE_SHIFT);
+ else
+ v->arch.hvm_vmx.secondary_exec_control &=
+ ~SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS;
+ }
+ }
+ else
+ v->arch.hvm_vmx.secondary_exec_control &= ~mask;
+
+ __vmwrite(SECONDARY_VM_EXEC_CONTROL,
+ v->arch.hvm_vmx.secondary_exec_control);
+
+ vmx_vmcs_exit(v);
+}
+
+static bool_t vmx_vcpu_emulate_ve(struct vcpu *v)
+{
+ bool_t rc = 0;
+ ve_info_t *veinfo = gfn_x(vcpu_altp2m(v).veinfo_gfn) != INVALID_GFN ?
+ hvm_map_guest_frame_rw(gfn_x(vcpu_altp2m(v).veinfo_gfn), 0) : NULL;
+
+ if ( !veinfo )
+ return 0;
+
+ if ( veinfo->semaphore != 0 )
+ goto out;
+
+ rc = 1;
+
+ veinfo->exit_reason = EXIT_REASON_EPT_VIOLATION;
+ veinfo->semaphore = ~0;
+ veinfo->eptp_index = vcpu_altp2m(v).p2midx;
+
+ vmx_vmcs_enter(v);
+ __vmread(EXIT_QUALIFICATION, &veinfo->exit_qualification);
+ __vmread(GUEST_LINEAR_ADDRESS, &veinfo->gla);
+ __vmread(GUEST_PHYSICAL_ADDRESS, &veinfo->gpa);
+ vmx_vmcs_exit(v);
+
+ hvm_inject_hw_exception(TRAP_virtualisation,
+ HVM_DELIVER_NO_ERROR_CODE);
+
+out:
+ hvm_unmap_guest_frame(veinfo, 0);
+ return rc;
+}
+
static struct hvm_function_table __initdata vmx_function_table = {
.name = "VMX",
.cpu_up_prepare = vmx_cpu_up_prepare,
@@ -1828,6 +1928,9 @@ static struct hvm_function_table __initdata vmx_function_table = {
.hypervisor_cpuid_leaf = vmx_hypervisor_cpuid_leaf,
.enable_msr_exit_interception = vmx_enable_msr_exit_interception,
.is_singlestep_supported = vmx_is_singlestep_supported,
+ .altp2m_vcpu_update_p2m = vmx_vcpu_update_eptp,
+ .altp2m_vcpu_update_vmfunc_ve = vmx_vcpu_update_vmfunc_ve,
+ .altp2m_vcpu_emulate_ve = vmx_vcpu_emulate_ve,
};
const struct hvm_function_table * __init start_vmx(void)
@@ -2769,6 +2872,42 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
/* Now enable interrupts so it's safe to take locks. */
local_irq_enable();
+ /*
+ * If the guest has the ability to switch EPTP without an exit,
+ * figure out whether it has done so and update the altp2m data.
+ */
+ if ( altp2m_active(v->domain) &&
+ (v->arch.hvm_vmx.secondary_exec_control &
+ SECONDARY_EXEC_ENABLE_VM_FUNCTIONS) )
+ {
+ unsigned long idx;
+
+ if ( v->arch.hvm_vmx.secondary_exec_control &
+ SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS )
+ __vmread(EPTP_INDEX, &idx);
+ else
+ {
+ unsigned long eptp;
+
+ __vmread(EPT_POINTER, &eptp);
+
+ if ( (idx = p2m_find_altp2m_by_eptp(v->domain, eptp)) ==
+ INVALID_ALTP2M )
+ {
+ gdprintk(XENLOG_ERR, "EPTP not found in alternate p2m list\n");
+ domain_crash(v->domain);
+ }
+ }
+
+ if ( idx != vcpu_altp2m(v).p2midx )
+ {
+ BUG_ON(idx >= MAX_ALTP2M);
+ atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
+ vcpu_altp2m(v).p2midx = idx;
+ atomic_inc(&p2m_get_altp2m(v)->active_vcpus);
+ }
+ }
+
/* XXX: This looks ugly, but we need a mechanism to ensure
* any pending vmresume has really happened
*/
--
1.9.1
next prev parent reply other threads:[~2015-07-22 23:01 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-22 23:01 [PATCH v7 00/15] Alternate p2m: support multiple copies of host p2m Ed White
2015-07-22 23:01 ` [PATCH v7 01/15] common/domain: Helpers to pause a domain while in context Ed White
2015-07-22 23:01 ` [PATCH v7 02/15] VMX: VMFUNC and #VE definitions and detection Ed White
2015-07-22 23:01 ` [PATCH v7 03/15] VMX: implement suppress #VE Ed White
2015-07-22 23:01 ` [PATCH v7 04/15] x86/HVM: Hardware alternate p2m support detection Ed White
2015-07-22 23:01 ` [PATCH v7 05/15] x86/altp2m: basic data structures and support routines Ed White
2015-07-23 9:22 ` Jan Beulich
2015-07-23 14:36 ` Sahita, Ravi
2015-07-23 14:53 ` Jan Beulich
2015-07-23 15:00 ` Sahita, Ravi
2015-07-22 23:01 ` Ed White [this message]
2015-07-23 9:43 ` [PATCH v7 06/15] VMX/altp2m: add code to support EPTP switching and #VE Jan Beulich
2015-07-23 14:40 ` Sahita, Ravi
2015-07-23 15:00 ` Jan Beulich
2015-07-23 15:02 ` Sahita, Ravi
2015-07-22 23:01 ` [PATCH v7 07/15] VMX: add VMFUNC leaf 0 (EPTP switching) to emulator Ed White
2015-07-22 23:01 ` [PATCH v7 08/15] x86/altp2m: add control of suppress_ve Ed White
2015-07-22 23:01 ` [PATCH v7 09/15] x86/altp2m: alternate p2m memory events Ed White
2015-07-22 23:01 ` [PATCH v7 10/15] x86/altp2m: add remaining support routines Ed White
2015-07-23 10:05 ` Jan Beulich
2015-07-23 14:51 ` Sahita, Ravi
2015-07-23 15:02 ` Jan Beulich
2015-07-23 16:08 ` George Dunlap
2015-07-23 16:15 ` Jan Beulich
2015-07-23 16:50 ` Sahita, Ravi
2015-07-23 19:10 ` George Dunlap
2015-07-22 23:01 ` [PATCH v7 11/15] x86/altp2m: define and implement alternate p2m HVMOP types Ed White
2015-07-23 10:22 ` Jan Beulich
2015-07-23 14:56 ` Sahita, Ravi
2015-07-23 15:08 ` Jan Beulich
2015-07-23 15:16 ` Sahita, Ravi
2015-07-22 23:01 ` [PATCH v7 12/15] x86/altp2m: Add altp2mhvm HVM domain parameter Ed White
2015-07-22 23:01 ` [PATCH v7 13/15] x86/altp2m: XSM hooks for altp2m HVM ops Ed White
2015-07-23 16:08 ` Jan Beulich
2015-07-23 16:56 ` Sahita, Ravi
2015-07-24 7:49 ` Jan Beulich
2015-07-22 23:01 ` [PATCH v7 14/15] tools/libxc: add support to altp2m hvmops Ed White
2015-07-22 23:01 ` [PATCH v7 15/15] tools/xen-access: altp2m testcases Ed White
2015-07-23 17:12 ` [PATCH v7 00/15] Alternate p2m: support multiple copies of host p2m Wei Liu
2015-07-23 19:11 ` George Dunlap
2015-07-24 9:56 ` Wei Liu
2015-07-24 16:06 ` Sahita, Ravi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1437606081-6964-7-git-send-email-edmund.h.white@intel.com \
--to=edmund.h.white@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=ravi.sahita@intel.com \
--cc=tim@xen.org \
--cc=tlengyel@novetta.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).