From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: xen-devel@lists.xenproject.org
Cc: iwj@xenproject.org, wl@xen.org, anthony.perard@citrix.com,
jbeulich@suse.com, andrew.cooper3@citrix.com,
roger.pau@citrix.com, jun.nakajima@intel.com,
kevin.tian@intel.com, boris.ostrovsky@oracle.com
Subject: [PATCH v2 4/4] tools/libs: Apply MSR policy to a guest
Date: Wed, 20 Jan 2021 17:49:12 -0500 [thread overview]
Message-ID: <1611182952-9941-5-git-send-email-boris.ostrovsky@oracle.com> (raw)
In-Reply-To: <1611182952-9941-1-git-send-email-boris.ostrovsky@oracle.com>
When creating a guest, if ignore_msrs option has been specified,
apply it to guest's MSR policy.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
---
tools/include/xenctrl.h | 2 +
tools/libs/guest/Makefile | 1 +
tools/libs/guest/xg_msrs_x86.c | 110 ++++++++++++++++++++++++++++++++++++++
tools/libs/light/libxl_dom.c | 5 +-
tools/libs/light/libxl_internal.h | 2 +
tools/libs/light/libxl_x86.c | 7 +++
6 files changed, 125 insertions(+), 2 deletions(-)
create mode 100644 tools/libs/guest/xg_msrs_x86.c
diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
index 3796425e1eca..1d6a38e73dcf 100644
--- a/tools/include/xenctrl.h
+++ b/tools/include/xenctrl.h
@@ -1835,6 +1835,8 @@ int xc_cpuid_apply_policy(xc_interface *xch,
const uint32_t *featureset,
unsigned int nr_features, bool pae, bool itsc,
bool nested_virt, const struct xc_xend_cpuid *xend);
+int xc_msr_apply_policy(xc_interface *xch, uint32_t domid,
+ unsigned int ignore_msr);
int xc_mca_op(xc_interface *xch, struct xen_mc *mc);
int xc_mca_op_inject_v2(xc_interface *xch, unsigned int flags,
xc_cpumap_t cpumap, unsigned int nr_cpus);
diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile
index 1c729040b337..452155ea0385 100644
--- a/tools/libs/guest/Makefile
+++ b/tools/libs/guest/Makefile
@@ -56,6 +56,7 @@ SRCS-y += xg_dom_compat_linux.c
SRCS-$(CONFIG_X86) += xg_dom_x86.c
SRCS-$(CONFIG_X86) += xg_cpuid_x86.c
+SRCS-$(CONFIG_X86) += xg_msrs_x86.c
SRCS-$(CONFIG_ARM) += xg_dom_arm.c
ifeq ($(CONFIG_LIBXC_MINIOS),y)
diff --git a/tools/libs/guest/xg_msrs_x86.c b/tools/libs/guest/xg_msrs_x86.c
new file mode 100644
index 000000000000..464ce9292ad8
--- /dev/null
+++ b/tools/libs/guest/xg_msrs_x86.c
@@ -0,0 +1,110 @@
+/******************************************************************************
+ * xc_msrs_x86.c
+ *
+ * Update MSR policy of a domain.
+ *
+ * Copyright (c) 2021, Oracle and/or its affiliates.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "xc_private.h"
+#include "xen/lib/x86/msr.h"
+
+
+
+int xc_msr_apply_policy(xc_interface *xch, uint32_t domid, unsigned int ignore_msr)
+{
+ int rc;
+ unsigned int nr_leaves, nr_msrs;
+ xen_msr_entry_t *msrs = NULL;
+ struct msr_policy *p = NULL;
+ xc_dominfo_t di;
+ unsigned int err_leaf, err_subleaf, err_msr;
+
+ if ( xc_domain_getinfo(xch, domid, 1, &di) != 1 ||
+ di.domid != domid )
+ {
+ ERROR("Failed to obtain d%d info", domid);
+ rc = -ESRCH;
+ goto out;
+ }
+
+ rc = xc_get_cpu_policy_size(xch, &nr_leaves, &nr_msrs);
+ if ( rc )
+ {
+ PERROR("Failed to obtain policy info size");
+ rc = -errno;
+ goto out;
+ }
+
+ rc = -ENOMEM;
+ if ( (msrs = calloc(nr_msrs, sizeof(*msrs))) == NULL ||
+ (p = calloc(1, sizeof(*p))) == NULL )
+ goto out;
+
+ /* Get the domain's default policy. */
+ nr_leaves = 0;
+ rc = xc_get_system_cpu_policy(xch, di.hvm ? XEN_SYSCTL_cpu_policy_hvm_default
+ : XEN_SYSCTL_cpu_policy_pv_default,
+ &nr_leaves, NULL, &nr_msrs, msrs);
+ if ( rc )
+ {
+ PERROR("Failed to obtain %s default policy", di.hvm ? "hvm" : "pv");
+ rc = -errno;
+ goto out;
+ }
+
+ rc = x86_msr_copy_from_buffer(p, msrs, nr_msrs, &err_msr);
+ if ( rc )
+ {
+ ERROR("Failed to deserialise MSR (err msr %#x) (%d = %s)",
+ err_msr, -rc, strerror(-rc));
+ goto out;
+ }
+
+ p->ignore_msrs = ignore_msr;
+
+ rc = x86_msr_copy_to_buffer(p, msrs, &nr_msrs);
+ if ( rc )
+ {
+ ERROR("Failed to serialise MSR (%d = %s)", -rc, strerror(-rc));
+ goto out;
+ }
+
+ nr_leaves = 0;
+ rc = xc_set_domain_cpu_policy(xch, domid, nr_leaves, NULL, nr_msrs, msrs,
+ &err_leaf, &err_subleaf, &err_msr);
+ if ( rc )
+ {
+ PERROR("Failed to set d%d's MSR policy (err leaf %#x, subleaf %#x, msr %#x)",
+ domid, err_leaf, err_subleaf, err_msr);
+ rc = -errno;
+ }
+
+out:
+ free(msrs);
+ free(p);
+
+ return rc;
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
+
diff --git a/tools/libs/light/libxl_dom.c b/tools/libs/light/libxl_dom.c
index 19168572fd3e..1f2abf6679d7 100644
--- a/tools/libs/light/libxl_dom.c
+++ b/tools/libs/light/libxl_dom.c
@@ -383,9 +383,10 @@ int libxl__build_pre(libxl__gc *gc, uint32_t domid,
/* Construct a CPUID policy, but only for brand new domains. Domains
* being migrated-in/restored have CPUID handled during the
* static_data_done() callback. */
- if (!state->restore)
+ if (!state->restore) {
libxl__cpuid_legacy(ctx, domid, false, info);
-
+ libxl__msr_policy(ctx, domid, info);
+ }
return rc;
}
diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h
index c79523ba9248..4f369e6a6f14 100644
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -2054,6 +2054,8 @@ _hidden char *libxl__object_to_json(libxl_ctx *ctx, const char *type,
_hidden void libxl__cpuid_legacy(libxl_ctx *ctx, uint32_t domid, bool retore,
libxl_domain_build_info *info);
+_hidden void libxl__msr_policy(libxl_ctx *ctx, uint32_t domid,
+ libxl_domain_build_info *info);
/* Calls poll() again - useful to check whether a signaled condition
* is still true. Cannot fail. Returns currently-true revents. */
diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c
index 86d272999d67..92ec1da77139 100644
--- a/tools/libs/light/libxl_x86.c
+++ b/tools/libs/light/libxl_x86.c
@@ -1,5 +1,6 @@
#include "libxl_internal.h"
#include "libxl_arch.h"
+#include "xen/lib/x86/msr.h"
int libxl__arch_domain_prepare_config(libxl__gc *gc,
libxl_domain_config *d_config,
@@ -838,6 +839,12 @@ int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc,
return rc;
}
+void libxl__msr_policy(libxl_ctx *ctx, uint32_t domid,
+ libxl_domain_build_info *info)
+{
+ if (info->ignore_msrs != LIBXL_IGNORE_MSRS_NEVER)
+ xc_msr_apply_policy(ctx->xch, domid, info->ignore_msrs);
+}
/*
* Local variables:
--
1.8.3.1
next prev parent reply other threads:[~2021-01-20 22:49 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-20 22:49 [PATCH v2 0/4] Permit fault-less access to non-emulated MSRs Boris Ostrovsky
2021-01-20 22:49 ` [PATCH v2 1/4] xl: Add support for ignore_msrs option Boris Ostrovsky
2021-01-21 14:56 ` Wei Liu
2021-01-21 22:43 ` Boris Ostrovsky
2021-01-22 9:52 ` Julien Grall
2021-01-22 18:28 ` Boris Ostrovsky
2021-01-22 18:33 ` Julien Grall
2021-01-22 18:39 ` Boris Ostrovsky
2021-01-22 20:42 ` Julien Grall
2021-02-18 10:42 ` Roger Pau Monné
2021-02-18 11:54 ` Jan Beulich
2021-02-18 15:52 ` Roger Pau Monné
2021-02-18 15:57 ` Jan Beulich
2021-02-19 14:50 ` Boris Ostrovsky
2021-02-22 10:24 ` Roger Pau Monné
2021-02-22 10:33 ` Jan Beulich
2021-01-20 22:49 ` [PATCH v2 2/4] x86: Introduce MSR_UNHANDLED Boris Ostrovsky
2021-01-22 11:51 ` Jan Beulich
2021-01-22 18:56 ` Boris Ostrovsky
2021-02-02 17:01 ` Boris Ostrovsky
2021-02-18 10:51 ` Roger Pau Monné
2021-02-19 14:56 ` Boris Ostrovsky
2021-02-22 11:08 ` Roger Pau Monné
2021-02-22 21:19 ` Boris Ostrovsky
2021-02-23 7:57 ` Jan Beulich
2021-02-23 9:34 ` Roger Pau Monné
2021-02-23 10:15 ` Jan Beulich
2021-02-23 12:17 ` Roger Pau Monné
2021-02-23 13:23 ` Jan Beulich
2021-02-23 15:39 ` Boris Ostrovsky
2021-02-23 16:10 ` Jan Beulich
2021-02-23 18:00 ` Roger Pau Monné
2021-02-23 16:11 ` Roger Pau Monné
2021-02-23 16:40 ` Boris Ostrovsky
2021-02-23 18:02 ` Roger Pau Monné
2021-02-23 18:45 ` Boris Ostrovsky
2021-01-20 22:49 ` [PATCH v2 3/4] x86: Allow non-faulting accesses to non-emulated MSRs if policy permits this Boris Ostrovsky
2021-01-22 12:51 ` Jan Beulich
2021-01-22 19:52 ` Boris Ostrovsky
2021-01-25 10:22 ` Jan Beulich
2021-01-25 18:42 ` Boris Ostrovsky
2021-01-26 9:05 ` Jan Beulich
2021-01-26 16:02 ` Boris Ostrovsky
2021-01-26 16:35 ` Jan Beulich
2021-02-18 11:24 ` Roger Pau Monné
2021-02-18 11:57 ` Jan Beulich
2021-02-18 15:53 ` Roger Pau Monné
2021-01-20 22:49 ` Boris Ostrovsky [this message]
2021-01-21 14:58 ` [PATCH v2 4/4] tools/libs: Apply MSR policy to a guest Wei Liu
2021-01-22 9:56 ` Julien Grall
2021-01-22 18:35 ` Boris Ostrovsky
2021-02-18 11:48 ` Roger Pau Monné
2021-02-19 14:57 ` Boris Ostrovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1611182952-9941-5-git-send-email-boris.ostrovsky@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@citrix.com \
--cc=iwj@xenproject.org \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).