xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "Michał Leszczyński" <michal.leszczynski@cert.pl>,
	Xen-devel <xen-devel@lists.xenproject.org>
Cc: "Wei Liu" <wl@xen.org>, "Kevin Tian" <kevin.tian@intel.com>,
	"Jan Beulich" <jbeulich@suse.com>,
	"Jun Nakajima" <jun.nakajima@intel.com>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [PATCH v1 7/7] x86/vmx: switch IPT MSRs on vmentry/vmexit
Date: Thu, 18 Jun 2020 18:38:15 +0100	[thread overview]
Message-ID: <16148f3e-6c63-6caa-30f6-50a97889284e@citrix.com> (raw)
In-Reply-To: <317430261.8766476.1592321051337.JavaMail.zimbra@cert.pl>

On 16/06/2020 16:24, Michał Leszczyński wrote:
> Enable IPT when entering the VM and disable it on vmexit.
> Register state is persisted using vCPU ipt_state structure.
>
> Signed-off-by: Michal Leszczynski <michal.leszczynski@cert.pl>
> ---
>  xen/arch/x86/hvm/vmx/vmx.c | 26 ++++++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
>
> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
> index 97104c319e..01d9a7b584 100644
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -3698,6 +3698,15 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>      __vmread(GUEST_RSP,    &regs->rsp);
>      __vmread(GUEST_RFLAGS, &regs->rflags);
>  
> +    if ( unlikely(v->arch.hvm.vmx.ipt_state) )
> +    {
> +        wrmsrl(MSR_IA32_RTIT_CTL, 0);
> +        smp_rmb();
> +
> +        rdmsrl(MSR_IA32_RTIT_STATUS, v->arch.hvm.vmx.ipt_state->status);
> +        rdmsrl(MSR_IA32_RTIT_OUTPUT_MASK, v->arch.hvm.vmx.ipt_state->output_mask);
> +    }
> +
>      hvm_invalidate_regs_fields(regs);
>  
>      if ( paging_mode_hap(v->domain) )
> @@ -4497,6 +4506,23 @@ bool vmx_vmenter_helper(const struct cpu_user_regs *regs)
>      }
>  
>   out:
> +    if ( unlikely(curr->arch.hvm.vmx.ipt_state) )
> +    {
> +        wrmsrl(MSR_IA32_RTIT_CTL, 0);
> +
> +        if (curr->arch.hvm.vmx.ipt_state->ctl)
> +        {
> +            wrmsrl(MSR_IA32_RTIT_OUTPUT_BASE, curr->arch.hvm.vmx.ipt_state->output_base);
> +            wrmsrl(MSR_IA32_RTIT_OUTPUT_MASK, curr->arch.hvm.vmx.ipt_state->output_mask);
> +            wrmsrl(MSR_IA32_RTIT_STATUS, curr->arch.hvm.vmx.ipt_state->status);
> +
> +            // MSR_IA32_RTIT_CTL is context-switched manually instead of being
> +            // stored inside VMCS, as of Q2'20 only the most recent processors
> +            // support such field in VMCS
> +            wrmsrl(MSR_IA32_RTIT_CTL, curr->arch.hvm.vmx.ipt_state->ctl);
> +        }
> +    }
> +

Some notes to help with v2.

RTIT_CTL wants managing by MSR load/save list.  See how
vmx_update_guest_efer() manages MSR_EFER for the Gen1 hardware case,
because RTIT_CTL is very similar until we get to IceLake hardware and
have a GUEST_RTIT_CTRL field.

With RTIT_CTL handled by MSR load/save list, we are now certain that
TraceEn is always clear in hypervisor context, so there's no need to
explicitly zero it before playing with other MSRs.


You don't need to save/restore the values in vmentry/exit, because that
is very expensive an unnecessary.  Instead, you can use
vmx_ctxt_switch_{from,to}() which is based on when the vcpu is switched
in/out of context.

Specifically, from your current code, it looks to be safe to leave
RTIT_STATUS/OUTPUT_MASK dirty in hardware across multiple
vmentries/exits while the vcpu is in context.

~Andrew


  parent reply	other threads:[~2020-06-18 17:38 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-16 15:16 [PATCH v1 0/7] Implement support for external IPT monitoring Michał Leszczyński
2020-06-16 15:19 ` [PATCH v1 1/7] x86/vmx: add Intel PT MSR definitions Michał Leszczyński
2020-06-18 13:31   ` Jan Beulich
2020-06-16 15:20 ` [PATCH v1 2/7] x86/vmx: add IPT cpu feature Michał Leszczyński
2020-06-16 16:30   ` Roger Pau Monné
2020-06-17 11:34     ` Jan Beulich
2020-06-16 15:21 ` [PATCH v1 3/7] x86/vmx: add ipt_state as part of vCPU state Michał Leszczyński
2020-06-16 16:33   ` Roger Pau Monné
2020-06-16 15:22 ` [PATCH v1 4/7] x86/vmx: add do_vmtrace_op Michał Leszczyński
2020-06-16 17:23   ` Roger Pau Monné
2020-06-17 19:13     ` Michał Leszczyński
2020-06-18  3:20       ` Tamas K Lengyel
2020-06-18 11:01         ` Michał Leszczyński
2020-06-18 11:55           ` Roger Pau Monné
2020-06-18 12:51             ` Jan Beulich
2020-06-18 13:09               ` Michał Leszczyński
2020-06-18 13:24                 ` Jan Beulich
2020-06-18 13:40                 ` Roger Pau Monné
2020-06-18  8:46       ` Roger Pau Monné
2020-06-18 15:25     ` Michał Leszczyński
2020-06-18 15:39       ` Jan Beulich
2020-06-18 15:47         ` Tamas K Lengyel
2020-06-18 15:49           ` Tamas K Lengyel
2020-06-16 15:22 ` [PATCH v1 5/7] tools/libxc: add xc_ptbuf_* functions Michał Leszczyński
2020-06-16 15:23 ` [PATCH v1 6/7] tools/proctrace: add proctrace tool Michał Leszczyński
2020-06-16 15:24 ` [PATCH v1 7/7] x86/vmx: switch IPT MSRs on vmentry/vmexit Michał Leszczyński
2020-06-16 17:38   ` Roger Pau Monné
2020-06-16 17:47     ` Michał Leszczyński
2020-06-17  9:09       ` Roger Pau Monné
2020-06-17 11:54         ` Michał Leszczyński
2020-06-17 12:51           ` Roger Pau Monné
2020-06-17 15:14             ` Andrew Cooper
2020-06-17 18:56               ` Michał Leszczyński
2020-06-18  8:52                 ` Roger Pau Monné
2020-06-18 11:07                   ` Michał Leszczyński
2020-06-18 11:49                     ` Roger Pau Monné
2020-06-17 23:30               ` Kang, Luwei
2020-06-18 10:02                 ` Andrew Cooper
2020-06-18 17:38   ` Andrew Cooper [this message]
2020-06-16 18:17 ` [PATCH v1 0/7] Implement support for external IPT monitoring Andrew Cooper
2020-06-16 18:47   ` Michał Leszczyński
2020-06-16 20:16     ` Andrew Cooper
2020-06-17  3:02       ` Tamas K Lengyel
2020-06-17 16:19         ` Andrew Cooper
2020-06-17 16:27           ` Tamas K Lengyel
2020-06-17 17:23             ` Andrew Cooper
2020-06-17 19:31               ` Tamas K Lengyel
2020-06-17 19:30             ` Michał Leszczyński
2020-06-17 20:20           ` Michał Leszczyński
2020-06-18  8:25             ` Roger Pau Monné
2020-06-18 14:59           ` Michał Leszczyński
2020-06-17  1:35     ` Tian, Kevin
2020-06-17  6:45       ` Kang, Luwei
2020-06-17  9:21         ` Roger Pau Monné
2020-06-17 12:37           ` Kang, Luwei
2020-06-17 12:53             ` Roger Pau Monné
2020-06-17 23:29               ` Kang, Luwei
2020-06-18  0:56                 ` Michał Leszczyński
2020-06-18  7:00                   ` Roger Pau Monné

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=16148f3e-6c63-6caa-30f6-50a97889284e@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jun.nakajima@intel.com \
    --cc=kevin.tian@intel.com \
    --cc=michal.leszczynski@cert.pl \
    --cc=roger.pau@citrix.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).