Xen-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: "Juergen Gross" <jgross@suse.com>, "Wei Liu" <wl@xen.org>,
	"Andrew Cooper" <andrew.cooper3@citrix.com>,
	"Jan Beulich" <JBeulich@suse.com>,
	"Ian Jackson" <Ian.Jackson@citrix.com>,
	"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [Xen-devel] [PATCH v2 00/10] x86/cpuid: Switch to using XEN_DOMCTL_set_cpumsr_policy
Date: Fri, 13 Sep 2019 20:27:49 +0100
Message-ID: <20190913192759.10795-1-andrew.cooper3@citrix.com> (raw)

This is the next part of the Xen/Toolstack CPUID/MSR work.  With most of the
pieces in place, implement XEN_DOMCTL_set_cpumsr_policy to obsolete the
problematic XEN_DOMCTL_set_cpuid.

Key improvements:

  1) The API supports configuring static MSR settings for the domain, a
     capbility which Xen has never had before.
  2) The hypercall supports saying no when the toolstack tries to pass
     problematic data.
  3) The domain builder no longer uses native CPUID instructions for
     constructing guest policies, which is and has always been erroneous
     behaviour.
  4) Vastily reduce the number of hypercalls for typicaly guest construction,
     by not issuing a hypercall per CPUID leaf.

Patch 3 has been posted before, but a long time ago and it has changed
substantially, so I've decided to start the version numbering from fresh.

This series can be found in git from from:
  http://xenbits.xen.org/gitweb/?p=people/andrewcoop/xen.git;a=shortlog;h=refs/heads/xen-cpuid

Large changes from v2:
 * Split several changes out into earlier patches.  Rebase around.
 * Introduce dom0=no-cpuid-faulting to restore previous behaviour.

See individual patches for changes.

Andrew Cooper (10):
  x86/msr: Offer CPUID Faulting to PVH control domains
  libx86: Proactively initialise error pointers
  libx86: Introduce x86_cpu_policies_are_compatible()
  x86/cpuid: Split update_domain_cpuid_info() in half
  x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy
  tools/libxc: Pre-cleanup for xc_cpuid_{set,apply_policy}()
  tools/libxc: Rework xc_cpuid_set() to use {get,set}_cpu_policy()
  tools/libxc: Rework xc_cpuid_apply_policy() to use {get,set}_cpu_policy()
  x86/domctl: Drop XEN_DOMCTL_set_cpuid
  x86/cpuid: Enable CPUID Faulting for PV control domains by default

 docs/misc/xen-command-line.pandoc        |  19 +-
 tools/flask/policy/modules/dom0.te       |   2 +-
 tools/flask/policy/modules/xen.if        |   2 +-
 tools/libxc/include/xenctrl.h            |   7 +-
 tools/libxc/xc_cpuid_x86.c               | 928 +++++++++++--------------------
 tools/tests/cpu-policy/Makefile          |   2 +-
 tools/tests/cpu-policy/test-cpu-policy.c | 115 +++-
 xen/arch/x86/cpu/common.c                |  29 +-
 xen/arch/x86/dom0_build.c                |   2 +
 xen/arch/x86/domctl.c                    | 258 ++++-----
 xen/arch/x86/msr.c                       |   5 +-
 xen/include/asm-x86/setup.h              |   1 +
 xen/include/public/domctl.h              |  29 +-
 xen/include/xen/lib/x86/cpu-policy.h     |  26 +
 xen/include/xen/lib/x86/cpuid.h          |  17 +-
 xen/include/xen/lib/x86/msr.h            |   4 +-
 xen/lib/x86/Makefile                     |   1 +
 xen/lib/x86/cpuid.c                      |   5 +
 xen/lib/x86/msr.c                        |   3 +
 xen/lib/x86/policy.c                     |  54 ++
 xen/xsm/flask/hooks.c                    |   4 +-
 xen/xsm/flask/policy/access_vectors      |   4 +-
 22 files changed, 692 insertions(+), 825 deletions(-)
 create mode 100644 xen/lib/x86/policy.c

-- 
2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

             reply index

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-13 19:27 Andrew Cooper [this message]
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 01/10] x86/msr: Offer CPUID Faulting to PVH control domains Andrew Cooper
2019-09-16 10:53   ` Jan Beulich
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 02/10] libx86: Proactively initialise error pointers Andrew Cooper
     [not found]   ` <527f33ad-3de1-15c7-eb4b-603eaf65f3c5@suse.com>
     [not found]     ` <65f18521-15c5-72a9-29f6-cd5d621e1283@citrix.com>
2019-09-16 15:46       ` Jan Beulich
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 03/10] libx86: Introduce x86_cpu_policies_are_compatible() Andrew Cooper
2019-09-16 10:59   ` Jan Beulich
2019-09-16 15:31     ` Andrew Cooper
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 04/10] x86/cpuid: Split update_domain_cpuid_info() in half Andrew Cooper
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 05/10] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy Andrew Cooper
2019-09-16 11:04   ` Jan Beulich
2019-09-16 15:40     ` Andrew Cooper
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 06/10] tools/libxc: Pre-cleanup for xc_cpuid_{set, apply_policy}() Andrew Cooper
2019-09-16 11:09   ` Jan Beulich
2019-09-16 15:42     ` Andrew Cooper
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 07/10] tools/libxc: Rework xc_cpuid_set() to use {get, set}_cpu_policy() Andrew Cooper
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 08/10] tools/libxc: Rework xc_cpuid_apply_policy() " Andrew Cooper
2019-09-16 11:17   ` Jan Beulich
2019-09-16 13:41     ` Wei Liu
2019-09-16 15:49     ` Andrew Cooper
2019-09-16 16:05       ` Jan Beulich
2019-09-18 16:09   ` Jan Beulich
2019-09-19  8:48     ` Andrew Cooper
2019-09-25 18:11   ` [Xen-devel] [PATCH v3 " Andrew Cooper
2019-09-26  8:04     ` Jan Beulich
2019-09-26 12:25       ` Andrew Cooper
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 09/10] x86/domctl: Drop XEN_DOMCTL_set_cpuid Andrew Cooper
2019-09-13 19:27 ` [Xen-devel] [PATCH v2 10/10] x86/cpuid: Enable CPUID Faulting for PV control domains by default Andrew Cooper
2019-09-16 11:22   ` Jan Beulich
2019-09-16 15:52     ` Andrew Cooper

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190913192759.10795-1-andrew.cooper3@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=Ian.Jackson@citrix.com \
    --cc=JBeulich@suse.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=jgross@suse.com \
    --cc=roger.pau@citrix.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Xen-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/xen-devel/0 xen-devel/git/0.git
	git clone --mirror https://lore.kernel.org/xen-devel/1 xen-devel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 xen-devel xen-devel/ https://lore.kernel.org/xen-devel \
		xen-devel@lists.xenproject.org xen-devel@lists.xen.org xen-devel@archiver.kernel.org
	public-inbox-index xen-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.xenproject.lists.xen-devel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox