WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH 11/18] Nested Virtualization: cpuid

To: Christoph Egger <Christoph.Egger@xxxxxxx>
Subject: Re: [Xen-devel] [PATCH 11/18] Nested Virtualization: cpuid
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Fri, 16 Apr 2010 15:33:11 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sun, 18 Apr 2010 08:57:43 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <201004161513.16116.Christoph.Egger@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <201004151435.50232.Christoph.Egger@xxxxxxx> <20100416130047.GH31304@xxxxxxxxxxxxxxxxxxxxxxx> <201004161513.16116.Christoph.Egger@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)
At 14:13 +0100 on 16 Apr (1271427195), Christoph Egger wrote:
> On Friday 16 April 2010 15:00:47 Tim Deegan wrote:
> > Content-Description: xen_nh11_cpuid.diff
> >
> > > # HG changeset patch
> > > # User cegger
> > > # Date 1271330304 -7200
> > > Pass cpuid feature bits to guest
> > >
> > > diff -r e905f1d81e63 -r 01758c6195f4 xen/arch/x86/hvm/hvm.c
> > > --- a/xen/arch/x86/hvm/hvm.c
> > > +++ b/xen/arch/x86/hvm/hvm.c
> > > @@ -1970,12 +1970,38 @@ void hvm_cpuid(unsigned int input, unsig
> > >              }
> > >          }
> > >          break;
> > > +    case 0x80000000:
> > > +        if ( !nestedhvm_enabled(v->domain) )
> > > +            break;
> > > +        if (*eax < 0x8000000a)
> > > +            *eax = 0x8000000a;
> >
> > I don't understand this.  Surely you can't have set nestedhvm_enabled on
> > a CPU that doesn't supoprt SVM (and therefore has at least that level of
> > CPUID available).  If that's been overwritten by the tools then it
> > should be fixed in the tools, not the hypervisor.
> 
> Xen reads SVM feature bits only if cpuid level 0x8000000a is available.
> When you run Xen as HVM guest then Xen reads 0x80000001 if I remember 
> correctly and the L2 guest can't use hap then.

Okay, but you're fixing this in the wrong place.  Find out what's
causing the cpuid to be capped at 0x80000001 (I think it'll be libxc)
and fix it there.

> > > +        break;
> > >      case 0x80000001:
> > >          /* We expose RDTSCP feature to guest only when
> > >             tsc_mode == TSC_MODE_DEFAULT and host_tsc_is_safe() returns 1
> > > */ if ( v->domain->arch.tsc_mode != TSC_MODE_DEFAULT ||
> > >               !host_tsc_is_safe() )
> > >              *edx &= ~bitmaskof(X86_FEATURE_RDTSCP);
> > > +
> > > +        /* Don't expose SVM feature bit when host does not run with
> > > +         * nested paging enabled. This check is needed as long as
> > > +         * we don't support shadow-on-shadow.
> > > +         */
> > > +        if ( !paging_mode_hap(v->domain) )
> > > +            *ecx &= ~bitmaskof(X86_FEATURE_SVME);
> >
> > Surely !paging_mode_hap(d) -> !nestedhvm_enabled(d), and you don't need
> > to check it here.  Otherwise you're in for worse surprises than getting
> > CPUID wrong.
> 
> This check is supposed to go away when shadow-on-shadow is implemented.
> This check makes sure that SVM feature bit is not propagated to the guest
> if you have hap=0 and nestedhvm=1 in the guest config file.

If you haven't implemented shadow-on-shadow then it's not safe to let 
nestedhvm_enabled(d) == 1 when paging_mode_hap(d) == 0.  

If you've enforced that, then this check isn't needed.  If you haven't
than masking the CPUID bits won't make it safe, just safe from
well-behaved guests.

Cheers,

Tim.

> >
> > Cheers,
> >
> > Tim.
> >
> > > +        /* Don't expose SVM feature bit when nestedhvm is disabled. */
> > > +        if ( !nestedhvm_enabled(v->domain) )
> > > +            *ecx &= ~bitmaskof(X86_FEATURE_SVME);
> > > +        break;
> > > +    case 0x8000000a:
> > > +        /* Don't expose SVM feature bits when nestedhvm is disabled. */
> > > +        if ( !nestedhvm_enabled(v->domain) ) {
> > > +            *eax = *ebx = *ecx = *edx = 0;
> > > +            break;
> > > +        }
> > > +
> > > +        hvm_nestedhvm_vcpu_features(v, eax, ebx, ecx, edx);
> > >          break;
> > >      }
> > >  }
> >
> > Content-Description: ATT00001.txt
> >
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-devel
> 
> 
> 
> -- 
> ---to satisfy European Law for business letters:
> Advanced Micro Devices GmbH
> Karl-Hammerschmidt-Str. 34, 85609 Dornach b. Muenchen
> Geschaeftsfuehrer: Andrew Bowd, Thomas M. McCoy, Giuliano Meroni
> Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
> Registergericht Muenchen, HRB Nr. 43632
> 

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, XenServer Engineering
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>