diff options
| author | Jan Beulich <jbeulich@suse.com> | 2013-09-09 14:36:54 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2013-09-09 14:36:54 +0200 |
| commit | 4cc1344447a0458df5d222960f2adf1b65084fa8 (patch) | |
| tree | de70a143c62b2544ca95636671554a99b6a4f95d /xen/include/asm-x86 | |
| parent | 6ad580d8685190585ba27e996be7e1a730d2a317 (diff) | |
| download | xen-4cc1344447a0458df5d222960f2adf1b65084fa8.tar.gz xen-4cc1344447a0458df5d222960f2adf1b65084fa8.tar.bz2 xen-4cc1344447a0458df5d222960f2adf1b65084fa8.zip | |
x86/xsave: fix migration from xsave-capable to xsave-incapable host
With CPUID features suitably masked this is supposed to work, but was
completely broken (i.e. the case wasn't even considered when the
original xsave save/restore code was written).
First of all, xsave_enabled() wrongly returned the value of
cpu_has_xsave, i.e. not even taking into consideration attributes of
the vCPU in question. Instead this function ought to check whether the
guest ever enabled xsave support (by writing a [non-zero] value to
XCR0). As a result of this, a vCPU's xcr0 and xcr0_accum must no longer
be initialized to XSTATE_FP_SSE (since that's a valid value a guest
could write to XCR0), and the xsave/xrstor as well as the context
switch code need to suitably account for this (by always enforcing at
least this part of the state to be saved/loaded).
This involves undoing large parts of c/s 22945:13a7d1f7f62c ("x86: add
strictly sanity check for XSAVE/XRSTOR") - we need to cleanly
distinguish between hardware capabilities and vCPU used features.
Next both HVM and PV save code needed tweaking to not always save the
full state supported by the underlying hardware, but just the parts
that the guest actually used. Similarly the restore code should bail
not just on state being restored that the hardware cannot handle, but
also on inconsistent save state (inconsistent XCR0 settings or size of
saved state not in line with XCR0).
And finally the PV extended context get/set code needs to use slightly
different logic than the HVM one, as here we can't just key off of
xsave_enabled() (i.e. avoid doing anything if a guest doesn't use
xsave) because the tools use this function to determine host
capabilities as well as read/write vCPU state. The set operation in
particular needs to be capable of cleanly dealing with input that
consists of only the xcr0 and xcr0_accum values (if they're both zero
then no further data is required).
While for things to work correctly both sides (saving _and_ restoring
host) need to run with the fixed code, afaict no breakage should occur
if either side isn't up to date (other than the breakage that this
patch attempts to fix).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Yang Zhang <yang.z.zhang@intel.com>
Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/include/asm-x86')
| -rw-r--r-- | xen/include/asm-x86/domain.h | 6 | ||||
| -rw-r--r-- | xen/include/asm-x86/hvm/hvm.h | 2 | ||||
| -rw-r--r-- | xen/include/asm-x86/xstate.h | 4 |
3 files changed, 7 insertions, 5 deletions
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index d79464d032..909f4490e5 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -456,9 +456,9 @@ unsigned long pv_guest_cr4_fixup(const struct vcpu *, unsigned long guest_cr4); #define pv_guest_cr4_to_real_cr4(v) \ (((v)->arch.pv_vcpu.ctrlreg[4] \ | (mmu_cr4_features \ - & (X86_CR4_PGE | X86_CR4_PSE | X86_CR4_SMEP)) \ - | ((v)->domain->arch.vtsc ? X86_CR4_TSD : 0) \ - | ((xsave_enabled(v))? X86_CR4_OSXSAVE : 0)) \ + & (X86_CR4_PGE | X86_CR4_PSE | X86_CR4_SMEP | \ + X86_CR4_OSXSAVE)) \ + | ((v)->domain->arch.vtsc ? X86_CR4_TSD : 0)) \ & ~X86_CR4_DE) #define real_cr4_to_pv_guest_cr4(c) \ ((c) & ~(X86_CR4_PGE | X86_CR4_PSE | X86_CR4_TSD \ diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 083f813d63..3376418826 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -368,7 +368,7 @@ static inline int hvm_event_pending(struct vcpu *v) ((nestedhvm_enabled((_v)->domain) && cpu_has_vmx)\ ? X86_CR4_VMXE : 0) | \ (cpu_has_pcid ? X86_CR4_PCIDE : 0) | \ - (xsave_enabled(_v) ? X86_CR4_OSXSAVE : 0)))) + (cpu_has_xsave ? X86_CR4_OSXSAVE : 0)))) /* These exceptions must always be intercepted. */ #define HVM_TRAP_MASK ((1U << TRAP_machine_check) | (1U << TRAP_invalid_op)) diff --git a/xen/include/asm-x86/xstate.h b/xen/include/asm-x86/xstate.h index 9bea08b502..5617963a4c 100644 --- a/xen/include/asm-x86/xstate.h +++ b/xen/include/asm-x86/xstate.h @@ -34,7 +34,6 @@ #define XSTATE_NONLAZY (XSTATE_LWP) #define XSTATE_LAZY (XSTATE_ALL & ~XSTATE_NONLAZY) -extern unsigned int xsave_cntxt_size; extern u64 xfeature_mask; /* extended state save area */ @@ -77,11 +76,14 @@ uint64_t get_xcr0(void); void xsave(struct vcpu *v, uint64_t mask); void xrstor(struct vcpu *v, uint64_t mask); bool_t xsave_enabled(const struct vcpu *v); +int __must_check validate_xstate(u64 xcr0, u64 xcr0_accum, u64 xstate_bv, + u64 xfeat_mask); int __must_check handle_xsetbv(u32 index, u64 new_bv); /* extended state init and cleanup functions */ void xstate_free_save_area(struct vcpu *v); int xstate_alloc_save_area(struct vcpu *v); void xstate_init(bool_t bsp); +unsigned int xstate_ctxt_size(u64 xcr0); #endif /* __ASM_XSTATE_H */ |