Re: [Xen-devel] Ping: [PATCH] VMX: sync CPU state upon vCPU destruction

On Tue, 2017-11-21 at 08:29 -0700, Jan Beulich wrote: > > > > On 21.11.17 at 15:07, wrote: > > > > On 21/11/17 13:22, Jan Beulich wrote: > > > > > > On 09.11.17 at 15:49, wrote: > > > > > > > > See the code comment being added for why we need this.

Re: [Xen-devel] [PATCH] VMX: sync CPU state upon vCPU destruction

On Thu, 2017-11-09 at 07:49 -0700, Jan Beulich wrote: > See the code comment being added for why we need this. > > Reported-by: Igor Druzhinin > Signed-off-by: Jan Beulich > > --- a/xen/arch/x86/hvm/vmx/vmx.c > +++ b/xen/arch/x86/hvm/vmx/vmx.c > @@

Re: [Xen-devel] [PATCH v2 1/2] VMX: fix VMCS race on context-switch paths

On Thu, 2017-11-09 at 03:17 -0700, Jan Beulich wrote: > > > > On 09.11.17 at 10:54, wrote: > > > > On Tue, 2017-11-07 at 14:24 +, Igor Druzhinin wrote: > > > Perhaps I should improve my diagram: > > > > > > pCPU1: vCPUx of domain X -> migrate to pCPU2 -> switch to idle >

[Xen-devel] [PATCH v1] x86/vvmx: don't enable vmcs shadowing for nested guests

t: FAILURE This happens because SDM allows vmentries with enabled VMCS shadowing VM-execution control and VMCS link pointer value of ~0ull. But results of a nested VMREAD are undefined in such cases. Fix this by not copying the value of VMCS shadowing control from vmcs01 to vmcs02. Signed-off-

[Xen-devel] [PATCH v4 7/7] x86/msr: handle VMX MSRs with guest_rd/wrmsr()

-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmx.c | 6 -- xen/arch/x86/hvm/vmx/vvmx.c| 178 - xen/arch/x86/msr.c | 37 xen/include/asm-x86/hvm/vmx/vvmx.h | 2 - 4 files changed, 37 inse

[Xen-devel] [PATCH v4 6/7] x86/msr: update domain policy on CPUID policy changes

() which changes availability of VMX MSRs based on domain's nested virt settings. Unavailable MSRs are zeroed which allows checking availability bits in them directly without preliminary checks (e.g. cpuid->basic.vmx, activate_secondary_controls, enable_ept). Signed-off-by: Sergey Dyasli <serg

[Xen-devel] [PATCH v4 5/7] x86/cpuid: update signature of hvm_cr4_guest_valid_bits()

With the new cpuid infrastructure there is a domain-wide struct cpuid policy and there is no need to pass a separate struct vcpu * into hvm_cr4_guest_valid_bits() anymore. Make the function accept struct domain * instead and update callers. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.

[Xen-devel] [PATCH v4 1/7] x86/msr: add Raw and Host domain policies

disabled if Xen decides not to use them. For now, make Host policy equal to Raw policy. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/msr.c | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/msr.c b/xen/ar

[Xen-devel] [PATCH v4 4/7] x86/msr: add VMX MSRs into HVM_max domain policy

by guest_rd/wrmsr(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/msr.c | 129 + 1 file changed, 129 insertions(+) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 7ac0fceb49..ff270befbb 100644 --- a/xen/ar

[Xen-devel] [PATCH v4 3/7] x86/msr: read VMX MSRs values into Raw policy

Add calculate_raw_vmx_policy() which fills Raw policy with H/W values of VMX MSRs. Host policy will contain a copy of these values. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/msr.c | 33 + 1 file changed, 33 insertions(+) diff

[Xen-devel] [PATCH v4 0/7] VMX MSRs policy for Nested Virt: part 1

ped - Separate patch for hvm_cr4_guest_valid_bits() is added v2 --> v3: - Rebase on top of Generic MSR Policy - Each VMX MSR now has its own availability flag - VMX MSRs are now completely defined during domain creation (all CPUID policy changes are taken into account) Sergey Dyasli (7): x

[Xen-devel] [PATCH v4 2/7] x86/msr: add VMX MSRs into struct msr_domain_policy

Every bit value is accessible by its name and bit names match existing Xen's definitions as close as possible. There is a "raw" 64-bit field for each MSR as well as "raw" arrays for vmx and vmx_true_ctls blocks. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com&g

Re: [Xen-devel] [PATCH v3 2/6] x86/msr: add VMX MSRs into struct msr_domain_policy

On Mon, 2017-10-16 at 15:01 +0100, Andrew Cooper wrote: > On 16/10/17 08:42, Sergey Dyasli wrote: > > + > > +secondary_available = > > +dp->vmx_procbased_ctls.u.allowed_1.activate_secondary_controls; > > + > > +switch (msr) > &g

Re: [Xen-devel] [PATCH v3 6/6] x86/msr: handle VMX MSRs with guest_rd/wrmsr()

On Fri, 2017-10-13 at 16:38 +0100, Andrew Cooper wrote: > On 13/10/17 13:35, Sergey Dyasli wrote: > > diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c > > index a22e3dfaf2..2527fdd1d1 100644 > > --- a/xen/arch/x86/msr.c > > +++ b/xen/arch/x86/msr.c &

Re: [Xen-devel] [PATCH v3 5/6] x86/msr: update domain policy on CPUID policy changes

On Fri, 2017-10-13 at 16:25 +0100, Andrew Cooper wrote: > On 13/10/17 13:35, Sergey Dyasli wrote: > > diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c > > index 205b4cb685..7e6b15f8d7 100644 > > --- a/xen/arch/x86/hvm/hvm.c > > +++ b/xen/arch/x86/hvm/hvm.c &g

Re: [Xen-devel] [PATCH v3 2/6] x86/msr: add VMX MSRs into struct msr_domain_policy

On Fri, 2017-10-13 at 16:16 +0100, Andrew Cooper wrote: > On 13/10/17 13:35, Sergey Dyasli wrote: > > @@ -210,6 +375,255 @@ struct msr_domain_policy > > bool available; /* This MSR is non-architectural */ > > bool cpuid_faulting; &g

[Xen-devel] [PATCH v3 3/6] x86/msr: read VMX MSRs values into Raw policy

Add calculate_raw_vmx_policy() which fills Raw policy with H/W values of VMX MSRs. Host policy will contain a copy of these values. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/msr.c | 77 ++ 1 file chang

[Xen-devel] [PATCH v3 4/6] x86/msr: add VMX MSRs into HVM_max domain policy

by guest_rd/wrmsr(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/msr.c | 140 + 1 file changed, 140 insertions(+) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 955aba0849..388f19e50d 100644 --- a/xen/ar

[Xen-devel] [PATCH v3 0/6] VMX MSRs policy for Nested Virt: part 1

lag - VMX MSRs are now completely defined during domain creation (all CPUID policy changes are taken into account) Sergey Dyasli (6): x86/msr: add Raw and Host domain policies x86/msr: add VMX MSRs into struct msr_domain_policy x86/msr: read VMX MSRs values into Raw policy x86/msr: add VMX M

[Xen-devel] [PATCH v3 6/6] x86/msr: handle VMX MSRs with guest_rd/wrmsr()

-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmx.c | 6 -- xen/arch/x86/hvm/vmx/vvmx.c| 178 - xen/arch/x86/msr.c | 34 +++ xen/include/asm-x86/hvm/vmx/vvmx.h | 2 - 4 files changed, 34 inse

[Xen-devel] [PATCH v3 1/6] x86/msr: add Raw and Host domain policies

disabled if Xen decides not to use them. For now, make Host policy equal to Raw policy. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/msr.c | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/msr.c b/xen/ar

[Xen-devel] [PATCH v3 2/6] x86/msr: add VMX MSRs into struct msr_domain_policy

New definitions provide a convenient way of accessing contents of VMX MSRs: every bit value is accessible by its name and there is a "raw" 64-bit msr value. Bit names match existing Xen's definitions as close as possible. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> -

[Xen-devel] [PATCH v3 5/6] x86/msr: update domain policy on CPUID policy changes

() which changes availability of VMX MSRs based on domain's nested virt settings. Introduce hvm_cr4_domain_valid_bits() which accepts struct domain * instead of struct vcpu *. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/domctl.c | 1 + xen/arch/x86/hvm

Re: [Xen-devel] [PATCH v3 5/9] x86/vvmx: make updating shadow EPTP value more efficient

On Thu, 2017-10-05 at 03:27 -0600, Jan Beulich wrote: > > > > On 05.10.17 at 10:18, wrote: > > > > --- a/xen/arch/x86/hvm/vmx/entry.S > > +++ b/xen/arch/x86/hvm/vmx/entry.S > > @@ -80,7 +80,7 @@ UNLIKELY_END(realmode) > > mov %rsp,%rdi > > call

Re: [Xen-devel] [PATCH v3 5/9] x86/vvmx: make updating shadow EPTP value more efficient

On Wed, 2017-10-04 at 15:55 +0100, Andrew Cooper wrote: > > > > > > -void vmx_vmenter_helper(const struct cpu_user_regs *regs) > > > +int vmx_vmenter_helper(const struct cpu_user_regs *regs) > > > > ...Andy, did you want a comment here explaining what the return value is > > supposed to mean?

[Xen-devel] [PATCH v3 8/9] x86/np2m: refactor p2m_get_nestedp2m_locked()

Remove some code duplication. Suggested-by: George Dunlap <george.dun...@citrix.com> Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Reviewed-by: George Dunlap <george.dun...@citrix.com> --- xen/arch/x86/mm/p2m.c | 25 ++--- 1 file changed, 10

[Xen-devel] [PATCH v3 7/9] x86/np2m: implement sharing of np2m between vCPUs

look for another nested p2m in the same domain with the same base pointer, before reclaiming one from the LRU. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Signed-off-by: George Dunlap <george.dun...@citrix.com> --- xen/arch/x86/hvm/vmx/vvmx.c | 1 + xen/arch/x86/mm/p2m.

[Xen-devel] [PATCH v3 6/9] x86/np2m: send flush IPIs only when a vcpu is actively using an np2m

p2m pointer (and update nv->generation) if the generation changed Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Signed-off-by: George Dunlap <george.dun...@citrix.com> --- v2 --> v3: - current pointer is now calculated only once in np2m_schedule() - Replaced "shad

[Xen-devel] [PATCH v3 3/9] x86/np2m: remove np2m_base from p2m_get_nestedp2m()

Remove np2m_base parameter as it should always match the value of np2m_base in VMCx12. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Reviewed-by: George Dunlap <george.dun...@citrix.com> --- xen/arch/x86/hvm/svm/nestedsvm.c | 6 +- xen/arch/x86/hvm/vmx/vvmx.c | 3 +

[Xen-devel] [PATCH v3 0/9] Nested p2m: allow sharing between vCPUs

- Patch "x86/vvmx: add stale_eptp flag" is split into "x86/np2m: add stale_np2m flag" and "x86/vvmx: restart nested vmentry in case of stale_np2m" - Added "x86/np2m: refactor p2m_get_nestedp2m_locked()" patch - I've done some light nested SVM

[Xen-devel] [PATCH v3 5/9] x86/vvmx: make updating shadow EPTP value more efficient

entering the guest and restart the vmentry if it's set. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Signed-off-by: George Dunlap <george.dun...@citrix.com> --- v2 --> v3: - current pointer is now calculated only once in nvmx_eptp_update() --- xen/arch/x86/hvm/nestedhvm.c

[Xen-devel] [PATCH v3 1/9] x86/np2m: refactor p2m_get_nestedp2m()

1. Add a helper function assign_np2m() 2. Remove useless volatile 3. Update function's comment in the header 4. Minor style fixes ('\n' and d) Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Reviewed-by: George Dunlap <george.dun...@citrix.com> --- xen/arch/x86/mm/p2

[Xen-devel] [PATCH v3 9/9] x86/np2m: add break to np2m_flush_eptp()

Now that np2m sharing is implemented, there can be only one np2m object with the same np2m_base. Break from loop if the required np2m was found during np2m_flush_eptp(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Reviewed-by: George Dunlap <george.dun...@citrix.com> ---

[Xen-devel] [PATCH v3 2/9] x86/np2m: flush all np2m objects on nested INVEPT

that share that base pointer. Convert p2m_flush_table() into p2m_flush_table_locked() in order not to release the p2m_lock after np2m_base check. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Signed-off-by: George Dunlap <george.dun...@citrix.com> --- v2 --> v3: - Commit

[Xen-devel] [PATCH v3 4/9] x86/np2m: simplify nestedhvm_hap_nested_page_fault()

a still-locked p2m. This allows us to call nestedhap_fix_p2m() with the lock held and remove the code detecting the special-case. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Signed-off-by: George Dunlap <george.dun...@citrix.com> --- v2 --> v3: - Moved p

Re: [Xen-devel] [PATCH 2/9] x86/np2m: Have invept flush all np2m entries with the same base pointer

On Mon, 2017-10-02 at 11:07 +0100, George Dunlap wrote: > On 10/02/2017 10:40 AM, George Dunlap wrote: > > On 10/02/2017 10:37 AM, Sergey Dyasli wrote: > > > On Fri, 2017-09-29 at 16:01 +0100, George Dunlap wrote: > > > > nvmx_handle_invept() update

Re: [Xen-devel] [PATCH 5/9] x86/vvmx: Make updating shadow EPTP value more efficient

On Fri, 2017-09-29 at 16:56 +0100, Andrew Cooper wrote: > On 29/09/17 16:01, George Dunlap wrote: > > @@ -4203,13 +4197,17 @@ static void lbr_fixup(void) > > bdw_erratum_bdf14_fixup(); > > } > > > > -void vmx_vmenter_helper(const struct cpu_user_regs *regs) > > +int

Re: [Xen-devel] [PATCH 4/9] x86/np2m: Simplify nestedhvm_hap_nested_page_fault

p_fix_p2m() and > special-casing it. > > Instead, introduce p2m_get_nestedp2m_locked(), which will returned a > still-locked p2m. This allows us to call nestedhap_fix_p2m() with the > lock held and remove the code detecting the special-case. > > Signed-off-by: Sergey Dyasli <serge

Re: [Xen-devel] [PATCH 2/9] x86/np2m: Have invept flush all np2m entries with the same base pointer

gt; Convert p2m_flush_table() into p2m_flush_table_locked() in order not > to release the p2m_lock after np2m_base check. > > Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> > Signed-off-by: George Dunlap <george.dun...@citrix.com> > --- > Changes since v1: &g

Re: [Xen-devel] [PATCH v1 07/14] x86/vvmx: restart nested vmentry in case of stale_np2m

On Fri, 2017-09-29 at 11:53 +0100, George Dunlap wrote: > On 09/04/2017 09:14 AM, Sergey Dyasli wrote: > > If an IPI flushes vCPU's np2m object just before nested vmentry, there > > will be a stale shadow EPTP value in VMCS02. Allow vmentry to be > > restarted

Re: [Xen-devel] [PATCH] x86: avoid #GP for PV guest MSR accesses

On Fri, 2017-09-22 at 03:06 -0600, Jan Beulich wrote: > Halfway recent Linux kernels probe MISC_FEATURES_ENABLES on all CPUs, > leading to ugly recovered #GP fault messages with debug builds on older > systems. We can do better, so introduce synthetic feature flags for > both this and

[Xen-devel] [PATCH v1] x86/vvmx: add hvm_intsrc_vector support to nvmx_intr_intercept()

. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/intr.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/intr.c b/xen/arch/x86/hvm/vmx/intr.c index e1d0190ca9..4c0f1c8f71 100644 --- a/xen/arch/x86/hvm/vmx/intr.c

Re: [Xen-devel] [PATCH v1 0/5] Generic MSR policy: infrastructure + cpuid_faulting

Ping? On Wed, 2017-08-30 at 11:34 +0100, Sergey Dyasli wrote: > Currently there are the following issues with handling guest's RD/WRMSR > in Xen: > > 1. There is no way to configure which MSRs a guest can and can't access. >And if there is no MSR handler in Xen for a

[Xen-devel] [PATCH v1 14/14] x86/vvmx: remove EPTP write from ept_handle_violation()

Now there is no need to update shadow EPTP after handling L2 EPT violation since all EPTP updates are handled by nvmx_eptp_update(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmx.c | 6 -- 1 file changed, 6 deletions(-) diff --git a/xen/arch/x

[Xen-devel] [PATCH v1 13/14] x86/np2m: add break to np2m_flush_eptp()

Now that np2m sharing is implemented, there can be only one np2m object with the same np2m_base. Break from loop if the required np2m was found during np2m_flush_eptp(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c | 4 xen/include/asm-x86/p2m

[Xen-devel] [PATCH v1 11/14] x86/np2m: implement sharing of np2m between vCPUs

Modify p2m_get_nestedp2m() to allow sharing a np2m between multiple vcpus with the same np2m_base (L1 np2m_base value in VMCX12). np2m_schedule() callbacks are added to context_switch() as well as pseudo schedule-out is performed during vvmx's virtual_vmexit(). Signed-off-by: Sergey Dyasli

[Xen-devel] [PATCH v1 12/14] x86/np2m: refactor p2m_get_nestedp2m_locked()

Remove some code duplication. Suggested-by: George Dunlap <george.dun...@citrix.com> Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c | 25 ++--- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/mm/p2m.

[Xen-devel] [PATCH v1 10/14] x86/np2m: improve nestedhvm_hap_nested_page_fault()

There is a possibility for nested_p2m to became stale between nestedhvm_hap_nested_page_fault() and nestedhap_fix_p2m(). Simply use p2m_get_nestedp2m_lock() to guarantee that correct np2m is used. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/hap/nested_hap.

[Xen-devel] [PATCH v1 03/14] x86/vvmx: use np2m_flush_base() for INVEPT_SINGLE_CONTEXT

nvmx_handle_invept() updates current's np2m just to flush it. Instead, use the new np2m_flush_base() directly for this purpose. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vvmx.c | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --git

[Xen-devel] [PATCH v1 00/14] Nested p2m: allow sharing between vCPUs

locked()" patch - I've done some light nested SVM testing and fixed 1 regression (see patch #4) Sergey Dyasli (14): x86/np2m: refactor p2m_get_nestedp2m() x86/np2m: add np2m_flush_base() x86/vvmx: use np2m_flush_base() for INVEPT_SINGLE_CONTEXT x86/np2m: remove np2m_base from p2m_get_

[Xen-devel] [PATCH v1 02/14] x86/np2m: add np2m_flush_base()

The new function finds all np2m objects with the specified np2m_base and flushes them. Convert p2m_flush_table() into p2m_flush_table_locked() in order not to release the p2m_lock after np2m_base check. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- RFC --> v1: - p2m_u

[Xen-devel] [PATCH v1 04/14] x86/np2m: remove np2m_base from p2m_get_nestedp2m()

Remove np2m_base parameter as it should always match the value of np2m_base in VMCX12. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- RFC --> v1: - Nested SVM: added early update of ns_vmcb_hostcr3 xen/arch/x86/hvm/svm/nestedsvm.c | 6 +- xen/arch/x86/hvm/vmx/vvmx.c

[Xen-devel] [PATCH v1 09/14] x86/np2m: add p2m_get_nestedp2m_locked()

The new function returns still write-locked np2m. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c | 12 +--- xen/include/asm-x86/p2m.h | 2 ++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/

[Xen-devel] [PATCH v1 06/14] x86/np2m: add stale_np2m flag

The new element will indicate if update of a shadow p2m_base is needed prior to vmentry. Update is required if a nested vcpu gets a new np2m or if its np2m was flushed by an IPI. Add nvcpu_flush() helper function. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x

[Xen-devel] [PATCH v1 05/14] x86/np2m: add np2m_generation

Add np2m_generation element to both p2m_domain and nestedvcpu. np2m's generation will be incremented each time the np2m is flushed. This will allow to detect if a nested vcpu has the stale np2m. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/nestedhvm.c

[Xen-devel] [PATCH v1 07/14] x86/vvmx: restart nested vmentry in case of stale_np2m

If an IPI flushes vCPU's np2m object just before nested vmentry, there will be a stale shadow EPTP value in VMCS02. Allow vmentry to be restarted in such cases and add nvmx_eptp_update() to perform an update. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/h

[Xen-devel] [PATCH v1 01/14] x86/np2m: refactor p2m_get_nestedp2m()

1. Add a helper function assign_np2m() 2. Remove useless volatile 3. Update function's comment in the header 4. Minor style fixes ('\n' and d) Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c | 31 ++- xen/include/asm-x86

[Xen-devel] [PATCH v1 08/14] x86/np2m: add np2m_schedule()

np2m maintenance is required for a nested vcpu during scheduling: 1. On schedule-out: clear pCPU's bit in p2m->dirty_cpumask to prevent useless IPIs. 2. On schedule-in: check if np2m is up to date and wasn't flushed. Signed-off-by: Sergey Dyasli <serg

[Xen-devel] [PATCH v1 1/5] x86/msr: introduce struct msr_domain_policy

. It's always possible to emulate CPUID faulting for HVM guests while for PV guests the H/W support is required. Add init_domain_msr_policy() which sets initial MSR policy during domain creation with a special case for Dom0. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/ar

[Xen-devel] [PATCH v1 3/5] x86: replace arch_vcpu::cpuid_faulting with msr_vcpu_policy

Since each vCPU now has struct msr_vcpu_policy, use cpuid_faulting bit from there in current logic and remove arch_vcpu::cpuid_faulting. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/cpu/intel.c | 3 ++- xen/arch/x86/hvm/hvm.c | 4 +++- xen/arch/x

[Xen-devel] [PATCH v1 5/5] x86/msr: introduce guest_wrmsr()

() and priv_op_write_msr(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/hvm.c | 7 ++- xen/arch/x86/hvm/vmx/vmx.c | 23 -- xen/arch/x86/msr.c | 44 ++ xen/arch/x86/pv/emul-pri

[Xen-devel] [PATCH v1 2/5] x86/msr: introduce struct msr_vcpu_policy

. Availability of MSR_INTEL_MISC_FEATURES_ENABLES depends on availability of MSR_INTEL_PLATFORM_INFO. Add init_vcpu_msr_policy() which sets initial MSR policy for every vCPU during domain creation with a special case for Dom0. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/do

[Xen-devel] [PATCH v1 4/5] x86/msr: introduce guest_rdmsr()

-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/hvm.c | 7 ++- xen/arch/x86/hvm/vmx/vmx.c | 10 -- xen/arch/x86/msr.c | 31 +++ xen/arch/x86/pv/emul-priv-op.c | 22 -- xen/include/asm-x86

[Xen-devel] [PATCH v1 0/5] Generic MSR policy: infrastructure + cpuid_faulting

of this generic MSR infrastructure after it's merged. Sergey Dyasli (5): x86/msr: introduce struct msr_domain_policy x86/msr: introduce struct msr_vcpu_policy x86: replace arch_vcpu::cpuid_faulting with msr_vcpu_policy x86/msr: introduce guest_rdmsr() x86/msr: introduce guest_wrmsr() xen/arch/x86

Re: [Xen-devel] [PATCH RFC 00/12] Nested p2m: allow sharing between vCPUs

On Mon, 2017-08-28 at 18:03 +0100, George Dunlap wrote: > On 07/18/2017 11:34 AM, Sergey Dyasli wrote: > > Nested p2m (shadow EPT) is an object that stores memory address > > translations from L2 GPA directly to L0 HPA. This is achieved by > > combining together L1 EPT tables

Re: [Xen-devel] [PATCH RFC 02/12] x86/np2m: add np2m_flush_eptp()

On Tue, 2017-08-01 at 09:55 +0200, Egger, Christoph wrote: > On 18.07.17 12:34, Sergey Dyasli wrote: > > The new function finds all np2m objects with the specified eptp and > > flushes them. p2m_flush_table_locked() is added in order not to release > > the p2m lock

Re: [Xen-devel] [PATCH 5/6] x86/vvmx: Fix handing of the MSR_BITMAP field with VMCS shadowing

ping of the bitmap can be updated. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> Reviewed-by: Sergey Dyasli <sergey.dya...@citrix.com> -- Thanks, Sergey ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel

[Xen-devel] [PATCH v2 4/5] x86/vvmx: add vvmx_max_msr_policy

MSRs. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- v1 --> v2: - Renamed hvm_max_vmx_msr_policy to vvmx_max_msr_policy and made it static - calculate_hvm_max_policy() is renamed to calculate_vvmx_max_policy() - Declaration of calculate_vvmx_max_policy() is removed fr

[Xen-devel] [PATCH v2 1/5] x86/vmx: add struct vmx_msr_policy

/W. A set of helper functions is introduced to provide a simple way of interacting with the new structure. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- v1 --> v2: - Replaced MSR indices with MSR names in struct vmx_msr_policy's comments - Named "always zero bit&qu

[Xen-devel] [PATCH v2 5/5] x86/vvmx: add per domain vmx msr policy

. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> Reviewed-by: Jan Beulich <jbeul...@suse.com> --- v1 --> v2: - nvmx_msr_read_intercept() now uses const struct vmx_msr_policy * (starting from patch #4) - Added Reviewed-by: Jan Beulich <jbeul...@suse.com>

[Xen-devel] [PATCH v2 0/5] VMX MSRs policy for Nested Virt: part 1

based to the latest master - hvm_max_vmx_msr_policy is renamed to vvmx_max_msr_policy - Dropped the debug patch - Other changes are available on a per-patch basis Sergey Dyasli (5): x86/vmx: add struct vmx_msr_policy x86/vmx: add raw_vmx_msr_policy x86/vmx: refactor vmx_init_vmcs_config() x86/vvmx: add vvmx_max_

[Xen-devel] [PATCH v2 3/5] x86/vmx: refactor vmx_init_vmcs_config()

1. Remove RDMSRs of VMX MSRs since all values are already available in raw_vmx_msr_policy. 2. Replace bit operations involving VMX bitmasks with accessing VMX features by name and using vmx_msr_available() where appropriate. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>

[Xen-devel] [PATCH v2 2/5] x86/vmx: add raw_vmx_msr_policy

(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- v1 --> v2: - calculate_raw_policy() is renamed to calculate_vmx_raw_policy() to avoid clash with the same-name function in cpuid.c - Declaration of calculate_vmx_raw_policy() is removed from vmx.c and added to vmcs.h - msr

[Xen-devel] [PATCH RFC 12/12] x86/vvmx: remove EPTP write from ept_handle_violation()

Now there is no need to update shadow EPTP after handling L2 EPT violation since all EPTP updates are handled by nvmx_eptp_update(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmx.c | 6 -- 1 file changed, 6 deletions(-) diff --git a/xen/arch/x

[Xen-devel] [PATCH RFC 11/12] x86/np2m: add break to np2m_flush_eptp()

Now that np2m sharing is implemented, there can be only one np2m object with the same np2m_base. Break from loop if the required np2m was found during np2m_flush_eptp(). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c | 3 +++ xen/include/asm-x86/p2m

[Xen-devel] [PATCH RFC 10/12] x86/np2m: implement sharing of np2m between vCPUs

Modify p2m_get_nestedp2m() to allow sharing a np2m between multiple vcpus with the same np2m_base (L1 EPTP value in VMCS12). np2m_schedule_in/out() callbacks are added to context_switch() as well as pseudo schedule-out is performed during virtual_vmexit(). Signed-off-by: Sergey Dyasli

[Xen-devel] [PATCH RFC 02/12] x86/np2m: add np2m_flush_eptp()

The new function finds all np2m objects with the specified eptp and flushes them. p2m_flush_table_locked() is added in order not to release the p2m lock after np2m_base check. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c

[Xen-devel] [PATCH RFC 08/12] x86/np2m: add p2m_get_nestedp2m_locked()

The new function returns still write-locked np2m. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c | 12 +--- xen/include/asm-x86/p2m.h | 2 ++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/

[Xen-devel] [PATCH RFC 05/12] x86/np2m: add np2m_generation

Add np2m_generation variable to both p2m_domain and nestedvcpu. np2m's generation will be incremented each time the np2m is flushed. This will allow to detect if a nested vcpu has the stale np2m. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/nestedhvm.c

[Xen-devel] [PATCH RFC 01/12] x86/np2m: refactor p2m_get_nestedp2m()

1. Add a helper function assign_np2m() 2. Remove useless volatile 3. Update function's comment in the header 4. Minor style fixes ('\n' and d) Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/p2m.c | 31 ++- xen/include/asm-x86

[Xen-devel] [PATCH RFC 07/12] x86/np2m: add np2m_schedule_in/out()

np2m maintenance is required for a nested vcpu during scheduling: 1. On schedule-out: clear pCPU's bit in p2m->dirty_cpumask to prevent useless IPIs. 2. On schedule-in: check if np2m is up to date and wasn't flushed. Signed-off-by: Sergey Dyasli <serg

[Xen-devel] [PATCH RFC 03/12] x86/vvmx: use np2m_flush_eptp() for INVEPT_SINGLE_CONTEXT

nvmx_handle_invept() updates current's np2m just to flush it. Instead, use the new np2m_flush_eptp() directly for this purpose. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vvmx.c | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --git

[Xen-devel] [PATCH RFC 04/12] x86/np2m: remove np2m_base from p2m_get_nestedp2m()

Remove np2m_base parameter as it should always match the value of EPTP in VMCS12. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/svm/nestedsvm.c | 2 +- xen/arch/x86/hvm/vmx/vvmx.c | 3 +-- xen/arch/x86/mm/hap/nested_hap.c | 2 +- xen/arch/x86/mm

[Xen-devel] [PATCH RFC 00/12] Nested p2m: allow sharing between vCPUs

is likely broken. Unfortunately, I don't have any H/W currently to perform a proper testing. Sergey Dyasli (12): x86/np2m: refactor p2m_get_nestedp2m() x86/np2m: add np2m_flush_eptp() x86/vvmx: use np2m_flush_eptp() for INVEPT_SINGLE_CONTEXT x86/np2m: remove np2m_base from

[Xen-devel] [PATCH RFC 09/12] x86/np2m: improve nestedhvm_hap_nested_page_fault()

There is a possibility for nested_p2m to became stale between nestedhvm_hap_nested_page_fault() and nestedhap_fix_p2m(). Simply use p2m_get_nestedp2m_lock() to guarantee that correct np2m is used. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/mm/hap/nested_hap.

[Xen-devel] [PATCH RFC 06/12] x86/vvmx: add stale_eptp flag

The new variable will indicate if update of a shadow EPTP is needed prior to vmentry. Update is required if a nested vcpu gets a new np2m or if its np2m was flushed by an IPI. Helper function nvcpu_flush() is added. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x

Re: [Xen-devel] [PATCH v1 4/6] vvmx: add hvm_max_vmx_msr_policy

On Thu, 2017-07-06 at 06:28 -0600, Jan Beulich wrote: > > > > On 06.07.17 at 12:23, wrote: > > > > On Tue, 2017-07-04 at 09:04 -0600, Jan Beulich wrote: > > > > > > On 26.06.17 at 12:44, wrote: > > > > > > > > +{ > > > > +struct

Re: [Xen-devel] [PATCH v1 4/6] vvmx: add hvm_max_vmx_msr_policy

On Tue, 2017-07-04 at 09:04 -0600, Jan Beulich wrote: > > > > On 26.06.17 at 12:44, wrote: > > > > +{ > > +struct vmx_msr_policy *p = _max_vmx_msr_policy; > > +uint64_t data, *msr; > > +u32 default1_bits; > > + > > +*p = raw_vmx_msr_policy; > > + > > +

Re: [Xen-devel] [PATCH v1 2/6] vmx: add raw_vmx_msr_policy

On Tue, 2017-07-04 at 08:15 -0600, Jan Beulich wrote: > > > > On 26.06.17 at 12:44, wrote: > > > > @@ -611,6 +624,9 @@ int vmx_cpu_up(void) > > > > BUG_ON(!(read_cr4() & X86_CR4_VMXE)); > > > > +if ( (rc = calculate_raw_policy(false)) != 0 ) > > +

Re: [Xen-devel] [PATCH v1 1/6] vmx: add struct vmx_msr_policy

On Tue, 2017-07-04 at 07:57 -0600, Jan Beulich wrote: > > > > On 26.06.17 at 12:44, wrote: > > > > --- a/xen/include/asm-x86/hvm/vmx/vmcs.h > > +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h > > @@ -562,6 +562,350 @@ void vmx_domain_flush_pml_buffers(struct domain *d); > >

[Xen-devel] [PATCH v1] vvmx: fix ept_sync() for nested p2m

a bug. Make ept_sync_domain() to update hostp2m's invalidate mask in nested p2m case and make vmx_vmenter_helper() to invalidate EPT translations for all EPTPs if nested virt is enabled. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmx.c | 5 - xen/ar

[Xen-devel] [PATCH v1 4/6] vvmx: add hvm_max_vmx_msr_policy

MSRs. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmcs.c | 3 + xen/arch/x86/hvm/vmx/vvmx.c | 297 +--- 2 files changed, 147 insertions(+), 153 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x

[Xen-devel] [PATCH v1 2/6] vmx: add raw_vmx_msr_policy

-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmcs.c| 130 + xen/arch/x86/hvm/vmx/vmx.c | 4 ++ xen/include/asm-x86/hvm/vmx/vmcs.h | 2 + 3 files changed, 79 insertions(+), 57 deletions(-) diff --git a/xen/arch/x

[Xen-devel] [PATCH v1 3/6] vmx: refactor vmx_init_vmcs_config()

1. Remove RDMSRs of VMX MSRs since all values are already available in raw_vmx_msr_policy. 2. Replace bit operations involving VMX bitmasks with accessing VMX features by name and using vmx_msr_available() where appropriate. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --

[Xen-devel] [DEBUG PATCH 6/6] vmx: print H/W VMX MSRs values during startup

This is a debug patch I used when developing this series. It's not intended for merging, I post it because it might be useful to someone. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmcs.c | 405 1 file c

[Xen-devel] [PATCH v1 5/6] vvmx: add per domain vmx msr policy

. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/domain.c | 6 ++ xen/arch/x86/hvm/vmx/vvmx.c| 14 +- xen/include/asm-x86/domain.h | 2 ++ xen/include/asm-x86/hvm/vmx/vvmx.h | 3 +++ 4 files changed, 24 insertions(+), 1 de

[Xen-devel] [PATCH v1 0/6] VMX MSRs policy for Nested Virt: part 1

sn't use (i.g. CPU_BASED_PAUSE_EXITING) but they are available to L1. This makes it not worthy to introduce "Host policy" at this stage. Sergey Dyasli (6): vmx: add struct vmx_msr_policy vmx: add raw_vmx_msr_policy vmx: refactor vmx_init_vmcs_config() vvmx: add hvm_max_vmx_msr_policy vvmx: add pe

[Xen-devel] [PATCH v1 1/6] vmx: add struct vmx_msr_policy

H/W. Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- xen/arch/x86/hvm/vmx/vmcs.c| 47 + xen/include/asm-x86/hvm/vmx/vmcs.h | 344 + 2 files changed, 391 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/h

[Xen-devel] [PATCH v2] xen: fix HYPERVISOR_dm_op() prototype

Change the third parameter to be the required struct xen_dm_op_buf * instead of a generic void * (which blindly accepts any pointer). Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com> --- v1 --> v2: - Replaced "#include " with forward declaration of struct xen_dm_op_buf

Re: [Xen-devel] [PATCH v1] xen: fix HYPERVISOR_dm_op() prototype

On Tue, 2017-06-06 at 02:03 -0600, Jan Beulich wrote: > > > > On 05.06.17 at 10:41, wrote: > > > > --- a/arch/x86/include/asm/xen/hypercall.h > > +++ b/arch/x86/include/asm/xen/hypercall.h > > @@ -49,6 +49,7 @@ > > #include > > #include > > #include > > +#include

  1   2   >