On 30/10/2018 08:06, Tian, Kevin wrote:
>> From: Sergey Dyasli [mailto:sergey.dya...@citrix.com]
>> Sent: Friday, October 12, 2018 11:28 PM
>>
>> The size of Xen's virtual vmcs region is 4096 bytes. Correctly report
>> it to the guest in case when VMCS shad
On 26/10/2018 10:10, Andrew Cooper wrote:
> On 26/10/2018 10:05, Sergey Dyasli wrote:
>>
>> On 25/10/2018 16:39, Andrew Cooper wrote:
>>> This is very dangerous from a security point of view, because a missing
>>> entry
>>> will cause L2's action to be
On 25/10/2018 16:39, Andrew Cooper wrote:
> This is very dangerous from a security point of view, because a missing entry
> will cause L2's action to be interpreted as L1's action.
>
> Signed-off-by: Andrew Cooper
> ---
> CC: Sergey Dyasli
> CC: Jan Beulich
> CC: Wei
user_regs *regs,
> case EXIT_REASON_VMXOFF:
> case EXIT_REASON_VMXON:
> case EXIT_REASON_INVEPT:
> +case EXIT_REASON_INVVPID:
> case EXIT_REASON_XSETBV:
> /* inject to L1 */
> nvcpu->nv_vmexit_pending = 1;
Reviewed-by: Sergey Dyasli
nable NMIs during cpu_init() and
during __start_xen() for BSP.
Signed-off-by: Sergey Dyasli
---
v2:
- Added enable_nmis() to __start_xen() for BSP
- Added comments as per Andrew's suggestion
CC: Jan Beulich
CC: Andrew Cooper
CC: Wei Liu
---
xen/arch/x86/cpu/common.c | 3 +++
xen/arch/x
On 12/10/18 14:40, Jan Beulich wrote:
On 09.10.18 at 17:21, wrote:
>> --- a/xen/common/page_alloc.c
>> +++ b/xen/common/page_alloc.c
>> @@ -161,8 +161,42 @@ string_param("badpage", opt_badpage);
>> /*
>> * no-bootscrub -> Free pages are not zeroed during boot.
>> */
>> -static bool_t
Calling vmfail_valid() is correct only if vvmcx is valid. Modify
functions to use vmfail() instead which performs the necessary check.
Signed-off-by: Sergey Dyasli
---
xen/arch/x86/hvm/vmx/vvmx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c
only:
1. During the first nested vmentry
2. After L1 has changed an appropriate vmcs field
3. After nvmx_purge_vvmcs() was previously called
Signed-off-by: Sergey Dyasli
---
xen/arch/x86/hvm/vmx/vvmx.c | 104 +++-
1 file changed, 67 insertions(+), 37
And make nvmx_handle_vmclear() return the new errno in case the provided
address is the same as vmxon region address.
While at it, correct the return value for not-4KB-aligned case and for
invalid physaddr.
Signed-off-by: Sergey Dyasli
---
xen/arch/x86/hvm/vmx/vvmx.c| 23
These were found by running nested VMX tests from kvm-unit-tests.
Sergey Dyasli (6):
x86/vvmx: introduce vvmcx_valid()
x86/vvmx: correct vmfail() usage for vmptrld and vmclear
x86/vvmx: add VMX_INSN_VMPTRLD_WITH_VMXON_PTR errno
x86/vvmx: add VMX_INSN_VMCLEAR_WITH_VMXON_PTR errno
x86
The size of Xen's virtual vmcs region is 4096 bytes. Correctly report
it to the guest in case when VMCS shadowing is not available instead of
providing H/W value (which is usually smaller).
Signed-off-by: Sergey Dyasli
---
xen/arch/x86/hvm/vmx/vvmx.c | 8
1 file changed, 8 insertions
And make nvmx_handle_vmptrld() return the new errno in case the provided
address is the same as vmxon region address.
While at it, correct the return value for not-4KB-aligned case.
Signed-off-by: Sergey Dyasli
---
xen/arch/x86/hvm/vmx/vvmx.c| 10 --
xen/include/asm-x86/hvm/vmx
As a convenient helper function and refactor the code to use it.
No functional change.
Signed-off-by: Sergey Dyasli
---
xen/arch/x86/hvm/vmx/vvmx.c | 17 -
xen/include/asm-x86/hvm/nestedhvm.h | 5 +
2 files changed, 13 insertions(+), 9 deletions(-)
diff --git
scrubbing during allocation (unless MEMF_no_scrub was provided).
Use the new 'idle' option as the default one.
Signed-off-by: Sergey Dyasli
---
v1 --> v2:
- dropped comment about performance
- changed default to 'idle'
- changed type of opt_bootscrub to enum
- restored __initdata for opt_bootsc
that the allocator will return scrubbed pages by doing
eager scrubbing during allocation (unless MEMF_no_scrub was provided).
Signed-off-by: Sergey Dyasli
---
CC: Andrew Cooper
CC: Boris Ostrovsky
CC: George Dunlap
CC: Jan Beulich
CC: Julien Grall
CC: Tim Deegan
---
docs/misc/xen-command-line.markdown
On 01/10/18 12:13, Jan Beulich wrote:
On 01.10.18 at 11:58, wrote:
>> Having the allocator return unscrubbed pages is a potential security
>> concern: some domain can be given pages with memory contents of another
>> domain. This may happen, for example, if a domain voluntarily releases
>>
On Mon, 2018-10-01 at 14:54 +0100, George Dunlap wrote:
> On 10/01/2018 02:44 PM, Sergey Dyasli wrote:
> > On Mon, 2018-10-01 at 07:38 -0600, Jan Beulich wrote:
> > > > > > On 01.10.18 at 15:12, wrote:
> > > >
> > > > On 01/10/18 12:13, Jan
On Mon, 2018-10-01 at 07:38 -0600, Jan Beulich wrote:
> > > > On 01.10.18 at 15:12, wrote:
> >
> > On 01/10/18 12:13, Jan Beulich wrote:
> > > > > > On 01.10.18 at 11:58, wrote:
> > > >
> > > > Having the allocator return unscrubbed pages is a potential security
> > > > concern: some domain
On Mon, 2018-10-01 at 07:38 -0600, Jan Beulich wrote:
> > > > On 01.10.18 at 15:12, wrote:
> >
> > On 01/10/18 12:13, Jan Beulich wrote:
> > > > > > On 01.10.18 at 11:58, wrote:
> > > >
> > > > Having the allocator return unscrubbed pages is a potential security
> > > > concern: some domain
to return scrubbed
pages to a caller unless MEMF_no_scrub flag was provided.
Signed-off-by: Sergey Dyasli
---
CC: Andrew Cooper
CC: Boris Ostrovsky
CC: George Dunlap
CC: Jan Beulich
CC: Julien Grall
CC: Tim Deegan
---
docs/misc/xen-command-line.markdown | 3 ++-
xen/common/page_alloc.c
On Wed, 2018-09-12 at 11:23 +0100, Andrew Cooper wrote:
> On 12/09/18 10:46, Sergey Dyasli wrote:
> > On Wed, 2018-09-12 at 10:12 +0100, Andrew Cooper wrote:
> > > On 12/09/18 09:29, Sergey Dyasli wrote:
> > > > On Tue, 2018-09-11 at 19:56 +0100, Andrew Coope
eviewed-by: Kevin Tian
> Reviewed-by: Paul Durrant
> ---
> CC: Jan Beulich
> CC: Wei Liu
> CC: Roger Pau Monné
> CC: Sergey Dyasli
>
> v3:
> * Split out of previous series. Retain appropriate R-by's
> v4:
> * Retain switch() for interpretin
On Wed, 2018-09-12 at 10:12 +0100, Andrew Cooper wrote:
> On 12/09/18 09:29, Sergey Dyasli wrote:
> > On Tue, 2018-09-11 at 19:56 +0100, Andrew Cooper wrote:
> > > Rename them to guest_{rd,wr}msr_xen() for consistency, and because the
> > > _regs
> >
86EMUL_* return values.
>
> Signed-off-by: Andrew Cooper
> ---
> CC: Jan Beulich
> CC: Wei Liu
> CC: Roger Pau Monné
> CC: Sergey Dyasli
>
> v3:
> * Clean up after splitting the series.
> ---
> xen/arch/x86/msr.c
ed-off-by: Andrew Cooper
> Reviewed-by: Paul Durrant
> ---
> CC: Jan Beulich
> CC: Wei Liu
> CC: Roger Pau Monné
> CC: Sergey Dyasli
>
> v3:
> * Clean up after splitting the series. Retain appropriate R-by's
> ---
> xen/arch/x86/hvm/viridian.c
On Mon, 2018-08-13 at 02:54 -0600, Jan Beulich wrote:
> > > > On 13.08.18 at 09:46, wrote:
> >
> > proposed topics so far:
> > * 4.10+ changes to Xen's memory scrubbing: discussion of the changes
> > that made to it in recent versions of Xen (4.10+) - Christopher
> > * Project
he block is scrubbed.
> > >
> > > Add the missing piece of logic and slightly update the comment for
> > > the predecessor case to better capture the code's intent.
> > >
> > > Fixes 1a37f33ea613 ("mm: Place unscrubbed pages at the end of pagelist")
&
tent.
Fixes 1a37f33ea613 ("mm: Place unscrubbed pages at the end of pagelist")
Signed-off-by: Sergey Dyasli
---
CC: Andrew Cooper
CC: George Dunlap
CC: Jan Beulich
CC: Julien Grall
CC: Wei Liu
CC: Boris Ostrovsky
---
xen/common/page_alloc.c | 8 +++-
1 file changed, 7 in
On Tue, 2018-07-03 at 21:55 +0100, Andrew Cooper wrote:
> From: Sergey Dyasli
>
> This finally (after literally years of work!) marks the point where the
> toolstack can ask the hypervisor for the current CPUID configuration of a
> specific domain.
>
> Also extend xen-
ield to move
> the cpuid_faulting field to its appropriate position.
>
> Signed-off-by: Andrew Cooper
> ---
>
Reviewed-by: Sergey Dyasli
--
Thanks,
Sergey
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
> /* 0x0140 MSR_INTEL_MISC_FEATURES_ENABLES */
> struct {
> -bool available; /* This MSR is non-architectural */
> bool cpuid_faulting;
> } misc_features_enables;
> };
Could you add comments saying that those 2 MSRs are always available
for all gu
Commit 62b1879693e0 ("x86: further CPUID handling adjustments") added
FEATURESET_7d0 reporting but forgot to update calculate_raw_featureset()
function. As result, the value reported by xen-cpuid contains 0.
Fix that by properly filling raw_featureset[FEATURESET_7d0].
Signed-off-
boot
"xpti=dom0=0"
> parameter will achieve that.
>
> Move the xpti boot parameter handling to xen/arch/x86/pv/domain.c as
> it is pv-domain specific.
>
> Signed-off-by: Juergen Gross <jgr...@suse.com>
> Reviewed-by: Jan Beulich <jbeul...@suse.com>
>
Hi Juergen,
2 small requests from me below.
On Wed, 2018-04-18 at 10:30 +0200, Juergen Gross wrote:
> Instead of switching XPTI globally on or off add a per-domain flag for
> that purpose. This allows to modify the xpti boot parameter to support
> running dom0 without Meltdown mitigations. Using
-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
---
v5 --> v6:
- Moved VMX MSRs case to the read-only block in guest_wrmsr()
- Added Reviewed-by
---
xen/arch/x86/hvm/vmx/vmx.c | 6 --
xen/arch/x86/hvm/vmx/vvmx
by guest_rd/wrmsr().
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
v5 --> v6:
- Replaced !cpu_has_vmx check with !hvm_max_cpuid_policy.basic.vmx
- Added a TODO reminder
- Added brackets around bit or expressions
---
xen/arch/x86/ms
ue_ctls blocks.
Add calculate_raw_vmx_policy() which fills Raw policy with H/W values
of VMX MSRs. Host policy will contain a copy of these values (for now).
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
v5 --> v6:
- Removed "_bits" and "_based" from union names
- Removed &qu
changes availability of
VMX MSRs based on domain's nested virt settings. If it's enabled, then
the domain receives a copy of HVM_max vmx policy with allowed CR4 bits
adjusted by CPUID policy.
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@c
With the new cpuid infrastructure there is a domain-wide struct cpuid
policy and there is no need to pass a separate struct vcpu * into
hvm_cr4_guest_valid_bits() anymore. Make the function accept struct
domain * instead and update callers.
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.
3,4 and 5
- Other changes are provided on per-patch basis
Sergey Dyasli (5):
x86/msr: add VMX MSRs definitions and populate Raw domain policy
x86/msr: add VMX MSRs into HVM_max domain policy
x86/cpuid: update signature of hvm_cr4_guest_valid_bits()
x86/msr: update domain policy on CPUID pol
On Wed, 2018-03-21 at 20:46 +, Andrew Cooper wrote:
> On 28/02/2018 16:09, Sergey Dyasli wrote:
> > +
> > +dp->vmx.pinbased_ctls.allowed_0.raw = VMX_PINBASED_CTLS_DEFAULT1;
> > +dp->vmx.pinbased_ctls.allowed_1.raw = VMX_PINBASED_CTLS_D
On Wed, 2018-03-21 at 19:52 +, Andrew Cooper wrote:
> On 28/02/18 16:09, Sergey Dyasli wrote:
> >
> > +struct {
> > +/* 0x0480 MSR_IA32_VMX_BASIC */
> > +union {
> > +uint64_t
. Remove them.
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
Compile tested with aarch64 compiler.
---
xen/drivers/char/console.c | 12 ++--
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index 1210
a <jun.nakaj...@intel.com>
> Cc: Kevin Tian <kevin.t...@intel.com>
> Cc: Jan Beulich <jbeul...@suse.com>
> Cc: Andrew Cooper <andrew.coop...@citrix.com>
> Cc: Sergey Dyasli <sergey.dya...@citrix.com>
> ---
> I've manually tested and AFAICT this fixes the os
On Thu, 2018-03-01 at 16:19 +, Roger Pau Monne wrote:
> Commit 406817 doesn't update nested VMX code in order to take into
> account L1 CR4 host mask when nested guest (L2) writes to CR4, and
> thus the mask written to CR4_GUEST_HOST_MASK is likely not as
> restrictive as it should be.
>
>
ue_ctls blocks.
Add calculate_raw_vmx_policy() which fills Raw policy with H/W values
of VMX MSRs. Host policy will contain a copy of these values (for now).
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
v4 --> v5:
- Clarified the reason for splitting MSRs into 5 blocks
- Added raw field into
-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
v4 --> v5:
- New msr availability helpers are used
---
xen/arch/x86/hvm/vmx/vmx.c | 6 --
xen/arch/x86/hvm/vmx/vvmx.c| 178 -
xen/arch/x86/msr.c | 35
xen/in
With the new cpuid infrastructure there is a domain-wide struct cpuid
policy and there is no need to pass a separate struct vcpu * into
hvm_cr4_guest_valid_bits() anymore. Make the function accept struct
domain * instead and update callers.
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.
() which changes availability of
VMX MSRs based on domain's nested virt settings. If it's enabled, then
the domain receives a copy of HVM_max vmx policy with allowed CR4 bits
adjusted by CPUID policy.
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
v4 --> v5:
- Removed _do
by guest_rd/wrmsr().
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
v4 --> v5:
- Macros are removed and now supported bitmask is used to derive policy
- Added vmx_clear_policy() helper
---
xen/arch/x86/msr.c | 134 +
1 file cha
separately
- Combined the next 2 patches into 1
Sergey Dyasli (5):
x86/msr: add VMX MSRs definitions and populate Raw domain policy
x86/msr: add VMX MSRs into HVM_max domain policy
x86/cpuid: update signature of hvm_cr4_guest_valid_bits()
x86/msr: update domain policy on CPUID policy chan
on X86_FEATURE_CPUID_FAULTING.
Finally, derive HVM/PV max domain policies from the Host policy.
Signed-off-by: Sergey Dyasli <sergey.dya...@citrix.com>
---
v2:
- Moved *dp into a narrower scope in probe_cpuid_faulting()
- Changes to how Host/pv/hvm domain policies are calculated
---
xen/arch/x
On Fri, 2018-02-16 at 11:38 +, Andrew Cooper wrote:
> On 16/02/18 11:31, Sergey Dyasli wrote:
> > On Fri, 2018-02-16 at 04:06 -0700, Jan Beulich wrote:
> > > > > > On 16.02.18 at 11:33, <sergey.dya...@citrix.com> wrote:
> > > >
> > >
On Fri, 2018-02-16 at 04:06 -0700, Jan Beulich wrote:
> > > > On 16.02.18 at 11:33, wrote:
> >
> > On Thu, 2018-02-15 at 06:33 -0700, Jan Beulich wrote:
> > > > > > On 08.02.18 at 11:23, wrote:
> > > >
> > > > uint64_t val;
> > > > +
On Thu, 2018-02-15 at 06:33 -0700, Jan Beulich wrote:
> > > > On 08.02.18 at 11:23, wrote:
> >
> > --- a/xen/arch/x86/cpu/common.c
> > +++ b/xen/arch/x86/cpu/common.c
> > @@ -118,9 +118,18 @@ void (* __read_mostly ctxt_switch_masking)(const
> > struct vcpu *next);
> >
On Thu, 2018-02-08 at 11:21 +, Roger Pau Monné wrote:
> On Thu, Feb 08, 2018 at 10:23:21AM +0000, Sergey Dyasli wrote:
> > +static void __init calculate_host_policy(void)
> > +{
> > +struct msr_domain_policy *dp = _msr_domain_policy;
> > +
> >
Raw policy contains the actual values from H/W MSRs. Add PLATFORM_INFO
msr to the policy during probe_cpuid_faulting().
Host policy might have certain features disabled if Xen decides not
to use them. For now, make Host policy equal to Raw policy.
Signed-off-by: Sergey Dyasli <sergey.
On Tue, 2018-01-09 at 09:28 -0700, Jan Beulich wrote:
> > > > On 09.01.18 at 16:43, wrote:
> >
> > On Tue, 2018-01-09 at 02:13 -0700, Jan Beulich wrote:
> > > > > > On 04.01.18 at 14:06, wrote:
> > > >
> > > > +size_t consoled_guest_rx(void)
> > >
On Tue, 2018-01-09 at 02:13 -0700, Jan Beulich wrote:
> > > > On 04.01.18 at 14:06, wrote:
> > +size_t consoled_guest_rx(void)
> > +{
> > +size_t recv = 0, idx = 0;
> > +XENCONS_RING_IDX cons, prod;
> > +
> > +if ( !cons_ring )
> > +return 0;
> > +
> > +
201 - 259 of 259 matches
Mail list logo