On 04/12/2018 10:25, Xin Li wrote:
> From: Talons Lee <xin...@citrix.com>
>
> Commit e657fcc clears cpu capability bit instead of using fake cpuid
> value, the EXID should always be off for PV guest without depending
EXTD
> on cpuid value. So remove the cpuid check in xen_read_msr_safe() to
> always clear the X2APIC_ENABLE bit.
>
> Signed-off-by: Talons Lee <xin...@citrix.com>
>
> ---
> CC: Igor Druzhinin <igor.druzhi...@citrix.com>
> CC: Sergey Dyasli <sergey.dya...@citrix.com>
> CC: Andrew Cooper <andrew.coop...@citrix.com>
> CC: Juergen Gross <jgr...@suse.com>
>
> v2:
> don't use fake cpuid to cheat xen_read_msr_safe(), just always clear
> the EXIT bit.
> ---
> arch/x86/xen/enlighten_pv.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
> index 4b20082..6ad312d 100644
> --- a/arch/x86/xen/enlighten_pv.c
> +++ b/arch/x86/xen/enlighten_pv.c
> @@ -900,9 +900,6 @@ static u64 xen_read_msr_safe(unsigned int msr, int *err)
> val = native_read_msr_safe(msr, err);
> switch (msr) {
> case MSR_IA32_APICBASE:
> -#ifdef CONFIG_X86_X2APIC
> - if (!(cpuid_ecx(1) & (1 << (X86_FEATURE_X2APIC & 31))))
> -#endif
> val &= ~X2APIC_ENABLE;
While this probably does bodge the issue for now, I can't help but think
its going to cause problems for larger PV guests.
The problem isn't the visibility (or not) of x2APIC per say - it's that
Linux goes and tries to use the APIC. Ideally, PV guests should never
have been able to see the APIC at all, and should be safe in the
knowledge that, because its virtualised, it has sane capabilities.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
