b94eda4466
5347b524-evtchn-eliminate-64k-ports-limitation.patch 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch 53b56de1-properly-reference-count-DOMCTL_-un-pausedomain-hypercalls.patch 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch - bnc#886801 - xl vncviewer: The first domu can be accessed by any id 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch - Upstream pygrub bug fix 5370e03b-pygrub-fix-error-handling-if-no-valid-partitions-are-found.patch - Fix pygrub to handle old 32 bit VMs pygrub-boot-legacy-sles.patch (Mike Latimer) - Remove xen-vmresync utility. It is an old Platespin Orchestrate utility that should have never been included in the Xen package. Updated xen.spec - Rework xen-destroy utility included in xen-utils bnc#885292 and bnc#886063 Updated xen-utils-0.1.tar.bz2 - bnc#886063 - Xen monitor fails (xl list --long output different from xm list --long output) - bnc#885292 - VirtualDomain: pid_status does not know how to check status on SLE12 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=322
166 lines
6.5 KiB
Diff
166 lines
6.5 KiB
Diff
# Commit dab11417da4e21f43625f4ebbb68158f07003d04
|
|
# Date 2014-06-25 14:40:34 +0200
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
x86/HVM: consolidate and sanitize CR4 guest reserved bit determination
|
|
|
|
First of all, this is needed by just a single source file, so it gets
|
|
moved there instead of getting fed to the compiler for most other
|
|
source files too. With that it becomes sensible for this to no longer
|
|
be a macro, allowing elimination of the mostly redundant helpers
|
|
hvm_vcpu_has_{smep,smap}(). And finally, following the model SMEP and
|
|
SMAP already used, tie the determination of reserved bits to the
|
|
features the guest is shown rather than the host's.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
|
|
--- a/xen/arch/x86/hvm/hvm.c
|
|
+++ b/xen/arch/x86/hvm/hvm.c
|
|
@@ -828,6 +828,73 @@ static bool_t hvm_efer_valid(struct doma
|
|
((value & (EFER_LME|EFER_LMA)) == EFER_LMA));
|
|
}
|
|
|
|
+/* These reserved bits in lower 32 remain 0 after any load of CR0 */
|
|
+#define HVM_CR0_GUEST_RESERVED_BITS \
|
|
+ (~((unsigned long) \
|
|
+ (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | \
|
|
+ X86_CR0_TS | X86_CR0_ET | X86_CR0_NE | \
|
|
+ X86_CR0_WP | X86_CR0_AM | X86_CR0_NW | \
|
|
+ X86_CR0_CD | X86_CR0_PG)))
|
|
+
|
|
+/* These bits in CR4 cannot be set by the guest. */
|
|
+static unsigned long hvm_cr4_guest_reserved_bits(const struct vcpu *v,
|
|
+ bool_t restore)
|
|
+{
|
|
+ unsigned int leaf1_ecx = 0, leaf1_edx = 0;
|
|
+ unsigned int leaf7_0_ebx = 0, leaf7_0_ecx = 0;
|
|
+
|
|
+ if ( likely(!restore) )
|
|
+ {
|
|
+ unsigned int level;
|
|
+
|
|
+ ASSERT(v == current);
|
|
+ hvm_cpuid(0, &level, NULL, NULL, NULL);
|
|
+ if ( level >= 1 )
|
|
+ hvm_cpuid(1, NULL, NULL, &leaf1_ecx, &leaf1_edx);
|
|
+ if ( level >= 7 )
|
|
+ hvm_cpuid(7, NULL, &leaf7_0_ebx, &leaf7_0_ecx, NULL);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ leaf1_edx = boot_cpu_data.x86_capability[X86_FEATURE_VME / 32];
|
|
+ leaf1_ecx = boot_cpu_data.x86_capability[X86_FEATURE_PCID / 32];
|
|
+ leaf7_0_ebx = boot_cpu_data.x86_capability[X86_FEATURE_FSGSBASE / 32];
|
|
+ }
|
|
+
|
|
+ return ~(unsigned long)
|
|
+ ((leaf1_edx & cpufeat_mask(X86_FEATURE_VME) ?
|
|
+ X86_CR4_VME | X86_CR4_PVI : 0) |
|
|
+ (leaf1_edx & cpufeat_mask(X86_FEATURE_TSC) ?
|
|
+ X86_CR4_TSD : 0) |
|
|
+ (leaf1_edx & cpufeat_mask(X86_FEATURE_DE) ?
|
|
+ X86_CR4_DE : 0) |
|
|
+ (leaf1_edx & cpufeat_mask(X86_FEATURE_PSE) ?
|
|
+ X86_CR4_PSE : 0) |
|
|
+ (leaf1_edx & cpufeat_mask(X86_FEATURE_PAE) ?
|
|
+ X86_CR4_PAE : 0) |
|
|
+ (leaf1_edx & (cpufeat_mask(X86_FEATURE_MCE) |
|
|
+ cpufeat_mask(X86_FEATURE_MCA)) ?
|
|
+ X86_CR4_MCE : 0) |
|
|
+ (leaf1_edx & cpufeat_mask(X86_FEATURE_PGE) ?
|
|
+ X86_CR4_PGE : 0) |
|
|
+ X86_CR4_PCE |
|
|
+ (leaf1_edx & cpufeat_mask(X86_FEATURE_FXSR) ?
|
|
+ X86_CR4_OSFXSR : 0) |
|
|
+ (leaf1_edx & cpufeat_mask(X86_FEATURE_XMM) ?
|
|
+ X86_CR4_OSXMMEXCPT : 0) |
|
|
+ ((restore || nestedhvm_enabled(v->domain)) &&
|
|
+ (leaf1_ecx & cpufeat_mask(X86_FEATURE_VMXE)) ?
|
|
+ X86_CR4_VMXE : 0) |
|
|
+ (leaf7_0_ebx & cpufeat_mask(X86_FEATURE_FSGSBASE) ?
|
|
+ X86_CR4_FSGSBASE : 0) |
|
|
+ (leaf1_ecx & cpufeat_mask(X86_FEATURE_PCID) ?
|
|
+ X86_CR4_PCIDE : 0) |
|
|
+ (leaf1_ecx & cpufeat_mask(X86_FEATURE_XSAVE) ?
|
|
+ X86_CR4_OSXSAVE : 0) |
|
|
+ (leaf7_0_ebx & cpufeat_mask(X86_FEATURE_SMEP) ?
|
|
+ X86_CR4_SMEP : 0));
|
|
+}
|
|
+
|
|
static int hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h)
|
|
{
|
|
int vcpuid;
|
|
@@ -858,7 +925,7 @@ static int hvm_load_cpu_ctxt(struct doma
|
|
return -EINVAL;
|
|
}
|
|
|
|
- if ( ctxt.cr4 & HVM_CR4_GUEST_RESERVED_BITS(v, 1) )
|
|
+ if ( ctxt.cr4 & hvm_cr4_guest_reserved_bits(v, 1) )
|
|
{
|
|
printk(XENLOG_G_ERR "HVM%d restore: bad CR4 %#" PRIx64 "\n",
|
|
d->domain_id, ctxt.cr4);
|
|
@@ -1977,7 +2044,7 @@ int hvm_set_cr4(unsigned long value)
|
|
struct vcpu *v = current;
|
|
unsigned long old_cr;
|
|
|
|
- if ( value & HVM_CR4_GUEST_RESERVED_BITS(v, 0) )
|
|
+ if ( value & hvm_cr4_guest_reserved_bits(v, 0) )
|
|
{
|
|
HVM_DBG_LOG(DBG_LEVEL_1,
|
|
"Guest attempts to set reserved bit in CR4: %lx",
|
|
--- a/xen/include/asm-x86/hvm/hvm.h
|
|
+++ b/xen/include/asm-x86/hvm/hvm.h
|
|
@@ -347,51 +347,10 @@ static inline int hvm_event_pending(stru
|
|
return hvm_funcs.event_pending(v);
|
|
}
|
|
|
|
-static inline bool_t hvm_vcpu_has_smep(void)
|
|
-{
|
|
- unsigned int eax, ebx;
|
|
-
|
|
- hvm_cpuid(0, &eax, NULL, NULL, NULL);
|
|
-
|
|
- if ( eax < 7 )
|
|
- return 0;
|
|
-
|
|
- hvm_cpuid(7, NULL, &ebx, NULL, NULL);
|
|
- return !!(ebx & cpufeat_mask(X86_FEATURE_SMEP));
|
|
-}
|
|
-
|
|
-/* These reserved bits in lower 32 remain 0 after any load of CR0 */
|
|
-#define HVM_CR0_GUEST_RESERVED_BITS \
|
|
- (~((unsigned long) \
|
|
- (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | \
|
|
- X86_CR0_TS | X86_CR0_ET | X86_CR0_NE | \
|
|
- X86_CR0_WP | X86_CR0_AM | X86_CR0_NW | \
|
|
- X86_CR0_CD | X86_CR0_PG)))
|
|
-
|
|
/* These bits in CR4 are owned by the host. */
|
|
#define HVM_CR4_HOST_MASK (mmu_cr4_features & \
|
|
(X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE))
|
|
|
|
-/* These bits in CR4 cannot be set by the guest. */
|
|
-#define HVM_CR4_GUEST_RESERVED_BITS(v, restore) ({ \
|
|
- const struct vcpu *_v = (v); \
|
|
- bool_t _restore = !!(restore); \
|
|
- ASSERT((_restore) || _v == current); \
|
|
- (~((unsigned long) \
|
|
- (X86_CR4_VME | X86_CR4_PVI | X86_CR4_TSD | \
|
|
- X86_CR4_DE | X86_CR4_PSE | X86_CR4_PAE | \
|
|
- X86_CR4_MCE | X86_CR4_PGE | X86_CR4_PCE | \
|
|
- X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT | \
|
|
- (((_restore) ? cpu_has_smep : \
|
|
- hvm_vcpu_has_smep()) ? \
|
|
- X86_CR4_SMEP : 0) | \
|
|
- (cpu_has_fsgsbase ? X86_CR4_FSGSBASE : 0) | \
|
|
- ((nestedhvm_enabled(_v->domain) && cpu_has_vmx) \
|
|
- ? X86_CR4_VMXE : 0) | \
|
|
- (cpu_has_pcid ? X86_CR4_PCIDE : 0) | \
|
|
- (cpu_has_xsave ? X86_CR4_OSXSAVE : 0)))); \
|
|
-})
|
|
-
|
|
/* These exceptions must always be intercepted. */
|
|
#define HVM_TRAP_MASK ((1U << TRAP_machine_check) | (1U << TRAP_invalid_op))
|
|
|