Introduce a helper to obtain a compatible cpu policy based on two
input cpu policies. Currently this is done by and'ing all CPUID
feature leaves and MSR entries, except for MSR_ARCH_CAPABILITIES which
has the RSBA bit or'ed.
The _AC macro is pulled from libxl_internal.h into xen-tools/libs.h
since it's required in order to use the msr-index.h header.
Note there's no need to place this helper in libx86, since the
calculation of a compatible policy shouldn't be done from the
hypervisor.
No callers of the interface introduced.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Changes since v2:
- Add some comments.
- Remove stray double semicolon.
- AND all 0x7 subleaves (except 0.EAX).
- Explicitly handle MSR indexes in a switch statement.
- Error out when an unhandled MSR is found.
- Add handling of leaf 0x80000021.
Changes since v1:
- Only AND the feature parts of cpuid.
- Use a binary search to find the matching leaves and msr entries.
- Remove default case from MSR level function.
---
tools/include/xen-tools/libs.h | 5 ++
tools/include/xenctrl.h | 4 +
tools/libs/guest/xg_cpuid_x86.c | 137 ++++++++++++++++++++++++++++++
tools/libs/light/libxl_internal.h | 2 -
4 files changed, 146 insertions(+), 2 deletions(-)
diff --git a/tools/include/xen-tools/libs.h b/tools/include/xen-tools/libs.h
index a16e0c38070..b9e89f9a711 100644
--- a/tools/include/xen-tools/libs.h
+++ b/tools/include/xen-tools/libs.h
@@ -63,4 +63,9 @@
#define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1))
#endif
+#ifndef _AC
+#define __AC(X,Y) (X##Y)
+#define _AC(X,Y) __AC(X,Y)
+#endif
+
#endif /* __XEN_TOOLS_LIBS__ */
diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
index 5f699c09509..c41d794683c 100644
--- a/tools/include/xenctrl.h
+++ b/tools/include/xenctrl.h
@@ -2622,6 +2622,10 @@ int xc_cpu_policy_update_msrs(xc_interface *xch, xc_cpu_policy_t policy,
/* Compatibility calculations. */
bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host,
const xc_cpu_policy_t guest);
+int xc_cpu_policy_calc_compatible(xc_interface *xch,
+ const xc_cpu_policy_t p1,
+ const xc_cpu_policy_t p2,
+ xc_cpu_policy_t out);
int xc_get_cpu_levelling_caps(xc_interface *xch, uint32_t *caps);
int xc_get_cpu_featureset(xc_interface *xch, uint32_t index,
diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c
index 6b8bae00334..be2056469aa 100644
--- a/tools/libs/guest/xg_cpuid_x86.c
+++ b/tools/libs/guest/xg_cpuid_x86.c
@@ -32,6 +32,7 @@ enum {
#include <xen/arch-x86/cpufeatureset.h>
};
+#include <xen/asm/msr-index.h>
#include <xen/asm/x86-vendors.h>
#include <xen/lib/x86/cpu-policy.h>
@@ -949,3 +950,139 @@ bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host,
return false;
}
+
+static bool level_msr(const xen_msr_entry_t *e1, const xen_msr_entry_t *e2,
+ xen_msr_entry_t *out)
+{
+ *out = (xen_msr_entry_t){ .idx = e1->idx };
+
+ switch ( e1->idx )
+ {
+ case MSR_INTEL_PLATFORM_INFO:
+ out->val = e1->val & e2->val;
+ return true;
+
+ case MSR_ARCH_CAPABILITIES:
+ out->val = e1->val & e2->val;
+ /*
+ * Set RSBA if present on any of the input values to notice the guest
+ * might run on vulnerable hardware at some point.
+ */
+ out->val |= (e1->val | e2->val) & ARCH_CAPS_RSBA;
+ return true;
+ }
+
+ return false;
+}
+
+/* Only level featuresets so far. */
+static bool level_leaf(const xen_cpuid_leaf_t *l1, const xen_cpuid_leaf_t *l2,
+ xen_cpuid_leaf_t *out)
+{
+ *out = (xen_cpuid_leaf_t){
+ .leaf = l1->leaf,
+ .subleaf = l2->subleaf,
+ };
+
+ switch ( l1->leaf )
+ {
+ case 0x1:
+ case 0x80000001:
+ out->c = l1->c & l2->c;
+ out->d = l1->d & l2->d;
+ return true;
+
+ case 0xd:
+ if ( l1->subleaf != 1 )
+ break;
+ /*
+ * Only take Da1 into account, the rest of subleaves will be dropped
+ * and recalculated by recalculate_xstate.
+ */
+ out->a = l1->a & l2->a;
+ return true;
+
+ case 0x7:
+ if ( l1->subleaf )
+ /* subleaf 0 EAX contains the max subleaf count. */
+ out->a = l1->a & l2->a;
+ out->b = l1->b & l2->b;
+ out->c = l1->c & l2->c;
+ out->d = l1->d & l2->d;
+ return true;
+
+ case 0x80000007:
+ out->d = l1->d & l2->d;
+ return true;
+
+ case 0x80000008:
+ out->b = l1->b & l2->b;
+ return true;
+
+ case 0x80000021:
+ out->a = l1->a & l2->a;
+ return true;
+ }
+
+ return false;
+}
+
+int xc_cpu_policy_calc_compatible(xc_interface *xch,
+ const xc_cpu_policy_t p1,
+ const xc_cpu_policy_t p2,
+ xc_cpu_policy_t out)
+{
+ unsigned int nr_leaves, nr_msrs, i, index;
+ unsigned int p1_nr_leaves, p2_nr_leaves;
+ unsigned int p1_nr_entries, p2_nr_entries;
+ int rc;
+
+ p1_nr_leaves = p2_nr_leaves = ARRAY_SIZE(p1->leaves);
+ p1_nr_entries = p2_nr_entries = ARRAY_SIZE(p1->entries);
+
+ rc = xc_cpu_policy_serialise(xch, p1, p1->leaves, &p1_nr_leaves,
+ p1->entries, &p1_nr_entries);
+ if ( rc )
+ return rc;
+ rc = xc_cpu_policy_serialise(xch, p2, p2->leaves, &p2_nr_leaves,
+ p2->entries, &p2_nr_entries);
+ if ( rc )
+ return rc;
+
+ index = 0;
+ for ( i = 0; i < p1_nr_leaves; i++ )
+ {
+ xen_cpuid_leaf_t *l1 = &p1->leaves[i];
+ xen_cpuid_leaf_t *l2 = find_leaf(p2->leaves, p2_nr_leaves,
+ l1->leaf, l1->subleaf);
+
+ if ( l2 && level_leaf(l1, l2, &out->leaves[index]) )
+ index++;
+ }
+ nr_leaves = index;
+
+ index = 0;
+ for ( i = 0; i < p1_nr_entries; i++ )
+ {
+ xen_msr_entry_t *e1 = &p1->entries[i];
+ xen_msr_entry_t *e2 = find_entry(p2->entries, p2_nr_entries, e1->idx);
+
+ if ( !e2 )
+ continue;
+ if ( !level_msr(e1, e2, &out->entries[index++]) )
+ {
+ ERROR("Unable to level MSR index %#x", e1->idx);
+ return -EINVAL;
+ }
+ }
+ nr_msrs = index;
+
+ rc = deserialize_policy(xch, out, nr_leaves, nr_msrs);
+ if ( rc )
+ {
+ errno = -rc;
+ rc = -1;
+ }
+
+ return rc;
+}
diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h
index 44a2f3c8fe3..5709bcb93fa 100644
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -126,8 +126,6 @@
#define PVSHIM_CMDLINE "pv-shim console=xen,pv"
/* Size macros. */
-#define __AC(X,Y) (X##Y)
-#define _AC(X,Y) __AC(X,Y)
#define MB(_mb) (_AC(_mb, ULL) << 20)
#define GB(_gb) (_AC(_gb, ULL) << 30)
--
2.31.1
On 30.04.2021 17:52, Roger Pau Monne wrote:
> Introduce a helper to obtain a compatible cpu policy based on two
> input cpu policies. Currently this is done by and'ing all CPUID
> feature leaves and MSR entries, except for MSR_ARCH_CAPABILITIES which
> has the RSBA bit or'ed.
>
> The _AC macro is pulled from libxl_internal.h into xen-tools/libs.h
> since it's required in order to use the msr-index.h header.
>
> Note there's no need to place this helper in libx86, since the
> calculation of a compatible policy shouldn't be done from the
> hypervisor.
>
> No callers of the interface introduced.
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> ---
> Changes since v2:
> - Add some comments.
> - Remove stray double semicolon.
> - AND all 0x7 subleaves (except 0.EAX).
> - Explicitly handle MSR indexes in a switch statement.
> - Error out when an unhandled MSR is found.
> - Add handling of leaf 0x80000021.
>
> Changes since v1:
> - Only AND the feature parts of cpuid.
> - Use a binary search to find the matching leaves and msr entries.
> - Remove default case from MSR level function.
> ---
> tools/include/xen-tools/libs.h | 5 ++
> tools/include/xenctrl.h | 4 +
> tools/libs/guest/xg_cpuid_x86.c | 137 ++++++++++++++++++++++++++++++
> tools/libs/light/libxl_internal.h | 2 -
> 4 files changed, 146 insertions(+), 2 deletions(-)
>
> diff --git a/tools/include/xen-tools/libs.h b/tools/include/xen-tools/libs.h
> index a16e0c38070..b9e89f9a711 100644
> --- a/tools/include/xen-tools/libs.h
> +++ b/tools/include/xen-tools/libs.h
> @@ -63,4 +63,9 @@
> #define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1))
> #endif
>
> +#ifndef _AC
> +#define __AC(X,Y) (X##Y)
> +#define _AC(X,Y) __AC(X,Y)
> +#endif
> +
> #endif /* __XEN_TOOLS_LIBS__ */
> diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
> index 5f699c09509..c41d794683c 100644
> --- a/tools/include/xenctrl.h
> +++ b/tools/include/xenctrl.h
> @@ -2622,6 +2622,10 @@ int xc_cpu_policy_update_msrs(xc_interface *xch, xc_cpu_policy_t policy,
> /* Compatibility calculations. */
> bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host,
> const xc_cpu_policy_t guest);
> +int xc_cpu_policy_calc_compatible(xc_interface *xch,
> + const xc_cpu_policy_t p1,
> + const xc_cpu_policy_t p2,
> + xc_cpu_policy_t out);
>
> int xc_get_cpu_levelling_caps(xc_interface *xch, uint32_t *caps);
> int xc_get_cpu_featureset(xc_interface *xch, uint32_t index,
> diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c
> index 6b8bae00334..be2056469aa 100644
> --- a/tools/libs/guest/xg_cpuid_x86.c
> +++ b/tools/libs/guest/xg_cpuid_x86.c
> @@ -32,6 +32,7 @@ enum {
> #include <xen/arch-x86/cpufeatureset.h>
> };
>
> +#include <xen/asm/msr-index.h>
> #include <xen/asm/x86-vendors.h>
>
> #include <xen/lib/x86/cpu-policy.h>
> @@ -949,3 +950,139 @@ bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host,
>
> return false;
> }
> +
> +static bool level_msr(const xen_msr_entry_t *e1, const xen_msr_entry_t *e2,
> + xen_msr_entry_t *out)
> +{
> + *out = (xen_msr_entry_t){ .idx = e1->idx };
> +
> + switch ( e1->idx )
> + {
> + case MSR_INTEL_PLATFORM_INFO:
> + out->val = e1->val & e2->val;
> + return true;
> +
> + case MSR_ARCH_CAPABILITIES:
> + out->val = e1->val & e2->val;
> + /*
> + * Set RSBA if present on any of the input values to notice the guest
> + * might run on vulnerable hardware at some point.
> + */
> + out->val |= (e1->val | e2->val) & ARCH_CAPS_RSBA;
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/* Only level featuresets so far. */
I have to admit that I don't think I see all the implications from
this implementation restriction. All other leaves get dropped by
the caller, but it's not clear to me what this means wrt what the
guest is ultimately going to get to see.
> +static bool level_leaf(const xen_cpuid_leaf_t *l1, const xen_cpuid_leaf_t *l2,
> + xen_cpuid_leaf_t *out)
> +{
> + *out = (xen_cpuid_leaf_t){
> + .leaf = l1->leaf,
> + .subleaf = l2->subleaf,
Since ->leaf and ->subleaf ought to match anyway, I think it would
look less odd if both initializers were taken from consistent source.
> + };
> +
> + switch ( l1->leaf )
> + {
> + case 0x1:
> + case 0x80000001:
> + out->c = l1->c & l2->c;
> + out->d = l1->d & l2->d;
> + return true;
> +
> + case 0xd:
> + if ( l1->subleaf != 1 )
> + break;
> + /*
> + * Only take Da1 into account, the rest of subleaves will be dropped
> + * and recalculated by recalculate_xstate.
> + */
> + out->a = l1->a & l2->a;
> + return true;
> +
> + case 0x7:
> + if ( l1->subleaf )
> + /* subleaf 0 EAX contains the max subleaf count. */
> + out->a = l1->a & l2->a;
else
out->a = min(l1->a, l2->a);
? Or is the result from here then further passed to
x86_cpuid_policy_shrink_max_leaves() (not visible from this patch)?
(If not, the same would apply to all other multi-subleaf leaves.)
> + out->b = l1->b & l2->b;
> + out->c = l1->c & l2->c;
> + out->d = l1->d & l2->d;
> + return true;
> +
> + case 0x80000007:
> + out->d = l1->d & l2->d;
> + return true;
> +
> + case 0x80000008:
> + out->b = l1->b & l2->b;
> + return true;
> +
> + case 0x80000021:
> + out->a = l1->a & l2->a;
> + return true;
> + }
> +
> + return false;
> +}
> +
> +int xc_cpu_policy_calc_compatible(xc_interface *xch,
> + const xc_cpu_policy_t p1,
> + const xc_cpu_policy_t p2,
> + xc_cpu_policy_t out)
I have to admit that I find these two "const" misleading here. You
don't equally constify the other two parameters (which would e.g. be
xc_interface *const xch), and I don't think doing so is common
practice elsewhere. And what p1 and p2 point to is specifically non-
const (and cannot be const), due to ...
> +{
> + unsigned int nr_leaves, nr_msrs, i, index;
> + unsigned int p1_nr_leaves, p2_nr_leaves;
> + unsigned int p1_nr_entries, p2_nr_entries;
> + int rc;
> +
> + p1_nr_leaves = p2_nr_leaves = ARRAY_SIZE(p1->leaves);
> + p1_nr_entries = p2_nr_entries = ARRAY_SIZE(p1->entries);
> +
> + rc = xc_cpu_policy_serialise(xch, p1, p1->leaves, &p1_nr_leaves,
> + p1->entries, &p1_nr_entries);
> + if ( rc )
> + return rc;
> + rc = xc_cpu_policy_serialise(xch, p2, p2->leaves, &p2_nr_leaves,
> + p2->entries, &p2_nr_entries);
... these two calls.
Jan
On Mon, May 03, 2021 at 12:43:08PM +0200, Jan Beulich wrote:
> On 30.04.2021 17:52, Roger Pau Monne wrote:
> > Introduce a helper to obtain a compatible cpu policy based on two
> > input cpu policies. Currently this is done by and'ing all CPUID
> > feature leaves and MSR entries, except for MSR_ARCH_CAPABILITIES which
> > has the RSBA bit or'ed.
> >
> > The _AC macro is pulled from libxl_internal.h into xen-tools/libs.h
> > since it's required in order to use the msr-index.h header.
> >
> > Note there's no need to place this helper in libx86, since the
> > calculation of a compatible policy shouldn't be done from the
> > hypervisor.
> >
> > No callers of the interface introduced.
> >
> > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> > ---
> > Changes since v2:
> > - Add some comments.
> > - Remove stray double semicolon.
> > - AND all 0x7 subleaves (except 0.EAX).
> > - Explicitly handle MSR indexes in a switch statement.
> > - Error out when an unhandled MSR is found.
> > - Add handling of leaf 0x80000021.
> >
> > Changes since v1:
> > - Only AND the feature parts of cpuid.
> > - Use a binary search to find the matching leaves and msr entries.
> > - Remove default case from MSR level function.
> > ---
> > tools/include/xen-tools/libs.h | 5 ++
> > tools/include/xenctrl.h | 4 +
> > tools/libs/guest/xg_cpuid_x86.c | 137 ++++++++++++++++++++++++++++++
> > tools/libs/light/libxl_internal.h | 2 -
> > 4 files changed, 146 insertions(+), 2 deletions(-)
> >
> > diff --git a/tools/include/xen-tools/libs.h b/tools/include/xen-tools/libs.h
> > index a16e0c38070..b9e89f9a711 100644
> > --- a/tools/include/xen-tools/libs.h
> > +++ b/tools/include/xen-tools/libs.h
> > @@ -63,4 +63,9 @@
> > #define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1))
> > #endif
> >
> > +#ifndef _AC
> > +#define __AC(X,Y) (X##Y)
> > +#define _AC(X,Y) __AC(X,Y)
> > +#endif
> > +
> > #endif /* __XEN_TOOLS_LIBS__ */
> > diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
> > index 5f699c09509..c41d794683c 100644
> > --- a/tools/include/xenctrl.h
> > +++ b/tools/include/xenctrl.h
> > @@ -2622,6 +2622,10 @@ int xc_cpu_policy_update_msrs(xc_interface *xch, xc_cpu_policy_t policy,
> > /* Compatibility calculations. */
> > bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host,
> > const xc_cpu_policy_t guest);
> > +int xc_cpu_policy_calc_compatible(xc_interface *xch,
> > + const xc_cpu_policy_t p1,
> > + const xc_cpu_policy_t p2,
> > + xc_cpu_policy_t out);
> >
> > int xc_get_cpu_levelling_caps(xc_interface *xch, uint32_t *caps);
> > int xc_get_cpu_featureset(xc_interface *xch, uint32_t index,
> > diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c
> > index 6b8bae00334..be2056469aa 100644
> > --- a/tools/libs/guest/xg_cpuid_x86.c
> > +++ b/tools/libs/guest/xg_cpuid_x86.c
> > @@ -32,6 +32,7 @@ enum {
> > #include <xen/arch-x86/cpufeatureset.h>
> > };
> >
> > +#include <xen/asm/msr-index.h>
> > #include <xen/asm/x86-vendors.h>
> >
> > #include <xen/lib/x86/cpu-policy.h>
> > @@ -949,3 +950,139 @@ bool xc_cpu_policy_is_compatible(xc_interface *xch, const xc_cpu_policy_t host,
> >
> > return false;
> > }
> > +
> > +static bool level_msr(const xen_msr_entry_t *e1, const xen_msr_entry_t *e2,
> > + xen_msr_entry_t *out)
> > +{
> > + *out = (xen_msr_entry_t){ .idx = e1->idx };
> > +
> > + switch ( e1->idx )
> > + {
> > + case MSR_INTEL_PLATFORM_INFO:
> > + out->val = e1->val & e2->val;
> > + return true;
> > +
> > + case MSR_ARCH_CAPABILITIES:
> > + out->val = e1->val & e2->val;
> > + /*
> > + * Set RSBA if present on any of the input values to notice the guest
> > + * might run on vulnerable hardware at some point.
> > + */
> > + out->val |= (e1->val | e2->val) & ARCH_CAPS_RSBA;
> > + return true;
> > + }
> > +
> > + return false;
> > +}
> > +
> > +/* Only level featuresets so far. */
>
> I have to admit that I don't think I see all the implications from
> this implementation restriction. All other leaves get dropped by
> the caller, but it's not clear to me what this means wrt what the
> guest is ultimately going to get to see.
This aims to be based on what XenServer does, which I was told is to
level the featuresets. I think the caller of the function will have to
fill the part of the policy that cannot be leveled. It's likely new
helpers will be added to do that as required.
One option would be to get the default policy for the guest and then
use xc_cpu_policy_update_cpuid to apply the leveled one.
> > +static bool level_leaf(const xen_cpuid_leaf_t *l1, const xen_cpuid_leaf_t *l2,
> > + xen_cpuid_leaf_t *out)
> > +{
> > + *out = (xen_cpuid_leaf_t){
> > + .leaf = l1->leaf,
> > + .subleaf = l2->subleaf,
>
> Since ->leaf and ->subleaf ought to match anyway, I think it would
> look less odd if both initializers were taken from consistent source.
Sure, my bad.
> > + };
> > +
> > + switch ( l1->leaf )
> > + {
> > + case 0x1:
> > + case 0x80000001:
> > + out->c = l1->c & l2->c;
> > + out->d = l1->d & l2->d;
> > + return true;
> > +
> > + case 0xd:
> > + if ( l1->subleaf != 1 )
> > + break;
> > + /*
> > + * Only take Da1 into account, the rest of subleaves will be dropped
> > + * and recalculated by recalculate_xstate.
> > + */
> > + out->a = l1->a & l2->a;
> > + return true;
> > +
> > + case 0x7:
> > + if ( l1->subleaf )
> > + /* subleaf 0 EAX contains the max subleaf count. */
> > + out->a = l1->a & l2->a;
>
> else
> out->a = min(l1->a, l2->a);
>
> ? Or is the result from here then further passed to
> x86_cpuid_policy_shrink_max_leaves() (not visible from this patch)?
> (If not, the same would apply to all other multi-subleaf leaves.)
Hm, might be worth to set all the max fields directly in
xc_cpu_policy_calc_compatible and also add a call to
x86_cpuid_policy_shrink_max_leaves after the leveling is done.
> > + out->b = l1->b & l2->b;
> > + out->c = l1->c & l2->c;
> > + out->d = l1->d & l2->d;
> > + return true;
> > +
> > + case 0x80000007:
> > + out->d = l1->d & l2->d;
> > + return true;
> > +
> > + case 0x80000008:
> > + out->b = l1->b & l2->b;
> > + return true;
> > +
> > + case 0x80000021:
> > + out->a = l1->a & l2->a;
> > + return true;
> > + }
> > +
> > + return false;
> > +}
> > +
> > +int xc_cpu_policy_calc_compatible(xc_interface *xch,
> > + const xc_cpu_policy_t p1,
> > + const xc_cpu_policy_t p2,
> > + xc_cpu_policy_t out)
>
> I have to admit that I find these two "const" misleading here. You
> don't equally constify the other two parameters (which would e.g. be
> xc_interface *const xch), and I don't think doing so is common
> practice elsewhere. And what p1 and p2 point to is specifically non-
> const (and cannot be const), due to ...
>
> > +{
> > + unsigned int nr_leaves, nr_msrs, i, index;
> > + unsigned int p1_nr_leaves, p2_nr_leaves;
> > + unsigned int p1_nr_entries, p2_nr_entries;
> > + int rc;
> > +
> > + p1_nr_leaves = p2_nr_leaves = ARRAY_SIZE(p1->leaves);
> > + p1_nr_entries = p2_nr_entries = ARRAY_SIZE(p1->entries);
> > +
> > + rc = xc_cpu_policy_serialise(xch, p1, p1->leaves, &p1_nr_leaves,
> > + p1->entries, &p1_nr_entries);
> > + if ( rc )
> > + return rc;
> > + rc = xc_cpu_policy_serialise(xch, p2, p2->leaves, &p2_nr_leaves,
> > + p2->entries, &p2_nr_entries);
>
> ... these two calls.
Right, that's a leftover from previously, where xc_cpu_policy_t didn't
also contain a buffer to store the serialized version.
Thanks, Roger.
On 04.05.2021 13:56, Roger Pau Monné wrote: > On Mon, May 03, 2021 at 12:43:08PM +0200, Jan Beulich wrote: >> On 30.04.2021 17:52, Roger Pau Monne wrote: >>> +/* Only level featuresets so far. */ >> >> I have to admit that I don't think I see all the implications from >> this implementation restriction. All other leaves get dropped by >> the caller, but it's not clear to me what this means wrt what the >> guest is ultimately going to get to see. > > This aims to be based on what XenServer does, which I was told is to > level the featuresets. I think the caller of the function will have to > fill the part of the policy that cannot be leveled. It's likely new > helpers will be added to do that as required. > > One option would be to get the default policy for the guest and then > use xc_cpu_policy_update_cpuid to apply the leveled one. Could such further plans perhaps be outlined (to a degree at least) in the description? Jan
On 30/04/2021 16:52, Roger Pau Monne wrote: > Introduce a helper to obtain a compatible cpu policy based on two > input cpu policies. Currently this is done by and'ing all CPUID > feature leaves and MSR entries, except for MSR_ARCH_CAPABILITIES which > has the RSBA bit or'ed. > > The _AC macro is pulled from libxl_internal.h into xen-tools/libs.h > since it's required in order to use the msr-index.h header. > > Note there's no need to place this helper in libx86, since the > calculation of a compatible policy shouldn't be done from the > hypervisor. > > No callers of the interface introduced. > > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > --- > Changes since v2: > - Add some comments. > - Remove stray double semicolon. > - AND all 0x7 subleaves (except 0.EAX). > - Explicitly handle MSR indexes in a switch statement. > - Error out when an unhandled MSR is found. > - Add handling of leaf 0x80000021. > > Changes since v1: > - Only AND the feature parts of cpuid. > - Use a binary search to find the matching leaves and msr entries. > - Remove default case from MSR level function. > --- > tools/include/xen-tools/libs.h | 5 ++ > tools/include/xenctrl.h | 4 + > tools/libs/guest/xg_cpuid_x86.c | 137 ++++++++++++++++++++++++++++++ > tools/libs/light/libxl_internal.h | 2 - This *needs* to be in libx86. I don't particularly mind if you start with it behind #ifdef __XEN__ (I'm still sure we'll need it in the hypervisor), but this, more than just about anything else, needs to be covered by the unit tests. Next, you need to follow the same structure as Xen's cpuid.c for deriving policies. You can't just loop through the two serialised forms like this. To start with, you want to calculate the min of a/b->max_leaf, then loop over that pulling information sideways from a/b. For MSRs, all but MSR_INTEL_PLATFORM_INFO are CPUID qualified, so need to look like: if ( out.cpuid.feat.arch_caps ) out.msr.arch_caps.raw = ((a.msr.arch_caps.raw ^ INV_MASK) & (b.msr.arch_caps.raw ^ INV_MASK)) ^ INV_MASK; Where INV_MASK is the mask of arch caps bits which want inverted polarity. (Name subject to change - perhap ARCH_CAPS_POLARITY_MASK ?) I'm sure I had some work starting this somewhere. I'll see if I can locate it. ~Andrew
© 2016 - 2026 Red Hat, Inc.