From nobody Mon May 6 20:59:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1603989751; cv=none; d=zohomail.com; s=zohoarc; b=O22xcWrkNwCG5t6U5f0Lmgb6ae31pMGQ67Qo0x4GxRqH2Tc0z5xmwwcLHMMXTVQTj4W7PMkUj15Sl8OMcim74KfKuRAG/ICQgd3LmDZvVUAryeZopKopXkhhyLLxTAjluAea5/MHnfl1FL7T3zXziypKEg55yXcnpD5AcNb4dUo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603989751; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=GcSy5eZYNij+1i4LoZgwH6W2G+ijC08WVFgzkC9qVk4=; b=Bt7sPrut9+NFwI6vvCKIK7NyiTQyNNitV6RhbgNMaT3SmM4++cLJ0YWbpJPekKDhiFx/ZwbRDLXATnhCttfU5fC77WfGk2+UFqqpMFBfFeTHIdz5oSGW4skJS+lypXUc7R4QBjwB0trq4uq/q/y8tq8K/2FXnnBNOsRR7prQFUM= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1603989751427967.243520411947; Thu, 29 Oct 2020 09:42:31 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.14343.35465 (Exim 4.92) (envelope-from ) id 1kYB08-000774-C8; Thu, 29 Oct 2020 16:42:12 +0000 Received: by outflank-mailman (output) from mailman id 14343.35465; Thu, 29 Oct 2020 16:42:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kYB08-00076x-8s; Thu, 29 Oct 2020 16:42:12 +0000 Received: by outflank-mailman (input) for mailman id 14343; Thu, 29 Oct 2020 16:42:10 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kYB06-00076r-Co for xen-devel@lists.xenproject.org; Thu, 29 Oct 2020 16:42:10 +0000 Received: from mga11.intel.com (unknown [192.55.52.93]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id f72ce307-175a-4c16-afd7-e9503d4241ee; Thu, 29 Oct 2020 16:42:08 +0000 (UTC) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Oct 2020 09:42:06 -0700 Received: from ichao-mobl.amr.corp.intel.com (HELO ubuntu.localdomain) ([10.212.87.139]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Oct 2020 09:42:05 -0700 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kYB06-00076r-Co for xen-devel@lists.xenproject.org; Thu, 29 Oct 2020 16:42:10 +0000 Received: from mga11.intel.com (unknown [192.55.52.93]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id f72ce307-175a-4c16-afd7-e9503d4241ee; Thu, 29 Oct 2020 16:42:08 +0000 (UTC) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Oct 2020 09:42:06 -0700 Received: from ichao-mobl.amr.corp.intel.com (HELO ubuntu.localdomain) ([10.212.87.139]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Oct 2020 09:42:05 -0700 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f72ce307-175a-4c16-afd7-e9503d4241ee IronPort-SDR: L/PoWEqABikXI8HwTgEh/tF4phOl5T23F/LcHrVvR+sUYmlbJYmPY2F8AERZDQc7e3Ty3BjzFi GJL/5qn18QVw== X-IronPort-AV: E=McAfee;i="6000,8403,9789"; a="164967052" X-IronPort-AV: E=Sophos;i="5.77,430,1596524400"; d="scan'208";a="164967052" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False IronPort-SDR: wCHGdkfs93RJGDBx7WxBU9CfqgrEGLy6+Jd1HVSXgF54pEZt0VA6cVG9Uz0cTs1hl28hkweL2c PWWVTjDNjm/g== X-IronPort-AV: E=Sophos;i="5.77,430,1596524400"; d="scan'208";a="395219071" From: Tamas K Lengyel To: xen-devel@lists.xenproject.org Cc: Tamas K Lengyel , Ian Jackson , Wei Liu , Anthony PERARD Subject: [PATCH] tools: add noidentpt domain config option Date: Thu, 29 Oct 2020 09:41:51 -0700 Message-Id: <93aec8d6e90c5b1c571297a9d4822d1868417be7.1603989586.git.tamas.lengyel@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The Identity Pagetable is currently being created for all HVM VMs during se= tup. This was only necessary for running HVM guests on Intel CPUs where EPT was available but unrestricted guest mode was not. Add option to skip the creation of the Identity Pagetable via the "noidentp= t" xl config option. This allows a system administrator to skip this step when the hardware is known to have the required features. Signed-off-by: Tamas K Lengyel --- Further context: while running VM forks a significant bottle-neck was identified when HVM_PARAM_IDENT_PT is getting copied from the parent VM. Th= is is due to the fact that setting this parameter requires obtaining a Xen-wide lock (domctl_lock_acquire). When running several VM forks in parallel during fuzzing the fork reset hypercall can fail due to the lock being taken by another fork that's being reset at the same time. This whole situation can = be avoided if there is no Identity-map pagetable to begin with as on modern CP= Us this identity-map pagetable is not actually required. --- docs/man/xl.cfg.5.pod.in | 5 +++++ tools/include/xenguest.h | 1 + tools/libs/guest/xg_dom_x86.c | 31 +++++++++++++++++-------------- tools/libs/light/libxl_create.c | 2 ++ tools/libs/light/libxl_dom.c | 2 ++ tools/libs/light/libxl_types.idl | 1 + tools/xl/xl_parse.c | 2 ++ 7 files changed, 30 insertions(+), 14 deletions(-) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index 0532739c1f..4d992fe346 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -587,6 +587,11 @@ which are incompatible with migration. Currently this = is limited to enabling the invariant TSC feature flag in CPUID results when TSC is not emulated. =20 +=3Ditem B + +Disable the creation of the Identity-map Pagetable that was required to ru= n HVM +guests on Intel CPUs with EPT where no unrestricted guest mode was availab= le. + =3Ditem B =20 Specify that this domain is a driver domain. This enables certain diff --git a/tools/include/xenguest.h b/tools/include/xenguest.h index a9984dbea5..998a8c57ba 100644 --- a/tools/include/xenguest.h +++ b/tools/include/xenguest.h @@ -26,6 +26,7 @@ =20 #define XCFLAGS_LIVE (1 << 0) #define XCFLAGS_DEBUG (1 << 1) +#define XCFLAGS_NOIDENTPT (1 << 2) =20 #define X86_64_B_SIZE 64=20 #define X86_32_B_SIZE 32 diff --git a/tools/libs/guest/xg_dom_x86.c b/tools/libs/guest/xg_dom_x86.c index 2953aeb90b..827bea7eb7 100644 --- a/tools/libs/guest/xg_dom_x86.c +++ b/tools/libs/guest/xg_dom_x86.c @@ -718,20 +718,23 @@ static int alloc_magic_pages_hvm(struct xc_dom_image = *dom) goto out; } =20 - /* - * Identity-map page table is required for running with CR0.PG=3D0 when - * using Intel EPT. Create a 32-bit non-PAE page directory of superpag= es. - */ - if ( (ident_pt =3D xc_map_foreign_range( - xch, domid, PAGE_SIZE, PROT_READ | PROT_WRITE, - special_pfn(SPECIALPAGE_IDENT_PT))) =3D=3D NULL ) - goto error_out; - for ( i =3D 0; i < PAGE_SIZE / sizeof(*ident_pt); i++ ) - ident_pt[i] =3D ((i << 22) | _PAGE_PRESENT | _PAGE_RW | _PAGE_USER= | - _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE); - munmap(ident_pt, PAGE_SIZE); - xc_hvm_param_set(xch, domid, HVM_PARAM_IDENT_PT, - special_pfn(SPECIALPAGE_IDENT_PT) << PAGE_SHIFT); + if ( !(dom->flags & XCFLAGS_NOIDENTPT) ) + { + /* + * Identity-map page table is required for running with CR0.PG=3D0= when + * using Intel EPT. Create a 32-bit non-PAE page directory of supe= rpages. + */ + if ( (ident_pt =3D xc_map_foreign_range( + xch, domid, PAGE_SIZE, PROT_READ | PROT_WRITE, + special_pfn(SPECIALPAGE_IDENT_PT))) =3D=3D NULL ) + goto error_out; + for ( i =3D 0; i < PAGE_SIZE / sizeof(*ident_pt); i++ ) + ident_pt[i] =3D ((i << 22) | _PAGE_PRESENT | _PAGE_RW | _PAGE_= USER | + _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE); + munmap(ident_pt, PAGE_SIZE); + xc_hvm_param_set(xch, domid, HVM_PARAM_IDENT_PT, + special_pfn(SPECIALPAGE_IDENT_PT) << PAGE_SHIFT); + } =20 dom->console_pfn =3D special_pfn(SPECIALPAGE_CONSOLE); xc_clear_domain_page(dom->xch, dom->guest_domid, dom->console_pfn); diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_creat= e.c index 321a13e519..62b06b359c 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -256,6 +256,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, =20 libxl_defbool_setdefault(&b_info->disable_migrate, false); =20 + libxl_defbool_setdefault(&b_info->disable_identpt, false); + for (i =3D 0 ; i < b_info->num_iomem; i++) if (b_info->iomem[i].gfn =3D=3D LIBXL_INVALID_GFN) b_info->iomem[i].gfn =3D b_info->iomem[i].start; diff --git a/tools/libs/light/libxl_dom.c b/tools/libs/light/libxl_dom.c index 01d989a976..a4b3fd808c 100644 --- a/tools/libs/light/libxl_dom.c +++ b/tools/libs/light/libxl_dom.c @@ -1126,6 +1126,8 @@ int libxl__build_hvm(libxl__gc *gc, uint32_t domid, dom->console_domid =3D state->console_domid; dom->xenstore_domid =3D state->store_domid; =20 + dom->flags |=3D libxl_defbool_val(info->disable_identpt) ? XCFLAGS_NOI= DENTPT : 0; + rc =3D libxl__domain_device_construct_rdm(gc, d_config, info->u.hvm.rdm_mem_boundary_m= emkb*1024, dom); diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_type= s.idl index 9d3f05f399..02eb6a0b40 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -508,6 +508,7 @@ libxl_domain_build_info =3D Struct("domain_build_info",[ ("exec_ssid_label", string), ("localtime", libxl_defbool), ("disable_migrate", libxl_defbool), + ("disable_identpt", libxl_defbool), ("cpuid", libxl_cpuid_policy_list), ("blkdev_start", string), =20 diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index cae8eb679c..ac4a6f2124 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1531,6 +1531,8 @@ void parse_config_data(const char *config_source, =20 xlu_cfg_get_defbool(config, "nomigrate", &b_info->disable_migrate, 0); =20 + xlu_cfg_get_defbool(config, "noidentpt", &b_info->disable_identpt, 0); + if (!xlu_cfg_get_long(config, "tsc_mode", &l, 1)) { const char *s =3D libxl_tsc_mode_to_string(l); fprintf(stderr, "WARNING: specifying \"tsc_mode\" as an integer is= deprecated. " --=20 2.25.1