x86/msr: fix handling of MSR_IA32_PERF_{STATUS/CTL}

author Roger Pau Monné <roger.pau@citrix.com>

Tue, 6 Oct 2020 16:23:27 +0000 (18:23 +0200)

committer Andrew Cooper <andrew.cooper3@citrix.com>

Tue, 10 Nov 2020 17:51:25 +0000 (17:51 +0000)
author Roger Pau Monné <roger.pau@citrix.com>
Tue, 6 Oct 2020 16:23:27 +0000 (18:23 +0200)
committer Andrew Cooper <andrew.cooper3@citrix.com>
Tue, 10 Nov 2020 17:51:25 +0000 (17:51 +0000)
diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c

index 90561a53923ede722272951075398d4aaa6e3db7..a2a0634b4b98f20125ec9efc4ccb96074ef5ded2 100644 (file)
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -122,6 +122,7 @@ int init_vcpu_msr_policy(struct vcpu *v)
  
  int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val)
  {
+    const struct domain *d = v->domain;
      const struct cpuid_policy *cp = v->domain->arch.cpuid;
      const struct msr_domain_policy *dp = v->domain->arch.msr;
      const struct msr_vcpu_policy *vp = v->arch.msr;
@@ -163,6 +164,25 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val)
                 _MSR_MISC_FEATURES_CPUID_FAULTING;
          break;
  
+        /*
+         * These MSRs are not enumerated in CPUID.  They have been around
+         * since the Pentium 4, and implemented by other vendors.
+         *
+         * Some versions of Windows try reading these before setting up a #GP
+         * handler, and Linux has several unguarded reads as well.  Provide
+         * RAZ semantics, in general, but permit a cpufreq controller dom0 to
+         * have full access.
+         */
+    case MSR_IA32_PERF_STATUS:
+    case MSR_IA32_PERF_CTL:
+        if ( !(cp->x86_vendor & (X86_VENDOR_INTEL | X86_VENDOR_CENTAUR)) )
+            goto gp_fault;
+
+        *val = 0;
+        if ( likely(!is_cpufreq_controller(d)) || rdmsr_safe(msr, *val) == 0 )
+            break;
+        goto gp_fault;
+
          /*
           * TODO: Implement when we have better topology representation.
      case MSR_INTEL_CORE_THREAD_COUNT:
@@ -192,6 +212,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
      case MSR_INTEL_CORE_THREAD_COUNT:
      case MSR_INTEL_PLATFORM_INFO:
      case MSR_ARCH_CAPABILITIES:
+    case MSR_IA32_PERF_STATUS:
          /* Read-only */
      case MSR_TSX_FORCE_ABORT:
      case MSR_TSX_CTRL:
@@ -283,6 +304,21 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
          break;
      }
  
+        /*
+         * This MSR is not enumerated in CPUID.  It has been around since the
+         * Pentium 4, and implemented by other vendors.
+         *
+         * To match the RAZ semantics, implement as write-discard, except for
+         * a cpufreq controller dom0 which has full access.
+         */
+    case MSR_IA32_PERF_CTL:
+        if ( !(cp->x86_vendor & (X86_VENDOR_INTEL | X86_VENDOR_CENTAUR)) )
+            goto gp_fault;
+
+        if ( likely(!is_cpufreq_controller(d)) || wrmsr_safe(msr, val) == 0 )
+            break;
+        goto gp_fault;
+
      default:
          return X86EMUL_UNHANDLEABLE;
      }
diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c

index 0344c987e17398065210d79fc0f7cde5deeae1ef..9857a786dd9711120714a881c17f8117c56799e5 100644 (file)
--- a/xen/arch/x86/pv/emul-priv-op.c
+++ b/xen/arch/x86/pv/emul-priv-op.c
@@ -835,12 +835,6 @@ static inline uint64_t guest_misc_enable(uint64_t val)
      return val;
  }
  
-static inline bool is_cpufreq_controller(const struct domain *d)
-{
-    return ((cpufreq_controller == FREQCTL_dom0_kernel) &&
-            is_hardware_domain(d));
-}
-
  static int read_msr(unsigned int reg, uint64_t *val,
                      struct x86_emulate_ctxt *ctxt)
  {
@@ -1129,14 +1123,6 @@ static int write_msr(unsigned int reg, uint64_t val,
              return X86EMUL_OKAY;
          break;
  
-    case MSR_IA32_PERF_CTL:
-        if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
-            break;
-        if ( likely(!is_cpufreq_controller(currd)) ||
-             wrmsr_safe(reg, val) == 0 )
-            return X86EMUL_OKAY;
-        break;
-
      case MSR_IA32_THERM_CONTROL:
      case MSR_IA32_ENERGY_PERF_BIAS:
          if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h

index 0a13b81c2125b66171904a52e5e1e2104287c421..831927fbc47fbce7fbecdc513280c683ad1273d3 100644 (file)
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -917,6 +917,22 @@ extern enum cpufreq_controller {
      FREQCTL_none, FREQCTL_dom0_kernel, FREQCTL_xen
  } cpufreq_controller;
  
+static always_inline bool is_cpufreq_controller(const struct domain *d)
+{
+    /*
+     * A PV dom0 can be nominated as the cpufreq controller, instead of using
+     * Xen's cpufreq driver, at which point dom0 gets direct access to certain
+     * MSRs.
+     *
+     * This interface only works when dom0 is identity pinned and has the same
+     * number of vCPUs as pCPUs on the system.
+     *
+     * It would be far better to paravirtualise the interface.
+     */
+    return (is_pv_domain(d) && is_hardware_domain(d) &&
+            cpufreq_controller == FREQCTL_dom0_kernel);
+}
+
  #define CPUPOOLID_NONE    -1
  
  struct cpupool *cpupool_get_by_id(int poolid);
author	Roger Pau Monné <roger.pau@citrix.com>
	Tue, 6 Oct 2020 16:23:27 +0000 (18:23 +0200)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 10 Nov 2020 17:51:25 +0000 (17:51 +0000)
xen/arch/x86/msr.c		patch \| blob \| blame \| history
xen/arch/x86/pv/emul-priv-op.c		patch \| blob \| blame \| history
xen/include/xen/sched.h		patch \| blob \| blame \| history