[PATCH V2.1 5/5] HV: enable #GP for UC lock #gp


Tao, Yuhong
 

From: Tao Yuhong <yuhong.tao@intel.com>

For an atomic operation using bus locking, it would generate LOCK# bus
signal, if it has Non-WB memory operand. This is an UC lock. It will
ruin the RT behavior of the system.
If MSR_IA32_CORE_CAPABILITIES[bit4] is 1, then CPU can trigger #GP
for instructions which cause UC lock. This feature is controlled by
MSR_TEST_CTL[bit28].
This patch enables trigger #GP for UC lock.

Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
---
hypervisor/arch/x86/Kconfig | 7 +++++++
hypervisor/arch/x86/cpu.c | 18 ++++++++++++++++--
hypervisor/arch/x86/guest/vmsr.c | 4 ++--
3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/hypervisor/arch/x86/Kconfig b/hypervisor/arch/x86/Kconfig
index ded7826b1..a8c4162bd 100644
--- a/hypervisor/arch/x86/Kconfig
+++ b/hypervisor/arch/x86/Kconfig
@@ -343,6 +343,13 @@ config ENFORCE_TURNOFF_AC
If CPU has #AC for split-locked access, HV enable it and VMs can't disable.
Set this to enforce turn off that #AC, for community developer only.

+config ENFORCE_TURNOFF_GP
+ bool "Force to disable #GP for UC lock"
+ default n
+ help
+ If CPU has #GP for UC lock, HV enable it and VMs can't disable.
+ Set this to enforce turn off that #GP, for community developer only.
+
config IVSHMEM_ENABLED
bool "Enable ivshmem inter-vm communication based on hypervisor shared memory"
default n
diff --git a/hypervisor/arch/x86/cpu.c b/hypervisor/arch/x86/cpu.c
index 8cdef8a3e..9419f31ad 100644
--- a/hypervisor/arch/x86/cpu.c
+++ b/hypervisor/arch/x86/cpu.c
@@ -113,14 +113,27 @@ static void enable_ac_for_splitlock(void)
#ifndef CONFIG_ENFORCE_TURNOFF_AC
uint64_t test_ctl;

- if (has_core_cap(1U << 5U)) {
+ if (has_core_cap(CORE_CAP_SPLIT_LOCK)) {
test_ctl = msr_read(MSR_TEST_CTL);
- test_ctl |= (1U << 29U);
+ test_ctl |= MSR_TEST_CTL_AC_SPLITLOCK;
msr_write(MSR_TEST_CTL, test_ctl);
}
#endif /*CONFIG_ENFORCE_TURNOFF_AC*/
}

+static void enable_gp_for_uclock(void)
+{
+#ifndef CONFIG_ENFORCE_TURNOFF_GP
+ uint64_t test_ctl;
+
+ if (has_core_cap(CORE_CAP_UC_LOCK)) {
+ test_ctl = msr_read(MSR_TEST_CTL);
+ test_ctl |= MSR_TEST_CTL_GP_UCLOCK;
+ msr_write(MSR_TEST_CTL, test_ctl);
+ }
+#endif /*CONFIG_ENFORCE_TURNOFF_GP*/
+}
+
void init_pcpu_pre(bool is_bsp)
{
uint16_t pcpu_id;
@@ -210,6 +223,7 @@ void init_pcpu_post(uint16_t pcpu_id)
load_gdtr_and_tr();

enable_ac_for_splitlock();
+ enable_gp_for_uclock();

init_pcpu_xsave();

diff --git a/hypervisor/arch/x86/guest/vmsr.c b/hypervisor/arch/x86/guest/vmsr.c
index 195dd2567..ff1ad704f 100644
--- a/hypervisor/arch/x86/guest/vmsr.c
+++ b/hypervisor/arch/x86/guest/vmsr.c
@@ -589,7 +589,7 @@ int32_t rdmsr_vmexit_handler(struct acrn_vcpu *vcpu)
/* If has MSR_TEST_CTL, give emulated value
* If don't have MSR_TEST_CTL, trigger #GP
*/
- if (has_core_cap(1U << 5U)) {
+ if (has_core_cap(CORE_CAP_SPLIT_LOCK) || has_core_cap(CORE_CAP_UC_LOCK)) {
v = vcpu_get_guest_msr(vcpu, MSR_TEST_CTL);
} else {
vcpu_inject_gp(vcpu, 0U);
@@ -959,7 +959,7 @@ int32_t wrmsr_vmexit_handler(struct acrn_vcpu *vcpu)
/* If VM has MSR_TEST_CTL, ignore write operation
* If don't have MSR_TEST_CTL, trigger #GP
*/
- if (has_core_cap(1U << 5U)) {
+ if (has_core_cap(CORE_CAP_SPLIT_LOCK) || has_core_cap(CORE_CAP_UC_LOCK)) {
vcpu_set_guest_msr(vcpu, MSR_TEST_CTL, v);
pr_warn("Ignore writting 0x%llx to MSR_TEST_CTL from VM%d", v, vcpu->vm->vm_id);
} else {
--
2.17.1


Eddie Dong
 

-----Original Message-----
From: Tao, Yuhong <yuhong.tao@intel.com>
Sent: Wednesday, July 14, 2021 7:48 PM
To: acrn-dev@lists.projectacrn.org
Cc: Dong, Eddie <eddie.dong@intel.com>
Subject: [PATCH V2.1 5/5] HV: enable #GP for UC lock

From: Tao Yuhong <yuhong.tao@intel.com>

For an atomic operation using bus locking, it would generate LOCK# bus signal,
if it has Non-WB memory operand. This is an UC lock. It will ruin the RT
behavior of the system.
If MSR_IA32_CORE_CAPABILITIES[bit4] is 1, then CPU can trigger #GP for
instructions which cause UC lock. This feature is controlled by
MSR_TEST_CTL[bit28].
This patch enables trigger #GP for UC lock.
This patch enables #GP for guest UC lock.


But, I remember we only do this for the cases when RTVM exists, and we want to PT the capability to RT VM. Not?


Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
---
hypervisor/arch/x86/Kconfig | 7 +++++++
hypervisor/arch/x86/cpu.c | 18 ++++++++++++++++--
hypervisor/arch/x86/guest/vmsr.c | 4 ++--
3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/hypervisor/arch/x86/Kconfig b/hypervisor/arch/x86/Kconfig index
ded7826b1..a8c4162bd 100644
--- a/hypervisor/arch/x86/Kconfig
+++ b/hypervisor/arch/x86/Kconfig
@@ -343,6 +343,13 @@ config ENFORCE_TURNOFF_AC
If CPU has #AC for split-locked access, HV enable it and VMs can't
disable.
Set this to enforce turn off that #AC, for community developer only.

+config ENFORCE_TURNOFF_GP
+ bool "Force to disable #GP for UC lock"
+ default n
+ help
+ If CPU has #GP for UC lock, HV enable it and VMs can't disable.
+ Set this to enforce turn off that #GP, for community developer only.
+
config IVSHMEM_ENABLED
bool "Enable ivshmem inter-vm communication based on hypervisor
shared memory"
default n
diff --git a/hypervisor/arch/x86/cpu.c b/hypervisor/arch/x86/cpu.c index
8cdef8a3e..9419f31ad 100644
--- a/hypervisor/arch/x86/cpu.c
+++ b/hypervisor/arch/x86/cpu.c
@@ -113,14 +113,27 @@ static void enable_ac_for_splitlock(void) #ifndef
CONFIG_ENFORCE_TURNOFF_AC
uint64_t test_ctl;

- if (has_core_cap(1U << 5U)) {
+ if (has_core_cap(CORE_CAP_SPLIT_LOCK)) {
test_ctl = msr_read(MSR_TEST_CTL);
- test_ctl |= (1U << 29U);
+ test_ctl |= MSR_TEST_CTL_AC_SPLITLOCK;
msr_write(MSR_TEST_CTL, test_ctl);
}
#endif /*CONFIG_ENFORCE_TURNOFF_AC*/
}

+static void enable_gp_for_uclock(void)
+{
+#ifndef CONFIG_ENFORCE_TURNOFF_GP
+ uint64_t test_ctl;
+
+ if (has_core_cap(CORE_CAP_UC_LOCK)) {
+ test_ctl = msr_read(MSR_TEST_CTL);
+ test_ctl |= MSR_TEST_CTL_GP_UCLOCK;
+ msr_write(MSR_TEST_CTL, test_ctl);
+ }
+#endif /*CONFIG_ENFORCE_TURNOFF_GP*/
+}
+
void init_pcpu_pre(bool is_bsp)
{
uint16_t pcpu_id;
@@ -210,6 +223,7 @@ void init_pcpu_post(uint16_t pcpu_id)
load_gdtr_and_tr();

enable_ac_for_splitlock();
+ enable_gp_for_uclock();

init_pcpu_xsave();

diff --git a/hypervisor/arch/x86/guest/vmsr.c
b/hypervisor/arch/x86/guest/vmsr.c
index 195dd2567..ff1ad704f 100644
--- a/hypervisor/arch/x86/guest/vmsr.c
+++ b/hypervisor/arch/x86/guest/vmsr.c
@@ -589,7 +589,7 @@ int32_t rdmsr_vmexit_handler(struct acrn_vcpu
*vcpu)
/* If has MSR_TEST_CTL, give emulated value
* If don't have MSR_TEST_CTL, trigger #GP
*/
- if (has_core_cap(1U << 5U)) {
+ if (has_core_cap(CORE_CAP_SPLIT_LOCK) ||
+has_core_cap(CORE_CAP_UC_LOCK)) {
v = vcpu_get_guest_msr(vcpu, MSR_TEST_CTL);
} else {
vcpu_inject_gp(vcpu, 0U);
@@ -959,7 +959,7 @@ int32_t wrmsr_vmexit_handler(struct acrn_vcpu
*vcpu)
/* If VM has MSR_TEST_CTL, ignore write operation
* If don't have MSR_TEST_CTL, trigger #GP
*/
- if (has_core_cap(1U << 5U)) {
+ if (has_core_cap(CORE_CAP_SPLIT_LOCK) ||
+has_core_cap(CORE_CAP_UC_LOCK)) {
vcpu_set_guest_msr(vcpu, MSR_TEST_CTL, v);
pr_warn("Ignore writting 0x%llx to MSR_TEST_CTL from
VM%d", v, vcpu->vm->vm_id);
} else {
--
2.17.1


Tao, Yuhong
 

-----Original Message-----
From: Dong, Eddie <eddie.dong@intel.com>
Sent: Thursday, July 15, 2021 10:29 AM
To: Tao, Yuhong <yuhong.tao@intel.com>; acrn-dev@lists.projectacrn.org
Subject: RE: [PATCH V2.1 5/5] HV: enable #GP for UC lock



-----Original Message-----
From: Tao, Yuhong <yuhong.tao@intel.com>
Sent: Wednesday, July 14, 2021 7:48 PM
To: acrn-dev@lists.projectacrn.org
Cc: Dong, Eddie <eddie.dong@intel.com>
Subject: [PATCH V2.1 5/5] HV: enable #GP for UC lock

From: Tao Yuhong <yuhong.tao@intel.com>

For an atomic operation using bus locking, it would generate LOCK# bus
signal, if it has Non-WB memory operand. This is an UC lock. It will
ruin the RT behavior of the system.
If MSR_IA32_CORE_CAPABILITIES[bit4] is 1, then CPU can trigger #GP for
instructions which cause UC lock. This feature is controlled by
MSR_TEST_CTL[bit28].
This patch enables trigger #GP for UC lock.
This patch enables #GP for guest UC lock.
Will fix that


But, I remember we only do this for the cases when RTVM exists, and we want
to PT the capability to RT VM. Not?
This patch is from requirement, the requirements of UC-lock are all same as Split-lock:
1. enforce enable UC-lock detection
2. virtual MSR(0x33 bit 29) for guest
3. support config out UC-lock detection

Not asked to PT UC-lock detection to any VM



Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
---


Yang, Yu-chu
 

-----Original Message-----
From: acrn-dev@lists.projectacrn.org <acrn-dev@lists.projectacrn.org> On Behalf Of Tao, Yuhong
Sent: Wednesday, July 14, 2021 4:48 AM
To: acrn-dev@lists.projectacrn.org
Cc: Dong, Eddie <eddie.dong@intel.com>
Subject: [acrn-dev] [PATCH V2.1 5/5] HV: enable #GP for UC lock

From: Tao Yuhong <yuhong.tao@intel.com>

For an atomic operation using bus locking, it would generate LOCK# bus signal, if it has Non-WB memory operand. This is an UC lock. It will ruin the RT behavior of the system.
If MSR_IA32_CORE_CAPABILITIES[bit4] is 1, then CPU can trigger #GP for instructions which cause UC lock. This feature is controlled by MSR_TEST_CTL[bit28].
This patch enables trigger #GP for UC lock.

Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
---
hypervisor/arch/x86/Kconfig | 7 +++++++
hypervisor/arch/x86/cpu.c | 18 ++++++++++++++++--
hypervisor/arch/x86/guest/vmsr.c | 4 ++--
3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/hypervisor/arch/x86/Kconfig b/hypervisor/arch/x86/Kconfig index ded7826b1..a8c4162bd 100644
--- a/hypervisor/arch/x86/Kconfig
+++ b/hypervisor/arch/x86/Kconfig
@@ -343,6 +343,13 @@ config ENFORCE_TURNOFF_AC
If CPU has #AC for split-locked access, HV enable it and VMs can't disable.
Set this to enforce turn off that #AC, for community developer only.

+config ENFORCE_TURNOFF_GP
+ bool "Force to disable #GP for UC lock"
+ default n
+ help
+ If CPU has #GP for UC lock, HV enable it and VMs can't disable.
+ Set this to enforce turn off that #GP, for community developer only.
+
config IVSHMEM_ENABLED
bool "Enable ivshmem inter-vm communication based on hypervisor shared memory"
default n


Kconfig is no longer being used. Please using the schema instead.
Apply this change to following files:
misc/config_tools/schema/config.xsd
misc/config_tools/schema/config_common.xsl
and add a node <ENFORCE_TURNOFF_GP>n</ENFORCE_TURNOFF_GP> under <hv>/<FEATURES> to all applicable $SCENARIO.xmls.

Reference commits:
7e1ac8a74 config-tools: add NVMX_ENABLED feature and GUEST_FLAG_NVMX_ENABLED flag
d013801da config-tools: NVMX_ENABLED defaults to 'n' in all scenario config files

Yu-chu


Tao, Yuhong
 

Hi, Yu-chu

You are working with config tool, can you cook a patch to do this?

Thanks

-----Original Message-----
From: Yang, Yu-chu <yu-chu.yang@intel.com>
Sent: Friday, July 16, 2021 6:28 AM
To: Tao, Yuhong <yuhong.tao@intel.com>
Cc: acrn-dev@lists.projectacrn.org
Subject: RE: [acrn-dev] [PATCH V2.1 5/5] HV: enable #GP for UC lock



-----Original Message-----
From: acrn-dev@lists.projectacrn.org <acrn-dev@lists.projectacrn.org> On
Behalf Of Tao, Yuhong
Sent: Wednesday, July 14, 2021 4:48 AM
To: acrn-dev@lists.projectacrn.org
Cc: Dong, Eddie <eddie.dong@intel.com>
Subject: [acrn-dev] [PATCH V2.1 5/5] HV: enable #GP for UC lock

From: Tao Yuhong <yuhong.tao@intel.com>

For an atomic operation using bus locking, it would generate LOCK# bus signal, if
it has Non-WB memory operand. This is an UC lock. It will ruin the RT behavior
of the system.
If MSR_IA32_CORE_CAPABILITIES[bit4] is 1, then CPU can trigger #GP for
instructions which cause UC lock. This feature is controlled by
MSR_TEST_CTL[bit28].
This patch enables trigger #GP for UC lock.

Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
---
hypervisor/arch/x86/Kconfig | 7 +++++++
hypervisor/arch/x86/cpu.c | 18 ++++++++++++++++--
hypervisor/arch/x86/guest/vmsr.c | 4 ++--
3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/hypervisor/arch/x86/Kconfig b/hypervisor/arch/x86/Kconfig index
ded7826b1..a8c4162bd 100644
--- a/hypervisor/arch/x86/Kconfig
+++ b/hypervisor/arch/x86/Kconfig
@@ -343,6 +343,13 @@ config ENFORCE_TURNOFF_AC
If CPU has #AC for split-locked access, HV enable it and VMs can't
disable.
Set this to enforce turn off that #AC, for community developer only.

+config ENFORCE_TURNOFF_GP
+ bool "Force to disable #GP for UC lock"
+ default n
+ help
+ If CPU has #GP for UC lock, HV enable it and VMs can't disable.
+ Set this to enforce turn off that #GP, for community developer only.
+
config IVSHMEM_ENABLED
bool "Enable ivshmem inter-vm communication based on hypervisor
shared memory"
default n


Kconfig is no longer being used. Please using the schema instead.
Apply this change to following files:
misc/config_tools/schema/config.xsd
misc/config_tools/schema/config_common.xsl
and add a node <ENFORCE_TURNOFF_GP>n</ENFORCE_TURNOFF_GP> under
<hv>/<FEATURES> to all applicable $SCENARIO.xmls.

Reference commits:
7e1ac8a74 config-tools: add NVMX_ENABLED feature and
GUEST_FLAG_NVMX_ENABLED flag d013801da config-tools: NVMX_ENABLED
defaults to 'n' in all scenario config files

Yu-chu


Yang, Yu-chu
 

Hi Yuhong,

Please provide more details of the features and create a ticket for support so we can discuss further.

Thanks,
Yu-chu

-----Original Message-----
From: Tao, Yuhong <yuhong.tao@intel.com>
Sent: Thursday, July 15, 2021 6:37 PM
To: Yang, Yu-chu <yu-chu.yang@intel.com>
Cc: acrn-dev@lists.projectacrn.org
Subject: RE: [acrn-dev] [PATCH V2.1 5/5] HV: enable #GP for UC lock

Hi, Yu-chu

You are working with config tool, can you cook a patch to do this?

Thanks
-----Original Message-----
From: Yang, Yu-chu <yu-chu.yang@intel.com>
Sent: Friday, July 16, 2021 6:28 AM
To: Tao, Yuhong <yuhong.tao@intel.com>
Cc: acrn-dev@lists.projectacrn.org
Subject: RE: [acrn-dev] [PATCH V2.1 5/5] HV: enable #GP for UC lock



-----Original Message-----
From: acrn-dev@lists.projectacrn.org <acrn-dev@lists.projectacrn.org>
On Behalf Of Tao, Yuhong
Sent: Wednesday, July 14, 2021 4:48 AM
To: acrn-dev@lists.projectacrn.org
Cc: Dong, Eddie <eddie.dong@intel.com>
Subject: [acrn-dev] [PATCH V2.1 5/5] HV: enable #GP for UC lock

From: Tao Yuhong <yuhong.tao@intel.com>

For an atomic operation using bus locking, it would generate LOCK# bus
signal, if it has Non-WB memory operand. This is an UC lock. It will
ruin the RT behavior of the system.
If MSR_IA32_CORE_CAPABILITIES[bit4] is 1, then CPU can trigger #GP for
instructions which cause UC lock. This feature is controlled by
MSR_TEST_CTL[bit28].
This patch enables trigger #GP for UC lock.

Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
---
hypervisor/arch/x86/Kconfig | 7 +++++++
hypervisor/arch/x86/cpu.c | 18 ++++++++++++++++--
hypervisor/arch/x86/guest/vmsr.c | 4 ++--
3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/hypervisor/arch/x86/Kconfig b/hypervisor/arch/x86/Kconfig
index ded7826b1..a8c4162bd 100644
--- a/hypervisor/arch/x86/Kconfig
+++ b/hypervisor/arch/x86/Kconfig
@@ -343,6 +343,13 @@ config ENFORCE_TURNOFF_AC
If CPU has #AC for split-locked access, HV enable it and VMs can't
disable.
Set this to enforce turn off that #AC, for community developer only.

+config ENFORCE_TURNOFF_GP
+ bool "Force to disable #GP for UC lock"
+ default n
+ help
+ If CPU has #GP for UC lock, HV enable it and VMs can't disable.
+ Set this to enforce turn off that #GP, for community developer only.
+
config IVSHMEM_ENABLED
bool "Enable ivshmem inter-vm communication based on hypervisor
shared memory"
default n


Kconfig is no longer being used. Please using the schema instead.
Apply this change to following files:
misc/config_tools/schema/config.xsd
misc/config_tools/schema/config_common.xsl
and add a node <ENFORCE_TURNOFF_GP>n</ENFORCE_TURNOFF_GP> under
<hv>/<FEATURES> to all applicable $SCENARIO.xmls.

Reference commits:
7e1ac8a74 config-tools: add NVMX_ENABLED feature and
GUEST_FLAG_NVMX_ENABLED flag d013801da config-tools: NVMX_ENABLED
defaults to 'n' in all scenario config files

Yu-chu