Xen devel - May 2009 - XEN monitor/mwait patch for AMD SVM

This patch clears the monitor/mwait bit in the cpuid intercept code for
AMD''s SVM. This is to disallow VM''s that may try and use the
monitor/mwait feature on AMD processors which is currently not supported
in XEN.

 

Signed-off-by: Navin Boppuri <navin.boppuri@amd.com>

 

Regards,

Navin Boppuri

 

AMD 

Operating Systems Research Center

CSG Platform Software Organization

Lonestar Campus, Austin, TX.  

T 512.602.5803

 




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 22/05/2009 16:23, "Boppuri, Navin" <Navin.Boppuri@amd.com>
wrote:
> This patch clears the monitor/mwait bit in the cpuid intercept code for
AMD¹s
> SVM. This is to disallow VM¹s that may try and use the monitor/mwait
feature
> on AMD processors which is currently not supported in XEN.
>  
> Signed-off-by: Navin Boppuri <navin.boppuri@amd.com>
What Xen version is this patch against? We already hide MWAIT from HVM
guests as far as I am aware. See
tools/libxc/xc_cpuid_x86.c:xc_cpuid_hvm_policy(), and note that features are
*whitelisted* and also that MWAIT is *not* mentioned.

So I think your patch is not needed, and also inappropriate since we
implement CPUID filtering policy in libxc these days.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Keir,

Sorry but the patch is against the latest tip of the xen unstable tree
(changeset: 18646).

I understand that MWAIT is not mentioned in the whitelist for HVM policy.
However, one could modify the guest config file and set the cpuid bit for
monitor/mwait and enable this feature by force. I was able to do just this in my
test configuration. This patch should cover such mods for cpuid in addition to
the cpuid policy in libxc.

Thank you.
-Navin
> -----Original Message-----
> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> Sent: Friday, May 22, 2009 11:40 AM
> To: Boppuri, Navin; xen-devel@lists.xensource.com
> Subject: Re: XEN monitor/mwait patch for AMD SVM
> 
> On 22/05/2009 16:23, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
> 
> > This patch clears the monitor/mwait bit in the cpuid intercept code
for
> AMD¹s
> > SVM. This is to disallow VM¹s that may try and use the monitor/mwait
> feature
> > on AMD processors which is currently not supported in XEN.
> >
> > Signed-off-by: Navin Boppuri <navin.boppuri@amd.com>
> 
> What Xen version is this patch against? We already hide MWAIT from HVM
> guests as far as I am aware. See
> tools/libxc/xc_cpuid_x86.c:xc_cpuid_hvm_policy(), and note that features
> are
> *whitelisted* and also that MWAIT is *not* mentioned.
> 
> So I think your patch is not needed, and also inappropriate since we
> implement CPUID filtering policy in libxc these days.
> 
>  -- Keir
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

That''s firmly in the ''Doctor, it hurts when I...''
category I''m afraid. No
way will I apply this type of patch.

 -- Keir

On 22/05/2009 18:10, "Boppuri, Navin" <Navin.Boppuri@amd.com>
wrote:
> Keir,
> 
> Sorry but the patch is against the latest tip of the xen unstable tree
> (changeset: 18646).
> 
> I understand that MWAIT is not mentioned in the whitelist for HVM policy.
> However, one could modify the guest config file and set the cpuid bit for
> monitor/mwait and enable this feature by force. I was able to do just this
in
> my test configuration. This patch should cover such mods for cpuid in
addition
> to the cpuid policy in libxc.
> 
> Thank you.
> -Navin
> 
>> -----Original Message-----
>> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
>> Sent: Friday, May 22, 2009 11:40 AM
>> To: Boppuri, Navin; xen-devel@lists.xensource.com
>> Subject: Re: XEN monitor/mwait patch for AMD SVM
>> 
>> On 22/05/2009 16:23, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
>> 
>>> This patch clears the monitor/mwait bit in the cpuid intercept code
for
>> AMD¹s
>>> SVM. This is to disallow VM¹s that may try and use the
monitor/mwait
>> feature
>>> on AMD processors which is currently not supported in XEN.
>>> 
>>> Signed-off-by: Navin Boppuri <navin.boppuri@amd.com>
>> 
>> What Xen version is this patch against? We already hide MWAIT from HVM
>> guests as far as I am aware. See
>> tools/libxc/xc_cpuid_x86.c:xc_cpuid_hvm_policy(), and note that
features
>> are
>> *whitelisted* and also that MWAIT is *not* mentioned.
>> 
>> So I think your patch is not needed, and also inappropriate since we
>> implement CPUID filtering policy in libxc these days.
>> 
>>  -- Keir
>> 
>> 
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

:) Point taken! Thank you for considering the request though.

-Navin
> -----Original Message-----
> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> Sent: Friday, May 22, 2009 12:19 PM
> To: Boppuri, Navin; xen-devel@lists.xensource.com
> Subject: Re: XEN monitor/mwait patch for AMD SVM
> 
> That''s firmly in the ''Doctor, it hurts when
I...'' category I''m afraid. No
> way will I apply this type of patch.
> 
>  -- Keir
> 
> On 22/05/2009 18:10, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
> 
> > Keir,
> >
> > Sorry but the patch is against the latest tip of the xen unstable tree
> > (changeset: 18646).
> >
> > I understand that MWAIT is not mentioned in the whitelist for HVM
> policy.
> > However, one could modify the guest config file and set the cpuid bit
> for
> > monitor/mwait and enable this feature by force. I was able to do just
> this in
> > my test configuration. This patch should cover such mods for cpuid in
> addition
> > to the cpuid policy in libxc.
> >
> > Thank you.
> > -Navin
> >
> >> -----Original Message-----
> >> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> >> Sent: Friday, May 22, 2009 11:40 AM
> >> To: Boppuri, Navin; xen-devel@lists.xensource.com
> >> Subject: Re: XEN monitor/mwait patch for AMD SVM
> >>
> >> On 22/05/2009 16:23, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
> >>
> >>> This patch clears the monitor/mwait bit in the cpuid intercept
code
> for
> >> AMD¹s
> >>> SVM. This is to disallow VM¹s that may try and use the
monitor/mwait
> >> feature
> >>> on AMD processors which is currently not supported in XEN.
> >>>
> >>> Signed-off-by: Navin Boppuri <navin.boppuri@amd.com>
> >>
> >> What Xen version is this patch against? We already hide MWAIT from
HVM
> >> guests as far as I am aware. See
> >> tools/libxc/xc_cpuid_x86.c:xc_cpuid_hvm_policy(), and note that
> features
> >> are
> >> *whitelisted* and also that MWAIT is *not* mentioned.
> >>
> >> So I think your patch is not needed, and also inappropriate since
we
> >> implement CPUID filtering policy in libxc these days.
> >>
> >>  -- Keir
> >>
> >>
> >
> >
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

No problem. In general, we aren''t too afraid of having ''power
user'' options
in the domain config file that can cause real problems if misapplied.
Especially this CPUID config, which most end users have not a prayer of
understanding and probably should not touch at all unless told to. The
expectation is that most vendors will wrap up that layer with a GUI wizard
of some sort to hide most of the complexity and power.

 -- Keir

On 23/05/2009 15:26, "Boppuri, Navin" <Navin.Boppuri@amd.com>
wrote:
> :) Point taken! Thank you for considering the request though.
> 
> -Navin
> 
>> -----Original Message-----
>> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
>> Sent: Friday, May 22, 2009 12:19 PM
>> To: Boppuri, Navin; xen-devel@lists.xensource.com
>> Subject: Re: XEN monitor/mwait patch for AMD SVM
>> 
>> That''s firmly in the ''Doctor, it hurts when
I...'' category I''m afraid. No
>> way will I apply this type of patch.
>> 
>>  -- Keir
>> 
>> On 22/05/2009 18:10, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
>> 
>>> Keir,
>>> 
>>> Sorry but the patch is against the latest tip of the xen unstable
tree
>>> (changeset: 18646).
>>> 
>>> I understand that MWAIT is not mentioned in the whitelist for HVM
>> policy.
>>> However, one could modify the guest config file and set the cpuid
bit
>> for
>>> monitor/mwait and enable this feature by force. I was able to do
just
>> this in
>>> my test configuration. This patch should cover such mods for cpuid
in
>> addition
>>> to the cpuid policy in libxc.
>>> 
>>> Thank you.
>>> -Navin
>>> 
>>>> -----Original Message-----
>>>> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
>>>> Sent: Friday, May 22, 2009 11:40 AM
>>>> To: Boppuri, Navin; xen-devel@lists.xensource.com
>>>> Subject: Re: XEN monitor/mwait patch for AMD SVM
>>>> 
>>>> On 22/05/2009 16:23, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
>>>> 
>>>>> This patch clears the monitor/mwait bit in the cpuid
intercept code
>> for
>>>> AMD¹s
>>>>> SVM. This is to disallow VM¹s that may try and use the
monitor/mwait
>>>> feature
>>>>> on AMD processors which is currently not supported in XEN.
>>>>> 
>>>>> Signed-off-by: Navin Boppuri <navin.boppuri@amd.com>
>>>> 
>>>> What Xen version is this patch against? We already hide MWAIT
from HVM
>>>> guests as far as I am aware. See
>>>> tools/libxc/xc_cpuid_x86.c:xc_cpuid_hvm_policy(), and note that
>> features
>>>> are
>>>> *whitelisted* and also that MWAIT is *not* mentioned.
>>>> 
>>>> So I think your patch is not needed, and also inappropriate
since we
>>>> implement CPUID filtering policy in libxc these days.
>>>> 
>>>>  -- Keir
>>>> 
>>>> 
>>> 
>>> 
>> 
>> 
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Keir,

Sounds good. As long as we are consistent about the fact that all configuration
policies are managed using libxc, I''m more than satisfied with this
approach to prevent use of mwait/monitor instructions in a guest.

Thanks again.
-Navin
> -----Original Message-----
> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> Sent: Saturday, May 23, 2009 9:39 AM
> To: Boppuri, Navin; xen-devel@lists.xensource.com
> Subject: Re: XEN monitor/mwait patch for AMD SVM
> 
> No problem. In general, we aren''t too afraid of having
''power user''
> options
> in the domain config file that can cause real problems if misapplied.
> Especially this CPUID config, which most end users have not a prayer of
> understanding and probably should not touch at all unless told to. The
> expectation is that most vendors will wrap up that layer with a GUI wizard
> of some sort to hide most of the complexity and power.
> 
>  -- Keir
> 
> On 23/05/2009 15:26, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
> 
> > :) Point taken! Thank you for considering the request though.
> >
> > -Navin
> >
> >> -----Original Message-----
> >> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> >> Sent: Friday, May 22, 2009 12:19 PM
> >> To: Boppuri, Navin; xen-devel@lists.xensource.com
> >> Subject: Re: XEN monitor/mwait patch for AMD SVM
> >>
> >> That''s firmly in the ''Doctor, it hurts when
I...'' category I''m afraid.
> No
> >> way will I apply this type of patch.
> >>
> >>  -- Keir
> >>
> >> On 22/05/2009 18:10, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
> >>
> >>> Keir,
> >>>
> >>> Sorry but the patch is against the latest tip of the xen
unstable tree
> >>> (changeset: 18646).
> >>>
> >>> I understand that MWAIT is not mentioned in the whitelist for
HVM
> >> policy.
> >>> However, one could modify the guest config file and set the
cpuid bit
> >> for
> >>> monitor/mwait and enable this feature by force. I was able to
do just
> >> this in
> >>> my test configuration. This patch should cover such mods for
cpuid in
> >> addition
> >>> to the cpuid policy in libxc.
> >>>
> >>> Thank you.
> >>> -Navin
> >>>
> >>>> -----Original Message-----
> >>>> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> >>>> Sent: Friday, May 22, 2009 11:40 AM
> >>>> To: Boppuri, Navin; xen-devel@lists.xensource.com
> >>>> Subject: Re: XEN monitor/mwait patch for AMD SVM
> >>>>
> >>>> On 22/05/2009 16:23, "Boppuri, Navin"
<Navin.Boppuri@amd.com> wrote:
> >>>>
> >>>>> This patch clears the monitor/mwait bit in the cpuid
intercept code
> >> for
> >>>> AMD¹s
> >>>>> SVM. This is to disallow VM¹s that may try and use the
monitor/mwait
> >>>> feature
> >>>>> on AMD processors which is currently not supported in
XEN.
> >>>>>
> >>>>> Signed-off-by: Navin Boppuri
<navin.boppuri@amd.com>
> >>>>
> >>>> What Xen version is this patch against? We already hide
MWAIT from
> HVM
> >>>> guests as far as I am aware. See
> >>>> tools/libxc/xc_cpuid_x86.c:xc_cpuid_hvm_policy(), and note
that
> >> features
> >>>> are
> >>>> *whitelisted* and also that MWAIT is *not* mentioned.
> >>>>
> >>>> So I think your patch is not needed, and also
inappropriate since we
> >>>> implement CPUID filtering policy in libxc these days.
> >>>>
> >>>>  -- Keir
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel