Code for initializing/tearing down PMU for PV guests Signed-off-by: Boris Ostrovsky <boris.ostrov...@oracle.com> Acked-by: Kevin Tian <kevin.t...@intel.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> Reviewed-by: Dietmar Hahn <dietmar.h...@ts.fujitsu.com> Tested-by: Dietmar Hahn <dietmar.h...@ts.fujitsu.com> --- tools/flask/policy/policy/modules/xen/xen.te | 4 ++ xen/arch/x86/domain.c | 2 + xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/hvm/svm/svm.c | 4 +- xen/arch/x86/hvm/svm/vpmu.c | 44 +++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 4 +- xen/arch/x86/hvm/vmx/vpmu_core2.c | 81 ++++++++++++++++------- xen/arch/x86/hvm/vpmu.c | 98 +++++++++++++++++++++++++++- xen/common/event_channel.c | 1 + xen/include/asm-x86/hvm/vpmu.h | 2 + xen/include/public/pmu.h | 2 + xen/include/public/xen.h | 1 + xen/include/xsm/dummy.h | 3 + xen/xsm/flask/hooks.c | 4 ++ xen/xsm/flask/policy/access_vectors | 2 + 15 files changed, 212 insertions(+), 41 deletions(-)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index ae7bf3c..9d84004 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -120,6 +120,10 @@ domain_comms(dom0_t, dom0_t) # Allow all domains to use (unprivileged parts of) the tmem hypercall allow domain_type xen_t:xen tmem_op; +# Allow all domains to use PMU (but not to change its settings --- that's what +# pmu_ctrl is for) +allow domain_type xen_t:xen2 pmu_use; + ############################################################################### # # Domain creation diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index da5bdf4..ce1d187 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -445,6 +445,8 @@ int vcpu_initialise(struct vcpu *v) vmce_init_vcpu(v); + spin_lock_init(&v->arch.vpmu.vpmu_lock); + if ( has_hvm_container_domain(d) ) { rc = hvm_vcpu_initialise(v); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 8f49b44..ec9c89a 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4820,6 +4820,7 @@ static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = { HYPERCALL(hvm_op), HYPERCALL(sysctl), HYPERCALL(domctl), + HYPERCALL(xenpmu_op), [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation }; diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 8aca6e6..b1c4845 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1157,7 +1157,9 @@ static int svm_vcpu_initialise(struct vcpu *v) return rc; } - vpmu_initialise(v); + /* PVH's VPMU is initialized via hypercall */ + if ( is_hvm_vcpu(v) ) + vpmu_initialise(v); svm_guest_osvw_init(v); diff --git a/xen/arch/x86/hvm/svm/vpmu.c b/xen/arch/x86/hvm/svm/vpmu.c index 8460d7b..fe852ed 100644 --- a/xen/arch/x86/hvm/svm/vpmu.c +++ b/xen/arch/x86/hvm/svm/vpmu.c @@ -363,17 +363,19 @@ static void amd_vpmu_destroy(struct vcpu *v) if ( !vpmu_is_set(vpmu, VPMU_CONTEXT_ALLOCATED) ) return; - if ( has_hvm_container_vcpu(v) && is_msr_bitmap_on(vpmu) ) - amd_vpmu_unset_msr_bitmap(v); + if ( has_hvm_container_vcpu(v) ) + { + if ( is_msr_bitmap_on(vpmu) ) + amd_vpmu_unset_msr_bitmap(v); - xfree(vpmu->context); - vpmu_reset(vpmu, VPMU_CONTEXT_ALLOCATED); + if ( is_hvm_vcpu(v) ) + xfree(vpmu->context); - if ( vpmu_is_set(vpmu, VPMU_RUNNING) ) - { - vpmu_reset(vpmu, VPMU_RUNNING); release_pmu_ownship(PMU_OWNER_HVM); } + + vpmu->context = NULL; + vpmu_clear(vpmu); } /* VPMU part of the 'q' keyhandler */ @@ -439,15 +441,19 @@ int svm_vpmu_initialise(struct vcpu *v) if ( !counters ) return -EINVAL; - ctxt = xzalloc_bytes(sizeof(*ctxt) + - 2 * sizeof(uint64_t) * num_counters); - if ( !ctxt ) + if ( is_hvm_vcpu(v) ) { - printk(XENLOG_G_WARNING "Insufficient memory for PMU, " - " PMU feature is unavailable on domain %d vcpu %d.\n", - v->vcpu_id, v->domain->domain_id); - return -ENOMEM; + ctxt = xzalloc_bytes(sizeof(*ctxt) + + 2 * sizeof(uint64_t) * num_counters); + if ( !ctxt ) + { + printk(XENLOG_G_WARNING "%pv: Insufficient memory for PMU, " + " PMU feature is unavailable\n", v); + return -ENOMEM; + } } + else + ctxt = &v->arch.vpmu.xenpmu_data->pmu.c.amd; ctxt->counters = sizeof(*ctxt); ctxt->ctrls = ctxt->counters + sizeof(uint64_t) * num_counters; @@ -489,6 +495,16 @@ int __init amd_vpmu_init(void) return -EINVAL; } + if ( sizeof(struct xen_pmu_data) + + 2 * sizeof(uint64_t) * num_counters > PAGE_SIZE ) + { + printk(XENLOG_WARNING + "VPMU: Register bank does not fit into VPMU shared page\n"); + counters = ctrls = NULL; + num_counters = 0; + return -ENOSPC; + } + return 0; } diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 0bf92b2..a7c3a7a 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -116,7 +116,9 @@ static int vmx_vcpu_initialise(struct vcpu *v) return rc; } - vpmu_initialise(v); + /* PVH's VPMU is initialized via hypercall */ + if ( is_hvm_vcpu(v) ) + vpmu_initialise(v); vmx_install_vlapic_mapping(v); diff --git a/xen/arch/x86/hvm/vmx/vpmu_core2.c b/xen/arch/x86/hvm/vmx/vpmu_core2.c index e199367..03dc981 100644 --- a/xen/arch/x86/hvm/vmx/vpmu_core2.c +++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c @@ -362,24 +362,34 @@ static int core2_vpmu_alloc_resource(struct vcpu *v) struct xen_pmu_intel_ctxt *core2_vpmu_cxt = NULL; uint64_t *p = NULL; - if ( !acquire_pmu_ownership(PMU_OWNER_HVM) ) - return 0; - - wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, 0); - if ( vmx_add_host_load_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) + p = xzalloc_bytes(sizeof(uint64_t)); + if ( !p ) goto out_err; - if ( vmx_add_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) - goto out_err; - vmx_write_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL, 0); - - core2_vpmu_cxt = xzalloc_bytes(sizeof(*core2_vpmu_cxt) + - sizeof(uint64_t) * fixed_pmc_cnt + - sizeof(struct xen_pmu_cntr_pair) * - arch_pmc_cnt); - p = xzalloc(uint64_t); - if ( !core2_vpmu_cxt || !p ) - goto out_err; + if ( has_hvm_container_vcpu(v) ) + { + if ( is_hvm_vcpu(v) && !acquire_pmu_ownership(PMU_OWNER_HVM) ) + goto out_err; + + wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, 0); + if ( vmx_add_host_load_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) + goto out_err_hvm; + if ( vmx_add_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) + goto out_err_hvm; + vmx_write_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL, 0); + } + + if ( is_hvm_vcpu(v) ) + { + core2_vpmu_cxt = xzalloc_bytes(sizeof(*core2_vpmu_cxt) + + sizeof(uint64_t) * fixed_pmc_cnt + + sizeof(struct xen_pmu_cntr_pair) * + arch_pmc_cnt); + if ( !core2_vpmu_cxt ) + goto out_err_hvm; + } + else + core2_vpmu_cxt = &v->arch.vpmu.xenpmu_data->pmu.c.intel; core2_vpmu_cxt->fixed_counters = sizeof(*core2_vpmu_cxt); core2_vpmu_cxt->arch_counters = core2_vpmu_cxt->fixed_counters + @@ -392,10 +402,12 @@ static int core2_vpmu_alloc_resource(struct vcpu *v) return 1; -out_err: - release_pmu_ownship(PMU_OWNER_HVM); - + out_err_hvm: xfree(core2_vpmu_cxt); + if ( is_hvm_vcpu(v) ) + release_pmu_ownship(PMU_OWNER_HVM); + + out_err: xfree(p); printk("Failed to allocate VPMU resources for domain %u vcpu %u\n", @@ -715,12 +727,20 @@ static void core2_vpmu_destroy(struct vcpu *v) if ( !vpmu_is_set(vpmu, VPMU_CONTEXT_ALLOCATED) ) return; - xfree(vpmu->context); + if ( has_hvm_container_vcpu(v) ) + { + if ( cpu_has_vmx_msr_bitmap ) + core2_vpmu_unset_msr_bitmap(v->arch.hvm_vmx.msr_bitmap); + + if ( is_hvm_vcpu(v) ) + xfree(vpmu->context); + + release_pmu_ownship(PMU_OWNER_HVM); + } + xfree(vpmu->priv_context); - if ( has_hvm_container_vcpu(v) && cpu_has_vmx_msr_bitmap ) - core2_vpmu_unset_msr_bitmap(v->arch.hvm_vmx.msr_bitmap); - release_pmu_ownship(PMU_OWNER_HVM); - vpmu_reset(vpmu, VPMU_CONTEXT_ALLOCATED); + vpmu->context = NULL; + vpmu_clear(vpmu); } struct arch_vpmu_ops core2_vpmu_ops = { @@ -830,6 +850,10 @@ int vmx_vpmu_initialise(struct vcpu *v) ds_warned = 1; func_out: + /* PV domains can allocate resources immediately */ + if ( is_pv_vcpu(v) && !core2_vpmu_alloc_resource(v) ) + return -EIO; + vpmu->arch_vpmu_ops = &core2_vpmu_ops; return 0; @@ -895,5 +919,14 @@ int __init core2_vpmu_init(void) check_pmc_quirk(); + if ( sizeof(struct xen_pmu_data) + sizeof(uint64_t) * fixed_pmc_cnt + + sizeof(struct xen_pmu_cntr_pair) * arch_pmc_cnt > PAGE_SIZE ) + { + printk(XENLOG_WARNING + "VPMU: Register bank does not fit into VPMU share page\n"); + arch_pmc_cnt = fixed_pmc_cnt = 0; + return -ENOSPC; + } + return 0; } diff --git a/xen/arch/x86/hvm/vpmu.c b/xen/arch/x86/hvm/vpmu.c index ed3b99a..2ad9832 100644 --- a/xen/arch/x86/hvm/vpmu.c +++ b/xen/arch/x86/hvm/vpmu.c @@ -26,6 +26,7 @@ #include <asm/regs.h> #include <asm/types.h> #include <asm/msr.h> +#include <asm/p2m.h> #include <asm/hvm/support.h> #include <asm/hvm/vmx/vmx.h> #include <asm/hvm/vmx/vmcs.h> @@ -252,6 +253,7 @@ void vpmu_initialise(struct vcpu *v) vpmu_destroy(v); vpmu_clear(vpmu); vpmu->context = NULL; + vpmu->hw_lapic_lvtpc = PMU_APIC_VECTOR | APIC_LVT_MASKED; switch ( vendor ) { @@ -278,7 +280,89 @@ void vpmu_destroy(struct vcpu *v) struct vpmu_struct *vpmu = vcpu_vpmu(v); if ( vpmu->arch_vpmu_ops && vpmu->arch_vpmu_ops->arch_vpmu_destroy ) + { + /* Unload VPMU first. This will stop counters */ + on_selected_cpus(cpumask_of(vcpu_vpmu(v)->last_pcpu), + vpmu_save_force, v, 1); + vpmu->arch_vpmu_ops->arch_vpmu_destroy(v); + } +} + +static int pvpmu_init(struct domain *d, xen_pmu_params_t *params) +{ + struct vcpu *v; + struct vpmu_struct *vpmu; + struct page_info *page; + uint64_t gfn = params->val; + + if ( vpmu_mode == XENPMU_MODE_OFF ) + return -EINVAL; + + if ( (params->vcpu >= d->max_vcpus) || (d->vcpu == NULL) || + (d->vcpu[params->vcpu] == NULL) ) + return -EINVAL; + + page = get_page_from_gfn(d, gfn, NULL, P2M_ALLOC); + if ( !page ) + return -EINVAL; + + if ( !get_page_type(page, PGT_writable_page) ) + { + put_page(page); + return -EINVAL; + } + + v = d->vcpu[params->vcpu]; + vpmu = vcpu_vpmu(v); + spin_lock(&vpmu->vpmu_lock); + + v->arch.vpmu.xenpmu_data = __map_domain_page_global(page); + if ( !v->arch.vpmu.xenpmu_data ) + { + put_page_and_type(page); + spin_unlock(&vpmu->vpmu_lock); + return -EINVAL; + } + + vpmu_initialise(v); + + spin_unlock(&vpmu->vpmu_lock); + + return 0; +} + +static void pvpmu_finish(struct domain *d, xen_pmu_params_t *params) +{ + struct vcpu *v; + struct vpmu_struct *vpmu; + uint64_t mfn; + + if ( (params->vcpu >= d->max_vcpus) || (d->vcpu == NULL) || + (d->vcpu[params->vcpu] == NULL) ) + return; + + v = d->vcpu[params->vcpu]; + if ( v != current ) + vcpu_pause(v); + + vpmu = vcpu_vpmu(v); + spin_lock(&vpmu->vpmu_lock); + + if ( v->arch.vpmu.xenpmu_data ) + { + mfn = domain_page_map_to_mfn(v->arch.vpmu.xenpmu_data); + ASSERT(mfn != 0); + unmap_domain_page_global(v->arch.vpmu.xenpmu_data); + put_page_and_type(mfn_to_page(mfn)); + v->arch.vpmu.xenpmu_data = NULL; + } + vpmu_destroy(v); + + spin_unlock(&vpmu->vpmu_lock); + + if ( v != current ) + vcpu_unpause(v); } /* Dump some vpmu informations on console. Used in keyhandler dump_domains(). */ @@ -402,7 +486,7 @@ long do_xenpmu_op(int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) if ( copy_to_guest(arg, &pmu_params, 1) ) return -EFAULT; - break; + break; case XENPMU_feature_set: if ( copy_from_guest(&pmu_params, arg, 1) ) @@ -420,6 +504,18 @@ long do_xenpmu_op(int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) return -EFAULT; break; + case XENPMU_init: + if ( copy_from_guest(&pmu_params, arg, 1) ) + return -EFAULT; + ret = pvpmu_init(current->domain, &pmu_params); + break; + + case XENPMU_finish: + if ( copy_from_guest(&pmu_params, arg, 1) ) + return -EFAULT; + pvpmu_finish(current->domain, &pmu_params); + break; + default: ret = -EINVAL; } diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 7d6de54..a991b2d 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -108,6 +108,7 @@ static int virq_is_global(uint32_t virq) case VIRQ_TIMER: case VIRQ_DEBUG: case VIRQ_XENOPROF: + case VIRQ_XENPMU: rc = 0; break; case VIRQ_ARCH_0 ... VIRQ_ARCH_7: diff --git a/xen/include/asm-x86/hvm/vpmu.h b/xen/include/asm-x86/hvm/vpmu.h index 97fe17c..ada2ab7 100644 --- a/xen/include/asm-x86/hvm/vpmu.h +++ b/xen/include/asm-x86/hvm/vpmu.h @@ -64,6 +64,8 @@ struct vpmu_struct { void *context; /* May be shared with PV guest */ void *priv_context; /* hypervisor-only */ struct arch_vpmu_ops *arch_vpmu_ops; + struct xen_pmu_data *xenpmu_data; + spinlock_t vpmu_lock; }; /* VPMU states */ diff --git a/xen/include/public/pmu.h b/xen/include/public/pmu.h index 66cc494..afb4ca1 100644 --- a/xen/include/public/pmu.h +++ b/xen/include/public/pmu.h @@ -25,6 +25,8 @@ #define XENPMU_mode_set 1 #define XENPMU_feature_get 2 #define XENPMU_feature_set 3 +#define XENPMU_init 4 +#define XENPMU_finish 5 /* ` } */ /* Parameters structure for HYPERVISOR_xenpmu_op call */ diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 0766790..e4d0b79 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -161,6 +161,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); #define VIRQ_MEM_EVENT 10 /* G. (DOM0) A memory event has occured */ #define VIRQ_XC_RESERVED 11 /* G. Reserved for XenClient */ #define VIRQ_ENOMEM 12 /* G. (DOM0) Low on heap memory */ +#define VIRQ_XENPMU 13 /* V. PMC interrupt */ /* Architecture-specific VIRQ definitions. */ #define VIRQ_ARCH_0 16 diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index c637454..ae47135 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -665,6 +665,9 @@ static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, int op) case XENPMU_feature_set: case XENPMU_feature_get: return xsm_default_action(XSM_PRIV, d, current->domain); + case XENPMU_init: + case XENPMU_finish: + return xsm_default_action(XSM_HOOK, d, current->domain); default: return -EPERM; } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 8e1914e..76f2cf1 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1515,6 +1515,10 @@ static int flask_pmu_op (struct domain *d, int op) case XENPMU_feature_get: return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN2, XEN2__PMU_CTRL, NULL); + case XENPMU_init: + case XENPMU_finish: + return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN2, + XEN2__PMU_USE, NULL); default: return -EPERM; } diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 3289d98..b84af31 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -87,6 +87,8 @@ class xen2 get_symbol # PMU control pmu_ctrl +# PMU use (domains, including unprivileged ones, will be using this operation) + pmu_use } # Classes domain and domain2 consist of operations that a domain performs on -- 1.8.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel