Code for initializing/tearing down PMU for PV guests Signed-off-by: Boris Ostrovsky <boris.ostrov...@oracle.com> Acked-by: Kevin Tian <kevin.t...@intel.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov> --- tools/flask/policy/policy/modules/xen/xen.te | 4 ++ xen/arch/x86/domain.c | 2 + xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/hvm/svm/svm.c | 4 +- xen/arch/x86/hvm/svm/vpmu.c | 44 ++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 4 +- xen/arch/x86/hvm/vmx/vpmu_core2.c | 79 +++++++++++++++------ xen/arch/x86/hvm/vpmu.c | 102 +++++++++++++++++++++++++-- xen/common/event_channel.c | 1 + xen/include/asm-x86/hvm/vpmu.h | 2 + xen/include/public/pmu.h | 2 + xen/include/public/xen.h | 1 + xen/include/xsm/dummy.h | 3 + xen/xsm/flask/hooks.c | 4 ++ xen/xsm/flask/policy/access_vectors | 2 + 15 files changed, 212 insertions(+), 43 deletions(-)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index 870ff81..73bbe7b 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -120,6 +120,10 @@ domain_comms(dom0_t, dom0_t) # Allow all domains to use (unprivileged parts of) the tmem hypercall allow domain_type xen_t:xen tmem_op; +# Allow all domains to use PMU (but not to change its settings --- that's what +# pmu_ctrl is for) +allow domain_type xen_t:xen2 pmu_use; + ############################################################################### # # Domain creation diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index b0e3c3d..838bbb7 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -437,6 +437,8 @@ int vcpu_initialise(struct vcpu *v) vmce_init_vcpu(v); } + spin_lock_init(&v->arch.vpmu.vpmu_lock); + if ( has_hvm_container_domain(d) ) { rc = hvm_vcpu_initialise(v); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index b03ee4e..21f7c35 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4873,6 +4873,7 @@ static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = { HYPERCALL(hvm_op), HYPERCALL(sysctl), HYPERCALL(domctl), + HYPERCALL(xenpmu_op), [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation }; diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a7655bd..59cca08 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1166,7 +1166,9 @@ static int svm_vcpu_initialise(struct vcpu *v) return rc; } - vpmu_initialise(v); + /* PVH's VPMU is initialized via hypercall */ + if ( is_hvm_vcpu(v) ) + vpmu_initialise(v); svm_guest_osvw_init(v); diff --git a/xen/arch/x86/hvm/svm/vpmu.c b/xen/arch/x86/hvm/svm/vpmu.c index 03474a3..7eeefa2 100644 --- a/xen/arch/x86/hvm/svm/vpmu.c +++ b/xen/arch/x86/hvm/svm/vpmu.c @@ -379,17 +379,19 @@ static void amd_vpmu_destroy(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); - if ( has_hvm_container_vcpu(v) && is_msr_bitmap_on(vpmu) ) - amd_vpmu_unset_msr_bitmap(v); + if ( has_hvm_container_vcpu(v) ) + { + if ( is_msr_bitmap_on(vpmu) ) + amd_vpmu_unset_msr_bitmap(v); - xfree(vpmu->context); - vpmu_reset(vpmu, VPMU_CONTEXT_ALLOCATED); + if ( is_hvm_vcpu(v) ) + xfree(vpmu->context); - if ( vpmu_is_set(vpmu, VPMU_RUNNING) ) - { - vpmu_reset(vpmu, VPMU_RUNNING); release_pmu_ownship(PMU_OWNER_HVM); } + + vpmu->context = NULL; + vpmu_clear(vpmu); } /* VPMU part of the 'q' keyhandler */ @@ -456,15 +458,19 @@ int svm_vpmu_initialise(struct vcpu *v) if ( !counters ) return -EINVAL; - ctxt = xzalloc_bytes(sizeof(*ctxt) + - 2 * sizeof(uint64_t) * num_counters); - if ( !ctxt ) + if ( is_hvm_vcpu(v) ) { - printk(XENLOG_G_WARNING "Insufficient memory for PMU, " - " PMU feature is unavailable on domain %d vcpu %d.\n", - v->vcpu_id, v->domain->domain_id); - return -ENOMEM; + ctxt = xzalloc_bytes(sizeof(*ctxt) + + 2 * sizeof(uint64_t) * num_counters); + if ( !ctxt ) + { + printk(XENLOG_G_WARNING "%pv: Insufficient memory for PMU, " + " PMU feature is unavailable\n", v); + return -ENOMEM; + } } + else + ctxt = &v->arch.vpmu.xenpmu_data->pmu.c.amd; ctxt->counters = sizeof(*ctxt); ctxt->ctrls = ctxt->counters + sizeof(uint64_t) * num_counters; @@ -503,6 +509,16 @@ int __init amd_vpmu_init(void) return -EINVAL; } + if ( sizeof(struct xen_pmu_data) + + 2 * sizeof(uint64_t) * num_counters > PAGE_SIZE ) + { + printk(XENLOG_WARNING + "VPMU: Register bank does not fit into VPMU shared page\n"); + counters = ctrls = NULL; + num_counters = 0; + return -ENOSPC; + } + return 0; } diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 88b7821..65b77ed 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -116,7 +116,9 @@ static int vmx_vcpu_initialise(struct vcpu *v) return rc; } - vpmu_initialise(v); + /* PVH's VPMU is initialized via hypercall */ + if ( is_hvm_vcpu(v) ) + vpmu_initialise(v); vmx_install_vlapic_mapping(v); diff --git a/xen/arch/x86/hvm/vmx/vpmu_core2.c b/xen/arch/x86/hvm/vmx/vpmu_core2.c index 6c78323..60f0f69 100644 --- a/xen/arch/x86/hvm/vmx/vpmu_core2.c +++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c @@ -378,24 +378,34 @@ static int core2_vpmu_alloc_resource(struct vcpu *v) struct xen_pmu_intel_ctxt *core2_vpmu_cxt = NULL; uint64_t *p = NULL; - if ( !acquire_pmu_ownership(PMU_OWNER_HVM) ) - return 0; - - wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, 0); - if ( vmx_add_host_load_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) + p = xzalloc(uint64_t); + if ( !p ) goto out_err; - if ( vmx_add_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) - goto out_err; - vmx_write_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL, 0); + if ( has_hvm_container_vcpu(v) ) + { + if ( is_hvm_vcpu(v) && !acquire_pmu_ownership(PMU_OWNER_HVM) ) + goto out_err; - core2_vpmu_cxt = xzalloc_bytes(sizeof(*core2_vpmu_cxt) + - sizeof(uint64_t) * fixed_pmc_cnt + - sizeof(struct xen_pmu_cntr_pair) * - arch_pmc_cnt); - p = xzalloc(uint64_t); - if ( !core2_vpmu_cxt || !p ) - goto out_err; + wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, 0); + if ( vmx_add_host_load_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) + goto out_err_hvm; + if ( vmx_add_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL) ) + goto out_err_hvm; + vmx_write_guest_msr(MSR_CORE_PERF_GLOBAL_CTRL, 0); + } + + if ( is_hvm_vcpu(v) ) + { + core2_vpmu_cxt = xzalloc_bytes(sizeof(*core2_vpmu_cxt) + + sizeof(uint64_t) * fixed_pmc_cnt + + sizeof(struct xen_pmu_cntr_pair) * + arch_pmc_cnt); + if ( !core2_vpmu_cxt ) + goto out_err_hvm; + } + else + core2_vpmu_cxt = &v->arch.vpmu.xenpmu_data->pmu.c.intel; core2_vpmu_cxt->fixed_counters = sizeof(*core2_vpmu_cxt); core2_vpmu_cxt->arch_counters = core2_vpmu_cxt->fixed_counters + @@ -408,10 +418,12 @@ static int core2_vpmu_alloc_resource(struct vcpu *v) return 1; -out_err: - release_pmu_ownship(PMU_OWNER_HVM); - + out_err_hvm: xfree(core2_vpmu_cxt); + if ( is_hvm_vcpu(v) ) + release_pmu_ownship(PMU_OWNER_HVM); + + out_err: xfree(p); printk("Failed to allocate VPMU resources for domain %u vcpu %u\n", @@ -728,12 +740,20 @@ static void core2_vpmu_destroy(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); - xfree(vpmu->context); + if ( has_hvm_container_vcpu(v) ) + { + if ( cpu_has_vmx_msr_bitmap ) + core2_vpmu_unset_msr_bitmap(v->arch.hvm_vmx.msr_bitmap); + + if ( is_hvm_vcpu(v) ) + xfree(vpmu->context); + + release_pmu_ownship(PMU_OWNER_HVM); + } + xfree(vpmu->priv_context); - if ( has_hvm_container_vcpu(v) && cpu_has_vmx_msr_bitmap ) - core2_vpmu_unset_msr_bitmap(v->arch.hvm_vmx.msr_bitmap); - release_pmu_ownship(PMU_OWNER_HVM); - vpmu_reset(vpmu, VPMU_CONTEXT_ALLOCATED); + vpmu->context = NULL; + vpmu_clear(vpmu); } struct arch_vpmu_ops core2_vpmu_ops = { @@ -844,6 +864,10 @@ int vmx_vpmu_initialise(struct vcpu *v) ds_warned = 1; func_out: + /* PV domains can allocate resources immediately */ + if ( is_pv_vcpu(v) && !core2_vpmu_alloc_resource(v) ) + return -EIO; + vpmu->arch_vpmu_ops = &core2_vpmu_ops; return 0; @@ -906,5 +930,14 @@ int __init core2_vpmu_init(void) check_pmc_quirk(); + if ( sizeof(struct xen_pmu_data) + sizeof(uint64_t) * fixed_pmc_cnt + + sizeof(struct xen_pmu_cntr_pair) * arch_pmc_cnt > PAGE_SIZE ) + { + printk(XENLOG_WARNING + "VPMU: Register bank does not fit into VPMU share page\n"); + arch_pmc_cnt = fixed_pmc_cnt = 0; + return -ENOSPC; + } + return 0; } diff --git a/xen/arch/x86/hvm/vpmu.c b/xen/arch/x86/hvm/vpmu.c index f62fa80..bdd66de 100644 --- a/xen/arch/x86/hvm/vpmu.c +++ b/xen/arch/x86/hvm/vpmu.c @@ -27,6 +27,7 @@ #include <asm/types.h> #include <asm/msr.h> #include <asm/nmi.h> +#include <asm/p2m.h> #include <asm/hvm/support.h> #include <asm/hvm/vmx/vmx.h> #include <asm/hvm/vmx/vmcs.h> @@ -252,9 +253,6 @@ void vpmu_initialise(struct vcpu *v) uint8_t vendor = current_cpu_data.x86_vendor; int ret; - if ( is_pvh_vcpu(v) ) - return; - BUILD_BUG_ON(sizeof(struct xen_pmu_intel_ctxt) > XENPMU_CTXT_PAD_SZ); BUILD_BUG_ON(sizeof(struct xen_pmu_amd_ctxt) > XENPMU_CTXT_PAD_SZ); @@ -262,6 +260,7 @@ void vpmu_initialise(struct vcpu *v) vpmu_destroy(v); vpmu_clear(vpmu); vpmu->context = NULL; + vpmu->hw_lapic_lvtpc = PMU_APIC_VECTOR | APIC_LVT_MASKED; switch ( vendor ) { @@ -313,7 +312,92 @@ void vpmu_destroy(struct vcpu *v) vpmu_clear_last, v, 1); if ( vpmu->arch_vpmu_ops && vpmu->arch_vpmu_ops->arch_vpmu_destroy ) + { + /* Unload VPMU first. This will stop counters */ + on_selected_cpus(cpumask_of(vcpu_vpmu(v)->last_pcpu), + vpmu_save_force, v, 1); + vpmu->arch_vpmu_ops->arch_vpmu_destroy(v); + } +} + +static int pvpmu_init(struct domain *d, xen_pmu_params_t *params) +{ + struct vcpu *v; + struct vpmu_struct *vpmu; + struct page_info *page; + uint64_t gfn = params->val; + + if ( vpmu_mode == XENPMU_MODE_OFF ) + return -EINVAL; + + if ( (params->vcpu >= d->max_vcpus) || (d->vcpu == NULL) || + (d->vcpu[params->vcpu] == NULL) ) + return -EINVAL; + + if ( v->arch.vpmu.xenpmu_data ) + return -EINVAL; + + page = get_page_from_gfn(d, gfn, NULL, P2M_ALLOC); + if ( !page ) + return -EINVAL; + + if ( !get_page_type(page, PGT_writable_page) ) + { + put_page(page); + return -EINVAL; + } + + v = d->vcpu[params->vcpu]; + vpmu = vcpu_vpmu(v); + spin_lock(&vpmu->vpmu_lock); + + v->arch.vpmu.xenpmu_data = __map_domain_page_global(page); + if ( !v->arch.vpmu.xenpmu_data ) + { + put_page_and_type(page); + spin_unlock(&vpmu->vpmu_lock); + return -EINVAL; + } + + vpmu_initialise(v); + + spin_unlock(&vpmu->vpmu_lock); + + return 0; +} + +static void pvpmu_finish(struct domain *d, xen_pmu_params_t *params) +{ + struct vcpu *v; + struct vpmu_struct *vpmu; + uint64_t mfn; + + if ( (params->vcpu >= d->max_vcpus) || (d->vcpu == NULL) || + (d->vcpu[params->vcpu] == NULL) ) + return; + + v = d->vcpu[params->vcpu]; + if ( v != current ) + vcpu_pause(v); + + vpmu = vcpu_vpmu(v); + spin_lock(&vpmu->vpmu_lock); + + if ( v->arch.vpmu.xenpmu_data ) + { + mfn = domain_page_map_to_mfn(v->arch.vpmu.xenpmu_data); + ASSERT(mfn != 0); + unmap_domain_page_global(v->arch.vpmu.xenpmu_data); + put_page_and_type(mfn_to_page(mfn)); + v->arch.vpmu.xenpmu_data = NULL; + } + vpmu_destroy(v); + + spin_unlock(&vpmu->vpmu_lock); + + if ( v != current ) + vcpu_unpause(v); } /* Dump some vpmu informations on console. Used in keyhandler dump_domains(). */ @@ -445,6 +529,8 @@ long do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) { case XENPMU_mode_set: case XENPMU_feature_set: + case XENPMU_init: + case XENPMU_finish: if ( copy_from_guest(&pmu_params, arg, 1) ) return -EFAULT; @@ -504,7 +590,7 @@ long do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) if ( copy_to_guest(arg, &pmu_params, 1) ) return -EFAULT; - break; + break; case XENPMU_feature_set: if ( pmu_params.val & ~XENPMU_FEATURE_INTEL_BTS ) @@ -519,6 +605,14 @@ long do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) return -EFAULT; break; + case XENPMU_init: + ret = pvpmu_init(current->domain, &pmu_params); + break; + + case XENPMU_finish: + pvpmu_finish(current->domain, &pmu_params); + break; + default: ret = -EINVAL; } diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index fae242d..310f590 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -106,6 +106,7 @@ static int virq_is_global(uint32_t virq) case VIRQ_TIMER: case VIRQ_DEBUG: case VIRQ_XENOPROF: + case VIRQ_XENPMU: rc = 0; break; case VIRQ_ARCH_0 ... VIRQ_ARCH_7: diff --git a/xen/include/asm-x86/hvm/vpmu.h b/xen/include/asm-x86/hvm/vpmu.h index cf32f82..42a09f9 100644 --- a/xen/include/asm-x86/hvm/vpmu.h +++ b/xen/include/asm-x86/hvm/vpmu.h @@ -44,6 +44,8 @@ struct vpmu_struct { void *context; /* May be shared with PV guest */ void *priv_context; /* hypervisor-only */ struct arch_vpmu_ops *arch_vpmu_ops; + struct xen_pmu_data *xenpmu_data; + spinlock_t vpmu_lock; }; /* Arch specific operations shared by all vpmus */ diff --git a/xen/include/public/pmu.h b/xen/include/public/pmu.h index 66cc494..afb4ca1 100644 --- a/xen/include/public/pmu.h +++ b/xen/include/public/pmu.h @@ -25,6 +25,8 @@ #define XENPMU_mode_set 1 #define XENPMU_feature_get 2 #define XENPMU_feature_set 3 +#define XENPMU_init 4 +#define XENPMU_finish 5 /* ` } */ /* Parameters structure for HYPERVISOR_xenpmu_op call */ diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 0dd3c97..a6b26fe 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -161,6 +161,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); #define VIRQ_MEM_EVENT 10 /* G. (DOM0) A memory event has occured */ #define VIRQ_XC_RESERVED 11 /* G. Reserved for XenClient */ #define VIRQ_ENOMEM 12 /* G. (DOM0) Low on heap memory */ +#define VIRQ_XENPMU 13 /* V. PMC interrupt */ /* Architecture-specific VIRQ definitions. */ #define VIRQ_ARCH_0 16 diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index c637454..ae47135 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -665,6 +665,9 @@ static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, int op) case XENPMU_feature_set: case XENPMU_feature_get: return xsm_default_action(XSM_PRIV, d, current->domain); + case XENPMU_init: + case XENPMU_finish: + return xsm_default_action(XSM_HOOK, d, current->domain); default: return -EPERM; } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 982e879..5011cb9 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1518,6 +1518,10 @@ static int flask_pmu_op (struct domain *d, unsigned int op) case XENPMU_feature_get: return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN2, XEN2__PMU_CTRL, NULL); + case XENPMU_init: + case XENPMU_finish: + return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN2, + XEN2__PMU_USE, NULL); default: return -EPERM; } diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 626850d..ef5b867 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -88,6 +88,8 @@ class xen2 get_symbol # PMU control pmu_ctrl +# PMU use (domains, including unprivileged ones, will be using this operation) + pmu_use } # Classes domain and domain2 consist of operations that a domain performs on -- 1.8.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel