File xsa435-0-25.patch of Package xen.33138
From 66c5c99656314451ff9520f91cff5bb39fee9fed Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 29 Mar 2023 12:01:33 +0100
Subject: x86: Drop struct old_cpu_policy
With all the complicated callers of x86_cpu_policies_are_compatible() updated
to use a single cpu_policy object, we can drop the final user of struct
old_cpu_policy.
Update x86_cpu_policies_are_compatible() to take (new) cpu_policy pointers,
reducing the amount of internal pointer chasing, and update all callers to
pass their cpu_policy objects directly.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/tools/tests/cpu-policy/test-cpu-policy.c
+++ b/tools/tests/cpu-policy/test-cpu-policy.c
@@ -69,7 +69,7 @@ static void test_vendor_identification(v
static void test_cpuid_serialise_success(void)
{
static const struct test {
- struct cpuid_policy p;
+ struct cpu_policy p;
const char *name;
unsigned int nr_leaves;
} tests[] = {
@@ -186,7 +186,7 @@ static void test_cpuid_serialise_success
static void test_msr_serialise_success(void)
{
static const struct test {
- struct msr_policy p;
+ struct cpu_policy p;
const char *name;
unsigned int nr_msrs;
} tests[] = {
@@ -367,7 +367,7 @@ static void test_cpuid_out_of_range_clea
static const struct test {
const char *name;
unsigned int nr_markers;
- struct cpuid_policy p;
+ struct cpu_policy p;
} tests[] = {
{
.name = "basic",
@@ -487,7 +487,7 @@ static void test_cpuid_out_of_range_clea
for ( size_t i = 0; i < ARRAY_SIZE(tests); ++i )
{
const struct test *t = &tests[i];
- struct cpuid_policy *p = memdup(&t->p);
+ struct cpu_policy *p = memdup(&t->p);
void *ptr;
unsigned int nr_markers;
@@ -511,23 +511,20 @@ static void test_is_compatible_success(v
{
static struct test {
const char *name;
- struct cpuid_policy host_cpuid;
- struct cpuid_policy guest_cpuid;
- struct msr_policy host_msr;
- struct msr_policy guest_msr;
+ struct cpu_policy host, guest;
} tests[] = {
{
.name = "Host CPUID faulting, Guest not",
- .host_msr = {
+ .host = {
.platform_info.cpuid_faulting = true,
},
},
{
.name = "Host CPUID faulting, Guest wanted",
- .host_msr = {
+ .host = {
.platform_info.cpuid_faulting = true,
},
- .guest_msr = {
+ .guest = {
.platform_info.cpuid_faulting = true,
},
},
@@ -539,15 +536,8 @@ static void test_is_compatible_success(v
for ( size_t i = 0; i < ARRAY_SIZE(tests); ++i )
{
struct test *t = &tests[i];
- struct old_cpu_policy sys = {
- &t->host_cpuid,
- &t->host_msr,
- }, new = {
- &t->guest_cpuid,
- &t->guest_msr,
- };
struct cpu_policy_errors e;
- int res = x86_cpu_policies_are_compatible(&sys, &new, &e);
+ int res = x86_cpu_policies_are_compatible(&t->host, &t->guest, &e);
/* Check the expected error output. */
if ( res != 0 || memcmp(&no_errors, &e, sizeof(no_errors)) )
@@ -561,25 +551,22 @@ static void test_is_compatible_failure(v
{
static struct test {
const char *name;
- struct cpuid_policy host_cpuid;
- struct cpuid_policy guest_cpuid;
- struct msr_policy host_msr;
- struct msr_policy guest_msr;
+ struct cpu_policy host, guest;
struct cpu_policy_errors e;
} tests[] = {
{
.name = "Host basic.max_leaf out of range",
- .guest_cpuid.basic.max_leaf = 1,
+ .guest.basic.max_leaf = 1,
.e = { 0, -1, -1 },
},
{
.name = "Host extd.max_leaf out of range",
- .guest_cpuid.extd.max_leaf = 1,
+ .guest.extd.max_leaf = 1,
.e = { 0x80000000, -1, -1 },
},
{
.name = "Host no CPUID faulting, Guest wanted",
- .guest_msr = {
+ .guest = {
.platform_info.cpuid_faulting = true,
},
.e = { -1, -1, 0xce },
@@ -591,15 +578,8 @@ static void test_is_compatible_failure(v
for ( size_t i = 0; i < ARRAY_SIZE(tests); ++i )
{
struct test *t = &tests[i];
- struct old_cpu_policy sys = {
- &t->host_cpuid,
- &t->host_msr,
- }, new = {
- &t->guest_cpuid,
- &t->guest_msr,
- };
struct cpu_policy_errors e;
- int res = x86_cpu_policies_are_compatible(&sys, &new, &e);
+ int res = x86_cpu_policies_are_compatible(&t->host, &t->guest, &e);
/* Check the expected error output. */
if ( res == 0 || memcmp(&t->e, &e, sizeof(t->e)) )
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -217,10 +217,9 @@ static int update_domain_cpu_policy(stru
xen_domctl_cpu_policy_t *xdpc)
{
struct cpu_policy *new;
- struct cpu_policy *sys = is_pv_domain(d)
+ const struct cpu_policy *sys = is_pv_domain(d)
? (IS_ENABLED(CONFIG_PV) ? &pv_max_cpu_policy : NULL)
: (IS_ENABLED(CONFIG_HVM) ? &hvm_max_cpu_policy : NULL);
- struct old_cpu_policy old_sys = { sys, sys }, old_new;
struct cpu_policy_errors err = INIT_CPU_POLICY_ERRORS;
int ret = -ENOMEM;
@@ -234,8 +233,6 @@ static int update_domain_cpu_policy(stru
if ( !(new = xmemdup(d->arch.cpu_policy)) )
goto out;
- old_new = (struct old_cpu_policy){ new, new };
-
/* Merge the toolstack provided data. */
if ( (ret = x86_cpuid_copy_from_buffer(
new, xdpc->leaves, xdpc->nr_leaves,
@@ -248,7 +245,7 @@ static int update_domain_cpu_policy(stru
x86_cpuid_policy_clear_out_of_range_leaves(new);
/* Audit the combined dataset. */
- ret = x86_cpu_policies_are_compatible(&old_sys, &old_new, &err);
+ ret = x86_cpu_policies_are_compatible(sys, new, &err);
if ( ret )
goto out;
--- a/xen/include/xen/lib/x86/cpu-policy.h
+++ b/xen/include/xen/lib/x86/cpu-policy.h
@@ -379,12 +379,6 @@ struct cpu_policy
#define cpuid_policy cpu_policy
#define msr_policy cpu_policy
-struct old_cpu_policy
-{
- struct cpuid_policy *cpuid;
- struct msr_policy *msr;
-};
-
struct cpu_policy_errors
{
uint32_t leaf, subleaf;
@@ -559,7 +553,7 @@ int x86_msr_copy_from_buffer(struct msr_
const msr_entry_buffer_t msrs, uint32_t nr_entries,
uint32_t *err_msr);
-/*
+/**
* Calculate whether two policies are compatible.
*
* i.e. Can a VM configured with @guest run on a CPU supporting @host.
@@ -573,8 +567,8 @@ int x86_msr_copy_from_buffer(struct msr_
* incompatibility is detected, the optional err pointer may identify the
* problematic leaf/subleaf and/or MSR.
*/
-int x86_cpu_policies_are_compatible(const struct old_cpu_policy *host,
- const struct old_cpu_policy *guest,
+int x86_cpu_policies_are_compatible(const struct cpu_policy *host,
+ const struct cpu_policy *guest,
struct cpu_policy_errors *err);
#endif /* !XEN_LIB_X86_POLICIES_H */
--- a/xen/lib/x86/policy.c
+++ b/xen/lib/x86/policy.c
@@ -2,8 +2,8 @@
#include <xen/lib/x86/cpu-policy.h>
-int x86_cpu_policies_are_compatible(const struct old_cpu_policy *host,
- const struct old_cpu_policy *guest,
+int x86_cpu_policies_are_compatible(const struct cpu_policy *host,
+ const struct cpu_policy *guest,
struct cpu_policy_errors *err)
{
struct cpu_policy_errors e = INIT_CPU_POLICY_ERRORS;
@@ -15,15 +15,15 @@ int x86_cpu_policies_are_compatible(cons
#define FAIL_MSR(m) \
do { e.msr = (m); goto out; } while ( 0 )
- if ( guest->cpuid->basic.max_leaf > host->cpuid->basic.max_leaf )
+ if ( guest->basic.max_leaf > host->basic.max_leaf )
FAIL_CPUID(0, NA);
- if ( guest->cpuid->extd.max_leaf > host->cpuid->extd.max_leaf )
+ if ( guest->extd.max_leaf > host->extd.max_leaf )
FAIL_CPUID(0x80000000, NA);
/* TODO: Audit more CPUID data. */
- if ( ~host->msr->platform_info.raw & guest->msr->platform_info.raw )
+ if ( ~host->platform_info.raw & guest->platform_info.raw )
FAIL_MSR(MSR_INTEL_PLATFORM_INFO);
#undef FAIL_MSR
