x86/boot: Wire up dom0=shadow for PV dom0

This would have been very handy when debugging some pv-l1tf issues.  As there
is no cost to supporting it, wire it up.

Due to the way dom0 is constructed, switching into shadow mode must be done
after the pagetables are written, and because of partially being in dom0
context, shadow_enable() doesn't like the state it finds.

Reuse the pv_l1tf tasklet for convenience, which will switch dom0 into shadow
mode just before it starts executing.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
index 1fc18026bb0c04cbaa6f74f9268bddd924074f9b..f53d5afb92f978e50ca606a3ba29684c21a210aa 100644 (file)
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -675,12 +675,16 @@ Controls for how dom0 is constructed on x86 systems.
         selected mode.
     *   For a PVH dom0, the hardware must have VT-x/SVM extensions available.
 
-*   The `shadow` boolean is only applicable when dom0 is constructed as a PVH
-    guest, and controls whether dom0 uses hardware assisted paging, or shadow
-    paging.  The default is HAP when available, and shadow otherwise.
+*   The `shadow` boolean allows dom0 to be explicitly constructed using shadow
+    paging.  This option is unavailable when `CONFIG_SHADOW_PAGING` is
+    disabled.
 
-    This option is unavailable when `CONFIG_SHADOW_PAGING` is disabled.  Such
-    builds of Xen require HAP-capable hardware to use a PVH dom0.
+    For PVH, dom0 defaults to using HAP on capable hardware, and falls back to
+    shadow paging otherwise.  A PVH dom0 cannot be used if Xen is compiled
+    without shadow paging support, and the hardware lacks HAP support.
+
+    For PV, the use of dom0 shadow mode is only for development purposes.  PV
+    guests do no require any paging support by default.
 
 *   The `verbose` boolean is intended for diagnostics, and prints out extra
     information during the dom0 build.  It defaults to false.

diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c
index 27315d5bd269f36b3dd2e74e14fbf39c95132697..93e5531b8aec8a1be811ac785f0a65290808488f 100644 (file)
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -588,14 +588,6 @@ int __init construct_dom0(struct domain *d, const module_t *image,
 
     process_pending_softirqs();
 
-#ifdef CONFIG_SHADOW_PAGING
-    if ( opt_dom0_shadow && !dom0_pvh )
-    {
-        opt_dom0_shadow = false;
-        printk(XENLOG_WARNING "Shadow Dom0 requires PVH. Option ignored.\n");
-    }
-#endif
-
     if ( is_hvm_domain(d) )
         rc = dom0_construct_pvh(d, image, image_headroom, initrd, cmdline);
     else if ( is_pv_domain(d) )

diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c
index 064a10ed1fe5f9ccde801fee648b8f6ab197e666..4a1526ab2a689f5c809666a52817543d89dc11e0 100644 (file)
--- a/xen/arch/x86/pv/dom0_build.c
+++ b/xen/arch/x86/pv/dom0_build.c
@@ -906,6 +906,15 @@ int __init dom0_construct_pv(struct domain *d,
     if ( d->domain_id == hardware_domid )
         iommu_hwdom_init(d);
 
+    /* Activate shadow mode, if requested.  Reuse the pv_l1tf tasklet. */
+#ifdef CONFIG_SHADOW_PAGING
+    if ( opt_dom0_shadow )
+    {
+        printk("Switching dom0 to using shadow paging\n");
+        tasklet_schedule(&d->arch.paging.shadow.pv_l1tf_tasklet);
+    }
+#endif
+
     v->is_initialised = 1;
     clear_bit(_VPF_down, &v->pause_flags);