[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 3/9] xen: Force-enable relevant MSR events; optimize the number of sent MSR events

  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
  • Date: Wed, 23 Jul 2014 11:03:02 +0300
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, tim@xxxxxxx, xen-devel@xxxxxxxxxxxxx
  • Comment: DomainKeys? See http://domainkeys.sourceforge.net/
  • Delivery-date: Wed, 23 Jul 2014 08:03:18 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=pZobQH2IG+QN/pKYkBF/LXIxN61dz3AwyQFoJpbicQTr96kLLhSjkXh3I2xG62bwB0xuK6lNaMQ63wGQfVQ/4FogufxHPNG6LD4SnDuNErdGqAUMzt/91mKt+H8PR+zHsbFsWRoNxxGG2lBUYxXEVUG88d+elVEyfX/RfT+qcrC2l9oeW+hqpsjVy7utWO8geqivwz4PZiUP7AzUFqKAnS/zMHUo11CM+1g55kjLErsV5oQiHJlnoLVB245dEfdse7/JJ8Yq4gEt9ZcPVxoqkjMYOsHYpvmAtzHUcg9oAgNtIduTF8ahCEuI2VEsfkOXwn+rSTViEw8TABVsUFnnog==; h=Received:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 07/23/2014 10:56 AM, Jan Beulich wrote:
>>>> On 09.07.14 at 10:02, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> On 07/02/2014 06:43 PM, Jan Beulich wrote:
>>>>>> On 02.07.14 at 17:35, <andrew.cooper3@xxxxxxxxxx> wrote:
>>>> On 02/07/14 14:33, Razvan Cojocaru wrote:
>>>>> @@ -700,6 +700,25 @@ void vmx_disable_intercept_for_msr(struct vcpu *v, 
>>>>> u32 
>> msr, int type)
>>>>>      if ( msr_bitmap == NULL )
>>>>>          return;
>>>>>  
>>>>> +    /* Filter out MSR-s needed by the memory introspection engine */
>>>>> +    switch ( msr )
>>>>> +    {
>>>>> +    case MSR_IA32_SYSENTER_EIP:
>>>>> +    case MSR_IA32_SYSENTER_ESP:
>>>>> +    case MSR_IA32_SYSENTER_CS:
>>>>> +    case MSR_IA32_MC0_CTL:
>>>>> +    case MSR_STAR:
>>>>> +    case MSR_LSTAR:
>>>>> +
>>>>
>>>> Given the performance implications of forcing interception of these
>>>> MSRs, it would be gated on mem_access being active for the domain.
>>>
>>> Absolutely.
>>
>> Unfortunately the call to vmx_disable_intercept_for_msr() happens _very_
>> early, and by the time our application gets to enable mem_access on the
>> domain, the interception for these MSRs has already been disabled, with
>> unacceptable consequences.
>>
>> I've tested this with an "if (
>> mem_event_check_ring(&d->mem_event->access) )" test.
>>
>> Also, ideally we'd like to be able to start monitoring an already
>> started domain, and in that case the mem_access test would be useless
>> even considering a workaround for the case above.
> 
> All understood, but not penalizing non-monitored VMs has certainly
> higher priority.

Got it, I've already changed the code, but waiting on a few other things
before resubmitting the series. As far as this patch goes, the HV now
only refuses to disable interception for the interesting MSRs if
mem_access is active for the domain, and always enables interception for
them on XEN_DOMCTL_MEM_EVENT_OP_ACCESS in mem_event_domctl().


Thanks,
Razvan Cojocaru

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.