Xen project Mailing List

Re: [Xen-devel] [PATCH RFC v2 1/4] x86/mm: Shadow and p2m changes for PV mem_access

To: Tim Deegan <tim@xxxxxxx>

From: "Aravindh Puthiyaparambil (aravindp)" <aravindp@xxxxxxxxx>

Date: Thu, 28 Aug 2014 19:23:46 +0000

Accept-language: en-US

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>

Delivery-date: Thu, 28 Aug 2014 19:24:01 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AQHPp0um5fBJUbHNFEG0eCkTCAq31puvzTKwgADpm4CAAIzRMIA1ApwAgABFhMCAAF4oAP//rHKQ

Thread-topic: [Xen-devel] [PATCH RFC v2 1/4] x86/mm: Shadow and p2m changes for PV mem_access

>> >To avoid touching them before shadow mode is actually enabled you >> >could reshuffle the encodings so that 0 is 'default' (shadow code >> >absolutely relies on this field being 0 when shadow more is enabled >> >so any other user will have to maintain that). >> >> Do you mean the p2m_access_t enum when you say encoding? > >Not necessarily - but you _could_ reorder the enum (and add a comment so >make sure that other people don't reorder it again) if that does what you >want. Alternatively, you could use one more bit of the shadow flags as a >'valid' bit for the access bits, where readers would replace invalid mappings >with whatever the correct default value is. > >One other question occurs to me: what about the case of enabling, disabling >and re-enabling the mem-access feature? Is it OK that access permissions will >be retained from the first use into the second or do they need to be reset >somehow? With HVM guests, the mem-access listener does the following every time it enables the feature: 1. Set the default access value: xc_set_mem_access(xch, domain_id, default_access, ~0ull, 0). All this does is set p2m->default_access. None of the individual page permissions are changed. 2. Convert individual pages to the default access value: xc_set_mem_access(xch, domain_id, default_access, 0, domain_max_pages); In the PV case step 2 is problematic as the range of pages that belong to the PV guest is unknown to the mem-access listener. I tried adding another PV specific API for setting default access that will walk the page_list and set the shadow_flag to default. But Jan rightly pointed out issues surrounding hypercall preemption / continuation during which, the page_list could be modified. So my current plan is to blow all shadow pages every time the API for setting default access is called. The on the subsequent page-faults where the PTE is marked not present, set the shadow_flag to the default access as part of creating the PTE. The mem-access listener for PV guests hence need not call step 2. Given that I only check for mem-access violation for present pages, this should work. Then on disabling mem-access, I will set p2m->default_access back to RWX and turn off shadow paging. So anytime mem-access is enabled again, the default value that will be set by the listener will be honored. Does this sound viable? Thanks, Aravindh _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.