[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v3 0/4] x86: accommodate 32-bit PV guests with SMEP/SMAP handling

To: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 17 Mar 2016 01:50:39 -0600
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Feng Wu <feng.wu@xxxxxxxxx>
Delivery-date: Thu, 17 Mar 2016 07:50:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

As has been explained previously[1], SMAP (and with less relevance
also SMEP) is not compatible with 32-bit PV guests which aren't
aware/prepared to be run with that feature enabled. Andrew's
original approach either sacrificed architectural correctness for
making 32-bit guests work again, or disabled SMAP also for not
insignificant portions of hypervisor code, both by allowing to control
the workaround mode via command line option.

This alternative approach disables SMEP and SMAP only while
running 32-bit PV guest code plus a few hypervisor instructions
early after entering hypervisor context from or late before exiting
to such guests. Those few instructions (in assembly source) are of
course much easier to prove not to perform undue memory
accesses than code paths reaching deep into C sources.

The 4th patch really is unrelated except for not applying cleanly
without the earlier ones, and the potential having been noticed
while putting together the 2nd one.

1: move cached CR4 value to struct cpu_info
2: suppress SMEP and SMAP while running 32-bit PV guest code
3: use optimal NOPs to fill the SMEP/SMAP placeholders
4: use 32-bit loads for 32-bit PV guest state reload

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
v3: New patch 1, as a prereq to changes in patch 2 (previously
     1). The primary reason for this are performance issues that
     have been found by Andrew with the previous version.
v2: Various changes to patches 1 and 2 - see there.

[1] http://lists.xenproject.org/archives/html/xen-devel/2015-06/msg03888.html


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH v3 5/4] x86: reduce code size of struct cpu_info member accesses
  - From: Jan Beulich
- [Xen-devel] [PATCH v3 4/4] x86: use 32-bit loads for 32-bit PV guest state reload
  - From: Jan Beulich
- [Xen-devel] [PATCH v3 3/4] x86: use optimal NOPs to fill the SMEP/SMAP placeholders
  - From: Jan Beulich
- [Xen-devel] [PATCH v3 2/4] x86: suppress SMEP and SMAP while running 32-bit PV guest code
  - From: Jan Beulich
- [Xen-devel] [PATCH v3 1/4] x86: move cached CR4 value to struct cpu_info
  - From: Jan Beulich
- [Xen-devel] [PATCH v3 0/4] x86: accommodate 32-bit PV guests with SMEP/SMAP handling
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 0/4] x86: accommodate 32-bit PV guests with SMAP/SMEP handling
  - From: Jan Beulich
- [Xen-devel] [PATCH v2 0/3] x86: accommodate 32-bit PV guests with SMEP/SMAP handling
  - From: Jan Beulich
- [Xen-devel] [PATCH v3 0/4] x86: accommodate 32-bit PV guests with SMEP/SMAP handling
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v4 01/34] compat/x86: Remove unncessary #define.
Next by Date: Re: [Xen-devel] [PATCH 1/2] IOMMU/MMU: Adjust top level functions for VT-d Device-TLB flush error.
Previous by thread: [Xen-devel] [PATCH 0/5] x86/time: PVCLOCK_TSC_STABLE_BIT support
Next by thread: Re: [Xen-devel] [PATCH] x86: put kexec_reloc in its own section
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.