Xen project Mailing List

Re: [Xen-devel] [PATCH v5 4/9] xen/x86: populate PVHv2 Dom0 physical memory map

To: Tim Deegan <tim@xxxxxxx>

From: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Fri, 27 Jan 2017 12:37:13 +0000

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, boris.ostrovsky@xxxxxxxxxx, Jan Beulich <JBeulich@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Fri, 27 Jan 2017 12:37:27 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, Jan 27, 2017 at 11:14:10AM +0000, Tim Deegan wrote: > At 05:41 -0700 on 26 Jan (1485409318), Jan Beulich wrote: > > >>> On 19.01.17 at 18:29, <roger.pau@xxxxxxxxxx> wrote: > > > +/* Size of the VM86 TSS for virtual 8086 mode to use. */ > > > +#define HVM_VM86_TSS_SIZE 128 > > > > I continue to be puzzled by this value. Why 128? I think this really > > needs to be clarified in the comment. > > I was asked on IRC to do some archaeology / explain myself about this, > so here goes. > > First, the _intended_ mechanism for "real mode" guests on older VMX > hardware is to run them in virtual 8086 mode inside the guest as much > as possible, and emulate whenever we can't do that. > > This is managed with some state in v->arch.hvm_vmx: > - vmx_realmode, set when the guest thinks it's in real mode. > - vmx_emulate, to force emulation rather than VMENTER > We set this when we have exceptions to inject, as the VMX hardware > would try to inject them in 32-bit protected mode. > - vm86_segment_mask, a bitmask of segments that can't be fudged > to run in virtual 8086 mode. > > When vmx_realmode is set, vmx_do_vmentry() DTRT: it bails out into the > emulator if either vmx_emulate or any bit in vm86_segment_mask is set; > otherwise it calls vmx_enter_realmode() to adjust %rflags and enters > the guest in virtual 8086 mode. > > The reason we need a TSS at all is for handling software interrupts. > Virtual 8086 mode has two ways to handle software interrupts: stay in > virtual 8086 mode and vector via the table @0x0, or raise #GP in 32-bit > protected mode. We want the first of those, so that a guest in 'real mode' > can make BIOS calls. > > The CPU uses a bitmap in the TSS to decide which method to use; we > need all the bits in that bitmap to be clear. In my SDM (April 2016) > this is section 20.3.3 "Class 3 -- Software Interrupt Handling in > Virtual-8086 Mode", table 20-2, method 5. > > --- > > So far so good, and AIUI the system works -- or at least it did in > December 2008 when it was put in (8d4638d1), because emulating every > instruction made Windows boot times so slow that we would definitely > have noticed. > > But looking at it now, I'm not convinced of exactly how. The magic > bitmap in the TSS is at [I/O Map Base Address] - 32, and the I/O map > base address itself lives at offset 100. A zero'd TSS should mean an > I/O map at 0, and an interrupt redirection bitmap at -32, which would > plausibly work if the TSS were 256 bytes (matching the limit set in > Xen). Perhaps it's only working because the 128 bytes following the > TSS in hvmloader happen to be zeros too? Right, so *if* this was working as intended, the interrupt bitmap would be at HVM_PARAM_VM86_TSS - 32, which we don't guarantee to zero at all. I've also looked at the manual, and it states that the last bit of the IO bitmap should be filled with 1s[0], which we don't do at all. Also, what's the expected size of the IO bitmap, 64KB? Roger. [0] Vol3, section 20.3.3 "Class 3-Software Interrupt Handling in Virtual-8086 Mode, Figure 20-5. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.