[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 4/7] x86/hvm: Adjust hvm_nx_enabled() to match how Xen behaves

>>> On 27.02.17 at 15:03, <andrew.cooper3@xxxxxxxxxx> wrote:
> On Intel hardware, EFER is not fully switched between host and guest 
> contexts.
> In practice, this means that Xen's EFER.NX setting leaks into guest context,
> and influences the behaviour of the hardware pagewalker.
> 
> When servicing a pagefault, Xen's model of guests behaviour should match
> hardware's behaviour, to allow correct interpretation of the pagefault error
> code, and to avoid creating observable difference in behaviour from the 
> guests
> point of view.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
with one nit (see below).

> Fixing this isn't trivial.  On more modern hardware, we can use EFER loading.
> On older hardware, we can use general MSR loading if available.  On
> older-hardware-yet, we could reload EFER right before/after vmentry/vmexit.
> However, doing so would require reloading EFER before any data accesses (as
> the NX bit will cause #PF[RSVD]), and that is rather hard given the need to
> preserve the GPRs.

I think the primary goal should be to get this right on modern hardware.

> --- a/xen/include/asm-x86/hvm/hvm.h
> +++ b/xen/include/asm-x86/hvm/hvm.h
> @@ -292,8 +292,10 @@ int hvm_girq_dest_2_vcpu_id(struct domain *d, uint8_t 
> dest, uint8_t dest_mode);
>      (hvm_paging_enabled(v) && ((v)->arch.hvm_vcpu.guest_cr[4] & 
> X86_CR4_SMEP))
>  #define hvm_smap_enabled(v) \
>      (hvm_paging_enabled(v) && ((v)->arch.hvm_vcpu.guest_cr[4] & 
> X86_CR4_SMAP))
> +/* HVM guests on Intel hardware leak Xen's NX settings into guest context. 
> */
>  #define hvm_nx_enabled(v) \
> -    (!!((v)->arch.hvm_vcpu.guest_efer & EFER_NX))
> +    ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && cpu_has_nx) || \
> +     !!((v)->arch.hvm_vcpu.guest_efer & EFER_NX))

The !! can now be dropped. When the change mentioned above is
done we'll need to remember that this then also needs tweaking.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.