Xen project Mailing List

Re: [Xen-devel] [PATCH RESEND v1 6/7] x86: Implement Intel Processor Trace MSRs read/write

From: "Kang, Luwei" <luwei.kang@xxxxxxxxx>

Date: Thu, 3 May 2018 09:40:55 +0000

Accept-language: en-US

Cc: "Tian, Kevin" <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>

Delivery-date: Thu, 03 May 2018 09:41:09 +0000

Dlp-product: dlpe-windows

Dlp-reaction: no-action

Dlp-version: 11.0.200.100

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHTjp+6+Vq8rXrVY0+QDol2cEeUeqQUoqmAgAl5zKD//6JQAIAAowtg

Thread-topic: [PATCH RESEND v1 6/7] x86: Implement Intel Processor Trace MSRs read/write

> >>> On 03.05.18 at 07:22, <luwei.kang@xxxxxxxxx> wrote: > >> And there is one more thing I've not found throughout the series: EPT > > violations and a few other VM exits have gained a new > >> qualification bit, indicating that it's not the current instruction > >> which > > has caused the exit. > > > > I don't quite understand here about EPT violations and other VM > > exit qualification bit. There may have an EPT violations when guest > > record trace to ToPA. Is this what is your concern? About new vm-exit > > qualification bit, do you mean there have new qualification bit for Intel > > PT? > > Quoting the respective doc: > > "4.2.2.1 VM Exits Due to Intel PT Output > > Treating PT output addresses as guest-physical addresses introduces the > possibility of taking events on PT output reads and writes. > Event possibilities include EPT violations, EPT misconfigurations, PML > log-full VM exits, and APIC access VM exits. > > Exit Qualification > > Intel PT output reads and writes are asynchronous to instruction execution, > as a result of the internal buffering of trace data. Trace > packets are output some unpredictable number of cycles after the completion > of the instructions or events that generated them. > For this reason, any VM exit caused by Intel PT output will set the > following new exit qualification bit." Hi Jan, Thanks for your clarification. Please correct me if I have something wrong. Guest may execute an instruction and this instruction may produce an PT packet save in PT output buffer. An EPT violation will be generated if the address of this PT buffer don't have EPT page table mapping, but this EPT violations shouldn't be handled by x86_emulate() because it no relate with the execute of this instruction. In that case, can we build the EPT map when set the output buffer address (IA32_RTIT_OUTPUT_BASE) and crash the guest if still happened EPT violation with Intel PT output buffer read/write exit qualification. Or add an exit qualification check before instruction emulation? Thanks, Luwei Kang > > >> I can't imagine this to not require any change to the handling of > >> such exits > > - in particular, such exits must never be handled by > >> invoking the insn emulator. Aiui the only handling options here are > >> to > > eliminate the condition causing the exit, or to crash the guest. > >> There's no way to emulate the intended access. > > > > Emulate which instructions? Can you give me an example? > > No instructions, as I've said (and hence no example). My point is you need to > make sure we don't _ever_ try to emulate the > instruction at which guest state points when this is an EPT violation (or > misconfiguration) caused by Intel PT. > > Jan > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.