[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1] x86/mm: Suppresses vm_events caused by page-walks



On 8/27/18 12:11 PM, Jan Beulich wrote:
>>>> On 24.08.18 at 20:47, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> 619 /* EPT violation qualifications definitions */
>> 620 typedef union ept_qual {
>> 621     unsigned long raw;
>> 622     struct {
>> 623         bool read:1, write:1, fetch:1,
>> 624             eff_read:1, eff_write:1, eff_exec:1, /* eff_user_exec */:1,
>> 625             gla_valid:1,
>> 626             gla_fault:1; /* Valid iff gla_valid. */
>> 627         unsigned long /* pad */:55;
>> 628     };
>> 629 } __transparent__ ept_qual_t;
>>
>> Unfortunately, I've been told that that's not the way to go since those
>> fields will be relevant only on newer architectures, and we'd like to be
>> able to support even older ones. And, of course, the other thing is that
>> they're VMX / EPT specific, and we were hoping to be able to get SVM
>> support for free like that.
> 
> If this was the case (I didn't check, and you didn't provide a
> pointer along with the "I've been told"), at the very least on
> newer hardware correct behavior should be implemented.

Sorry for being unclear. If the question is who told me, it's been
decided internally that the product should support older processors. If
the question is what does "older" mean, we've checked a random Skylake
CPU with the "if bit 22 is read as 1, the processor reports advanced
VM-exit information for EPT violations (see Section 27.2.1). This
reporting is done only if this bit is read as 1" method, and the
respective bit was not set.

The information is in Table 27-6 of the Intel SDM.

> For NPT, isn't there an error code bit telling you whether the
> request was a user or "system" one? If not, some cheating
> would be needed (derive from CPL, accepting that e.g.
> descriptor table accesses would get mis-attributed), but
> that's still not going to involve looking at the PTE flags.

The alternative would be to simply walk (without enforcing any flags,
and so making the pfec walk parameter unnecessary) to the respective
address, and query for _PAGE_ACCESSED and _PAGE_DIRTY only.

If _PAGE_ACCESSED is not set, set it and exit.
If _PAGE_ACCESSED is set, set _PAGE_DIRTY also and exit.

The idea here being that (1) "no TLB entry or paging-structure cache
entry is created with information from a paging-structure entry in which
the accessed flag is 0" and (2) "a page-fault exception resulting from
an attempt to use a linear address will invalidate any TLB entries that
are for a page number corresponding to that linear address and that are
associated with the current PCID" mean that the only way we would end up
in the codepath is if we need to set the A/D bits - which we can, if we
use modified version of the code walker that simply does not care about
the pfec parameter.

This would presumably also work well for NPT, and also on CPUs that do
not support the newer EPT qualification bits.

Is this upstreamable?


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.