[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/altp2m: clean up p2m_{get/set}_suppress_ve()



On 9/24/18 6:25 PM, George Dunlap wrote:
> On 09/23/2018 06:04 PM, Razvan Cojocaru wrote:
>> Move p2m_{get/set}_suppress_ve() to p2m.c, replace incorrect
>> ASSERT() in p2m-pt.c (since a guest can run in shadow mode even on
>> a system with virt exceptions, which would trigger the ASSERT()),
>> and move the VMX-isms (cpu_has_vmx_virt_exceptions checks) to
>> p2m_ept_{get/set}_entry().
>>
>> Signed-off-by: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
> 
> Thanks for the clean up.  Two realtively minor comments...
> 
>> @@ -931,6 +942,16 @@ static mfn_t ept_get_entry(struct p2m_domain *p2m,
>>      mfn_t mfn = INVALID_MFN;
>>      struct ept_data *ept = &p2m->ept;
>>  
>> +    if ( sve )
>> +    {
>> +        if ( !cpu_has_vmx_virt_exceptions )
>> +            return INVALID_MFN;
>> +
>> +        /* #VE should be enabled for this vcpu. */
>> +        if ( gfn_eq(vcpu_altp2m(current).veinfo_gfn, INVALID_GFN) )
>> +            return INVALID_MFN;
>> +    }
> 
> Is there a good reason to return error her rather than just putting '1'
> in the sve location, like the p2m_pt.c version of this function does?

First, thanks for the review!

The p2m_pt.c version can only return 1 because that's the only value
that bit can have on #VE-incapable hardware. For the
cpu_has_vmx_virt_exceptions, that assumption does hold, however in a
scenario where:

1. we enable #VE and set that bit to 0;
2. we disable #VE (so gfn_eq(vcpu_altp2m(current).veinfo_gfn,
INVALID_GFN) == true);
3. we call ept_get_entry();

setting it to 1 would be misleading, since it's value is now really 0.

I do agree that returning INVALID_MFN is no necessarily more informative.

Alternatively, I could simply remove the checks here altogether. If
!cpu_has_vmx_virt_exceptions then ept_get_entry() should fail anyway, so
the bit will just remain 1 and thus the following code:

 999     if ( is_epte_valid(ept_entry) )
1000     {
1001         *t = p2m_recalc_type(recalc || ept_entry->recalc,
1002                              ept_entry->sa_p2mt, p2m, gfn);
1003         *a = ept_entry->access;
1004         if ( sve )
1005             *sve = ept_entry->suppress_ve;

should automatically do the right thing. And if, in the above scenario,
the bit became 0, we return that value properly as well.

Would that be better?

>> +int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve,
>> +                        unsigned int altp2m_idx)
>> +{
>> +    struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
>> +    struct p2m_domain *ap2m = NULL;
>> +    struct p2m_domain *p2m;
>> +    mfn_t mfn;
>> +    p2m_access_t a;
>> +    p2m_type_t t;
>> +
>> +    /* #VE should be enabled for this vcpu. */
>> +    if ( gfn_eq(vcpu_altp2m(current).veinfo_gfn, INVALID_GFN) )
>> +        return -ENXIO;
> 
> What's the purpose of checking for this here, if we don't check for this
> in p2m_set_suppress_ve()?

Sorry, I seem to have accidentally left that in p2m_get_suppress_ve() -
I'll delete it from here and leave it only in ept_set_entry(). It's
pointless to have it duplicated here.


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.