[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH v1 1/1] x86/domctl: add gva_to_gfn command
- To: Ковалёв Сергей <valor@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Mon, 20 Mar 2023 19:46:27 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rRdq8SeMNqBhRW5k0lO2KCQHkrOHIO8uhBcHaFzTd8o=; b=LReuzUNYXIK6qtIn7hANwpq9FGwsIIWXPxVBmgYcVX21ZH42U12luJh9XTbJD+Z6wvs60sv1aIBxVxGfPyRgD7D+i7ElK0WxXzzEsxMP6+s7v/m8QKMvLBbUJ4YSO+soiR6dZDnnIxNvKf1j6JTNjwJVXrFlUCnSIoQd3trcoXCsJCHT3Jr/hGk0dBAMoRYg66vX8YMNu2crsacbUsulc6sYcS0GRjSf9Bem6yy4oiRriyn+jC2ZO1ljK0KcL+2s5IZ9Q4qkexlBejm+2mEXknjry3FSO5F5vugvxO0/TSB3imsqumDAszDG7WbvXY6M4i5gonKfhutpr3GtHCaWsg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f3JV3hRHJUXeJbfM+yFy2REeMHNaSJewK6H9vxnR/dgP49wOm2AfD0T91udN5x2RVniG6UHFy0fz9Gft9nHhNvARzbn4mnX/nhcsxScbP0nmZVyFrG8QSIRxfJY933AcJbRoBT20ROIpL1gFpi/JsKBB0qL/SLsH3y6FFcVTLtMOuFJr3TX6N+cI+OKYfPr4ks+50kBVBLy3ZePtrYmAs6xLTfH8wOVGSzdKDBd0ntob+1WRYjV0mK62L8iJC0uYf5/DVy3lDzzEqu5FgP1JOoXsEo9av7QtEYpZweVp/pda5uNyyJpYNSM49AaNOmTF3DHoqQ8/W/JuUzXxMs8I1w==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Dmitry Isaykin <isaikin-dmitry@xxxxxxxxx>
- Delivery-date: Mon, 20 Mar 2023 19:47:00 +0000
- Ironport-data: A9a23:6eMK6q4Tywywv8VjWYaRzgxRtLPGchMFZxGqfqrLsTDasY5as4F+v mYaDWiDbP+NM2Tyct52advi8EtSvZfdmNJgSAZrqnpmHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+7JwehBtC5gZlPasR5AeH/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m1 8UzdikRaCm/q6H1+qDkQ+tvv8M6M5y+VG8fkikIITDxK98DGMqGaYOaoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OkUoojuiF3Nn9I7RmQe18mEqCq 32A1GP+GhwAb/SUyCaf82LqjejK9c/+cNtKTePgr6Iz2TV/wEQxJToUUlyis8W5i1+gRdFbL FIe9QAX+P1aGEuDC4OVsweDiGCNuhkGc95RCPF88hzl4rrZ5UOVC3YJShZFacc6r4kmSDoyz FiLktj1Qzt1v9W9S3iQ67OVpjOaIjUOICkJYipsZRQBy8nupsc0lB2nZtR+FK+4iPXlFDe2x CqFxAAlnKkah8MP06S9/HjEjiiqq5yPSRQ6ji3LV2es9StlZ4qoYYO55Fyd5vFFRK6YVVCAv 3kC3sSb7fwUHLmcnSqBTfVLBqzB2hqeGDjVgFoqFZ9x8T2ooiSnZdoJvmE4I1p1OMEZfzOve FXUpQ5a+J5UOj2tcLNzZIWyTc8tyMAMCOjYaxwdVfIWCrAZSeNN1H0GiZK4t4w1rHURrA==
- Ironport-hdrordr: A9a23:6ptGEKC2r0V1kgXlHelw55DYdb4zR+YMi2TDtnoBMiC9F/byqy nAppomPHPP5Qr5G0tQ/exoQZPgfZqEz/5ICOoqTNWftWvdyROVxehZhOOJ/9SHIVyaygc378 hdmsZFZOEYQmIK6voSTTPIdeoI0Z2syojtr+Hb1nJsRQZhZ+Vb6RtjAArzKDwUeOADP+tBKK ah
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 20/03/2023 7:35 pm, Ковалёв Сергей wrote:
> 20.03.2023 22:07, Andrew Cooper пишет:
>>
>> More generally, issuing the hypercall under vcpu0 isn't necessarily
>> correct. It is common for all vCPUs to have equivalent paging settings,
>> but e.g. Xen transiently disables CR4.CET and CR0.WP in order to make
>> self-modifying code changes.
>>
>> Furthermore, the setting of CR4.{PAE,PSE} determines reserved bits, so
>> you can't even ignore the access rights and hope that the translation
>> works out correctly.
>
> Thanks! I didn't think about such things earlier. I should to think
> this know carefully.
If you haven't already, read
https://github.com/xen-project/xen/blob/master/xen/arch/x86/mm/guest_walk.c
and
https://github.com/andyhhp/xtf/blob/pagetable-emulation/tests/pagetable-emulation/main.c
These are various notes and tests I made last time I had to rewrite
Xen's pagewalk from scratch.
>
>>
>> Ideally we'd have a pagewalk algorithm which didn't require taking a
>> vcpu, and instead just took a set of paging configuration, but it is all
>> chronically entangled right now.
>>
>
> Do You mean to add new implementation of "paging_ga_to_gfn_cr3"?
Yes, but I didn't mean for this to be taken as a suggestion. It's far
more work than it sounds...
>
>> I think, at a minimum, you need to take a vcpu_id as an input, but I
>> suspect to make this a usable API you want an altp2m view id too.
>>
>
> Why we should consider altp2m while translating guest virtual address to
> guest physical one?
Because altp2m can change the gfn mappings, and therefore the contents
of the pagetables.
A pagewalk from cr3 in one view can end up being totally different to a
walk from the same cr3 in a different view.
>
>> Also, I'm pretty sure this is only safe for a paused vCPU. If the vCPU
>> isn't paused, then there's a TOCTOU race in the pagewalk code when
>> inspecting control registers.
>>
>
> Thanks! Should we pause the domain?
Certainly the vCPU. Chances are that if you're making this hypercall
from a libvmi callback, the vCPU in question is already paused, at which
point taking one extra pause ref on it is very quick.
>
>>> + uint32_t pfec = PFEC_page_present;
>>> + unsigned int page_order;
>>> +
>>> + uint64_t gfn = paging_ga_to_gfn_cr3(v, cr3, ga, &pfec,
>>> &page_order);
>>> + domctl->u.gva_to_gfn.addr = gfn;
>>> + domctl->u.gva_to_gfn.page_order = page_order;
>>
>> page_order is only not stack rubble if gfn is different to INVALID_GFN.
>>
>
> Sorry but I don't understand "is only not stack rubble". Do you mean
> that I should initialize "page_order" while defining it?
page_order is only initialised when gfn returns != INVALID_GFN.
See the function description.
~Andrew
|
