From: Sergey Dyasli <sergey.dyasli@citrix.com>
Cc: Sergey Dyasli <sergey.dyasli@citrix.com>,
Kevin Tian <kevin.tian@intel.com>,
"jbeulich@suse.com" <jbeulich@suse.com>,
"jun.nakajima@intel.com" <jun.nakajima@intel.com>,
Andrew Cooper <Andrew.Cooper3@citrix.com>,
"Tim (Xen.org)" <tim@xen.org>,
George Dunlap <George.Dunlap@citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"boris.ostrovsky@oracle.com" <boris.ostrovsky@oracle.com>
Subject: Re: [PATCH v1 07/14] x86/vvmx: restart nested vmentry in case of stale_np2m
Date: Fri, 29 Sep 2017 13:39:55 +0000 [thread overview]
Message-ID: <1506692388.3599.1.camel@citrix.com> (raw)
In-Reply-To: <58f57e9c-6ddf-77db-e482-a14268cffd03@citrix.com>
On Fri, 2017-09-29 at 11:53 +0100, George Dunlap wrote:
> On 09/04/2017 09:14 AM, Sergey Dyasli wrote:
> > If an IPI flushes vCPU's np2m object just before nested vmentry, there
> > will be a stale shadow EPTP value in VMCS02. Allow vmentry to be
> > restarted in such cases and add nvmx_eptp_update() to perform an update.
> >
> > Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
> > ---
> > xen/arch/x86/hvm/vmx/entry.S | 6 ++++++
> > xen/arch/x86/hvm/vmx/vmx.c | 8 +++++++-
> > xen/arch/x86/hvm/vmx/vvmx.c | 14 ++++++++++++++
> > 3 files changed, 27 insertions(+), 1 deletion(-)
> >
> > diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S
> > index 53eedc6363..9fb8f89220 100644
> > --- a/xen/arch/x86/hvm/vmx/entry.S
> > +++ b/xen/arch/x86/hvm/vmx/entry.S
> > @@ -79,6 +79,8 @@ UNLIKELY_END(realmode)
> >
> > mov %rsp,%rdi
> > call vmx_vmenter_helper
> > + cmp $0,%eax
> > + jne .Lvmx_vmentry_restart
> > mov VCPU_hvm_guest_cr2(%rbx),%rax
> >
> > pop %r15
> > @@ -117,6 +119,10 @@ ENTRY(vmx_asm_do_vmentry)
> > GET_CURRENT(bx)
> > jmp .Lvmx_do_vmentry
> >
> > +.Lvmx_vmentry_restart:
> > + sti
> > + jmp .Lvmx_do_vmentry
> > +
> > .Lvmx_goto_emulator:
> > sti
> > mov %rsp,%rdi
> > diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
> > index f6da119c9f..06509590b7 100644
> > --- a/xen/arch/x86/hvm/vmx/vmx.c
> > +++ b/xen/arch/x86/hvm/vmx/vmx.c
> > @@ -4223,13 +4223,17 @@ static void lbr_fixup(void)
> > bdw_erratum_bdf14_fixup();
> > }
> >
> > -void vmx_vmenter_helper(const struct cpu_user_regs *regs)
> > +int vmx_vmenter_helper(const struct cpu_user_regs *regs)
> > {
> > struct vcpu *curr = current;
> > u32 new_asid, old_asid;
> > struct hvm_vcpu_asid *p_asid;
> > bool_t need_flush;
> >
> > + /* Shadow EPTP can't be updated here because irqs are disabled */
> > + if ( nestedhvm_vcpu_in_guestmode(curr) && vcpu_nestedhvm(curr).stale_np2m )
> > + return 1;
> > +
> > if ( curr->domain->arch.hvm_domain.pi_ops.do_resume )
> > curr->domain->arch.hvm_domain.pi_ops.do_resume(curr);
> >
> > @@ -4290,6 +4294,8 @@ void vmx_vmenter_helper(const struct cpu_user_regs *regs)
> > __vmwrite(GUEST_RIP, regs->rip);
> > __vmwrite(GUEST_RSP, regs->rsp);
> > __vmwrite(GUEST_RFLAGS, regs->rflags | X86_EFLAGS_MBS);
> > +
> > + return 0;
> > }
> >
> > /*
> > diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
> > index ea2da14489..26ce349c76 100644
> > --- a/xen/arch/x86/hvm/vmx/vvmx.c
> > +++ b/xen/arch/x86/hvm/vmx/vvmx.c
> > @@ -1405,12 +1405,26 @@ static void virtual_vmexit(struct cpu_user_regs *regs)
> > vmsucceed(regs);
> > }
> >
> > +static void nvmx_eptp_update(void)
> > +{
> > + if ( !nestedhvm_vcpu_in_guestmode(current) ||
> > + vcpu_nestedhvm(current).nv_vmexit_pending ||
> > + !vcpu_nestedhvm(current).stale_np2m ||
> > + !nestedhvm_paging_mode_hap(current) )
> > + return;
> > +
> > + __vmwrite(EPT_POINTER, get_shadow_eptp(current));
> > + vcpu_nestedhvm(current).stale_np2m = false;
>
> Hmm, so interrupts are enabled here. What happens if a flush IPI occurs
> between these two lines of code? Won't we do the vmenter with a stale np2m?
>
> It seems like we should clear stale_np2m first. If an IPI occurs then,
> we'll end up re-executing the vmenter unnecessarily, but it's better to
> do that than to not re-execute it when we need to.
Good catch! Clearing of stale_np2m must indeed happen before updating
a shadow EPTP.
--
Thanks,
Sergey
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-09-29 13:39 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-04 8:14 [PATCH v1 00/14] Nested p2m: allow sharing between vCPUs Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 01/14] x86/np2m: refactor p2m_get_nestedp2m() Sergey Dyasli
2017-09-28 14:00 ` George Dunlap
2017-09-04 8:14 ` [PATCH v1 02/14] x86/np2m: add np2m_flush_base() Sergey Dyasli
2017-09-28 14:01 ` George Dunlap
2017-09-04 8:14 ` [PATCH v1 03/14] x86/vvmx: use np2m_flush_base() for INVEPT_SINGLE_CONTEXT Sergey Dyasli
2017-09-26 16:05 ` George Dunlap
2017-09-04 8:14 ` [PATCH v1 04/14] x86/np2m: remove np2m_base from p2m_get_nestedp2m() Sergey Dyasli
2017-09-26 16:06 ` George Dunlap
2017-09-04 8:14 ` [PATCH v1 05/14] x86/np2m: add np2m_generation Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 06/14] x86/np2m: add stale_np2m flag Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 07/14] x86/vvmx: restart nested vmentry in case of stale_np2m Sergey Dyasli
2017-09-29 10:53 ` George Dunlap
2017-09-29 13:39 ` Sergey Dyasli [this message]
2017-09-04 8:14 ` [PATCH v1 08/14] x86/np2m: add np2m_schedule() Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 09/14] x86/np2m: add p2m_get_nestedp2m_locked() Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 10/14] x86/np2m: improve nestedhvm_hap_nested_page_fault() Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 11/14] x86/np2m: implement sharing of np2m between vCPUs Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 12/14] x86/np2m: refactor p2m_get_nestedp2m_locked() Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 13/14] x86/np2m: add break to np2m_flush_eptp() Sergey Dyasli
2017-09-04 8:14 ` [PATCH v1 14/14] x86/vvmx: remove EPTP write from ept_handle_violation() Sergey Dyasli
2017-09-29 15:01 ` [PATCH v1 00/14] Nested p2m: allow sharing between vCPUs George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1506692388.3599.1.camel@citrix.com \
--to=sergey.dyasli@citrix.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=George.Dunlap@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.