From: Adrian Pop <apop@bitdefender.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Tamas K Lengyel <tamas@tklengyel.com>,
Wei Liu <wei.liu2@citrix.com>,
Razvan Cojocaru <rcojocaru@bitdefender.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH 2/3] x86/altp2m: Add a hvmop for setting the suppress #VE bit
Date: Tue, 6 Jun 2017 16:00:59 +0300 [thread overview]
Message-ID: <20170606130059.GA12361@hel> (raw)
In-Reply-To: <592C4E89020000780015D524@prv-mh.provo.novell.com>
Hello,
On Mon, May 29, 2017 at 08:38:33AM -0600, Jan Beulich wrote:
> >>> On 18.05.17 at 17:07, <apop@bitdefender.com> wrote:
> > --- a/xen/arch/x86/mm/mem_access.c
> > +++ b/xen/arch/x86/mm/mem_access.c
> > @@ -466,6 +466,54 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access)
> > }
> >
> > /*
> > + * Set/clear the #VE suppress bit for a page. Only available on VMX.
> > + */
> > +int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, uint8_t suppress_ve,
>
> suppress_ve presumably is meant to be boolean.
Yes. It can be changed to bool.
> > + unsigned int altp2m_idx)
> > +{
> > + struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
> > + struct p2m_domain *ap2m = NULL;
> > + struct p2m_domain *p2m = NULL;
>
> Pointless initializer.
Ok.
> > + mfn_t mfn;
> > + p2m_access_t a;
> > + p2m_type_t t;
> > + unsigned long gfn_l;
>
> Please avoid this local variable and use gfn_x() in the two places
> you need to.
Sure.
> > + int rc = 0;
>
> Pointless initializer again.
Right.
> > +
> > + if ( !cpu_has_vmx )
> > + return -EOPNOTSUPP;
>
> Is this enough? Wouldn't it be better to signal the caller whenever
> hardware (or even software) isn't going to honor the request?
Well, the caller checks the return value. The libxc function
xc_altp2m_set_suppress_ve for instance will return a negative in this
case.
> > + if ( altp2m_idx > 0 )
> > + {
> > + if ( altp2m_idx >= MAX_ALTP2M ||
> > + d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
>
> Indentation.
Ok.
> > + return -EINVAL;
> > +
> > + p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx];
> > + }
> > + else
> > + {
> > + p2m = host_p2m;
> > + }
>
> Unnecessary braces.
Ok.
> > + p2m_lock(host_p2m);
> > + if ( ap2m )
> > + p2m_lock(ap2m);
> > +
> > + gfn_l = gfn_x(gfn);
> > + mfn = p2m->get_entry(p2m, gfn_l, &t, &a, 0, NULL, NULL);
> > + if ( !mfn_valid(mfn) )
> > + return -ESRCH;
> > + rc = p2m->set_entry(p2m, gfn_l, mfn, PAGE_ORDER_4K, t, a,
> > + suppress_ve);
> > + if ( ap2m )
> > + p2m_unlock(ap2m);
> > + p2m_unlock(host_p2m);
>
> To fiddle with a single gfn, this looks to be very heavy locking.
> While for now gfn_lock() is the same as p2m_lock(), from an
> abstract perspective I'd expect gfn_lock() to suffice here at
> least in the non-altp2m case.
Ok.
> And then there are two general questions: Without a libxc layer
> function, how is one supposed to use this new sub-op? Is it
> really intended to permit a guest to call this for itself?
Well, the sub-op could be used from a Linux kernel module if libxc is
not available if struct xen_hvm_altp2m_op and struct
xen_hvm_altp2m_set_suppress_ve are defined.
Our use case, though, involves either Dom0 or a "privileged" DomU
altering the suppress #VE bit for the target guest.
> Jan
>
Thanks!
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-06-06 13:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-18 15:07 [PATCH 0/3] x86: Add a hvmop for setting the #VE suppress bit Adrian Pop
2017-05-18 15:07 ` [PATCH 1/3] x86/mm: Change default value for suppress #VE in set_mem_access() Adrian Pop
2017-05-18 15:07 ` [PATCH 2/3] x86/altp2m: Add a hvmop for setting the suppress #VE bit Adrian Pop
2017-05-18 17:27 ` Tamas K Lengyel
2017-05-23 12:03 ` Adrian Pop
2017-05-29 14:38 ` Jan Beulich
2017-06-06 13:00 ` Adrian Pop [this message]
2017-06-06 13:08 ` Jan Beulich
2017-06-08 13:49 ` Adrian Pop
2017-06-08 14:08 ` Jan Beulich
2017-06-09 14:18 ` Adrian Pop
2017-05-18 15:07 ` [PATCH 3/3] libxc: Add support for the altp2m suppress #VE hvmop Adrian Pop
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170606130059.GA12361@hel \
--to=apop@bitdefender.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=rcojocaru@bitdefender.com \
--cc=tamas@tklengyel.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.