[PATCH] Flush stale TLBs

[PATCH] Flush stale TLBs

[Ben Guthro]

[-- Attachment #1.1: Type: text/plain, Size: 743 bytes --]

This patch causes a flush of the local host TLBs after any
modification of the linearpagetable mapping.

This was not needed when vmenter/vmexit always had the side effect of
flushing host TLBs.

But, with SVM ASIDs, it is possible to:
(1) Update CR3 update,
(2) vmenter the guest, and
(3) and vmexit due to a page fault
all without an intervening host TLB flush.

Then the page fault code could use the linear pagetable
to read a top-level shadow page table entry.

But, without this change, it would fetch the wrong value
due to a stale TLB.

This code applies to unstable. 
We also have a 3.1.2 version available upon request.

Signed-off-by: Robert Phillips <rphillips@virtualiron.com>
Signed-off-by: Ben Guthro <bguthro@virtualiron.com>


[-- Attachment #1.2: Type: text/html, Size: 1088 bytes --]

[-- Attachment #2: xen-stale-tlb.patch --]
[-- Type: text/x-patch, Size: 989 bytes --]

diff -r 5612da277300 xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c	Mon Oct 29 07:54:17 2007 -0400
+++ b/xen/arch/x86/mm/shadow/multi.c	Mon Oct 29 07:56:15 2007 -0400
@@ -3392,6 +3392,20 @@ sh_update_linear_entries(struct vcpu *v)
 #else
 #error this should not happen
 #endif
+    if ( shadow_mode_external(d) )
+    {
+        /* Having modified the linear pagetable mapping, flush local host TLBs.
+         * This was not needed when vmenter/vmexit always had the side effect of
+         * flushing host TLBs but, with SVM ASIDs, it is possible to
+         * finish this CR3 update, vmenter the guest, vmexit due to a
+         * page fault, without an intervening host TLB flush.
+         * Then the page fault code could use the linear pagetable
+         * to read a top-level shadow page table entry.
+         * But, without this change, it would fetch the wrong value
+         * due to a stale TLB.
+         */
+        flush_local_tlb();
+    }
 }
 
 

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: [PATCH] Flush stale TLBs

[Ben Guthro]

[-- Attachment #1.1: Type: text/plain, Size: 910 bytes --]

Apologies. The prior version caused build errors in unstable.
Please use the attached version instead


Ben Guthro wrote:
> This patch causes a flush of the local host TLBs after any
> modification of the linearpagetable mapping.
>
> This was not needed when vmenter/vmexit always had the side effect of
> flushing host TLBs.
>
> But, with SVM ASIDs, it is possible to:
> (1) Update CR3 update,
> (2) vmenter the guest, and
> (3) and vmexit due to a page fault
> all without an intervening host TLB flush.
>
> Then the page fault code could use the linear pagetable
> to read a top-level shadow page table entry.
>
> But, without this change, it would fetch the wrong value
> due to a stale TLB.
>
> This code applies to unstable. 
> We also have a 3.1.2 version available upon request.
>
> Signed-off-by: Robert Phillips <rphillips@virtualiron.com>
> Signed-off-by: Ben Guthro <bguthro@virtualiron.com>
>   


[-- Attachment #1.2: Type: text/html, Size: 1443 bytes --]

[-- Attachment #2: xen-stale-tlb.patch --]
[-- Type: text/x-patch, Size: 989 bytes --]

diff -r 5612da277300 xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c	Mon Oct 29 07:54:17 2007 -0400
+++ b/xen/arch/x86/mm/shadow/multi.c	Mon Oct 29 07:56:15 2007 -0400
@@ -3392,6 +3392,20 @@ sh_update_linear_entries(struct vcpu *v)
 #else
 #error this should not happen
 #endif
+    if ( shadow_mode_external(d) )
+    {
+        /* Having modified the linear pagetable mapping, flush local host TLBs.
+         * This was not needed when vmenter/vmexit always had the side effect of
+         * flushing host TLBs but, with SVM ASIDs, it is possible to
+         * finish this CR3 update, vmenter the guest, vmexit due to a
+         * page fault, without an intervening host TLB flush.
+         * Then the page fault code could use the linear pagetable
+         * to read a top-level shadow page table entry.
+         * But, without this change, it would fetch the wrong value
+         * due to a stale TLB.
+         */
+        flush_tlb_local();
+    }
 }
 
 

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel