From: Gianluca Guida <gianluca.guida@eu.citrix.com>
To: Keir Fraser <keir.fraser@eu.citrix.com>
Cc: "Li, Haicheng" <haicheng.li@intel.com>,
"'xen-devel@lists.xensource.com'" <xen-devel@lists.xensource.com>,
"Li, Xin" <xin.li@intel.com>
Subject: Re: Weekly VMX status report. Xen: #18846 & Xen0: #749
Date: Fri, 12 Dec 2008 20:37:16 +0000 [thread overview]
Message-ID: <4942CB7C.6070500@eu.citrix.com> (raw)
In-Reply-To: <C5613C9C.1FF15%keir.fraser@eu.citrix.com>
Hello,
Keir Fraser wrote:
> On 07/12/2008 02:23, "Li, Xin" <xin.li@intel.com> wrote:
>
>>>> There's a good chance that at least bug #1 is fixed on current tip
>>>> (c/s 18881).
>>> OK, we will check it with c/s 18881, thanks.
>> The root cause of the crash when booting a 64bit Solaris 10u5 guest is that
>> Xen hypervisor has turned off NX as guest AP has not turned on NX, but shadow
>> already has NX set...
This is what I think is going on:
BSP has finished its bootstrap phase, has enabled the EFER's NX bit and
set the kernel mapping to pages that are going to be used as pagetable
non-executable.
AP enables long mode, but not the EFER's NX. It accesses an address
whose guest walk has pages still not shadowed, and the shadow code
enters the game trying to remove writable mappings of that given guest page.
And here's -- I think -- the bug: when we update the MSR (in context
switch) it is my understanding that we update the MSR based on the
guest's vcpu state. So, when the shadow code will try to read the shadow
mapping of the soon-to-be-promoted page will access a shadow mapping
with NX bit and get a reserved-bit pagefault, because the host's EFER
will have NX feature disabled.
I see two ways to fix this:
- Disable NX support in shadows until all vcpus have EFER's NX enabled.
This would means that the guest thinks it has NX bit protection in at
least one vcpus but in reality it doesn't. Also, to properly support
execute-disable protection, we would need to blow the shadows when we
can finally enable NX bit in shadows.
- Always enable EFER's NX in host mode. We could also avoid changing
EFER's status between vmentry and vmexits, but this would cause some
issue in reserved bit handling in page faults. This could be easily
fixed in shadow code, but in HAP would make the whole thing more
complicated.
Do the people that know better than me the actual VMX code have any
opinion about the best way to fix this?
Thanks,
Gianluca
next prev parent reply other threads:[~2008-12-12 20:37 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E88DD564E9DC5446A76B2B47C3BCCA1540A67C2A@pdsmsx503.ccr.corp.intel.com>
2008-12-07 8:41 ` Weekly VMX status report. Xen: #18846 & Xen0: #749 Keir Fraser
2008-12-08 3:00 ` Cui, Dexuan
2008-12-12 20:37 ` Gianluca Guida [this message]
2008-12-12 23:22 ` Keir Fraser
2008-12-12 23:30 ` Gianluca Guida
2008-12-13 14:06 ` Keir Fraser
2008-12-13 15:14 ` Nakajima, Jun
2008-12-13 15:40 ` Keir Fraser
2008-12-13 22:43 ` Nakajima, Jun
2008-12-13 23:21 ` Keir Fraser
2008-12-15 13:02 ` Keir Fraser
2008-12-16 5:54 ` Li, Haicheng
2008-12-16 7:24 ` Li, Haicheng
2008-12-16 11:55 ` Keir Fraser
[not found] <E88DD564E9DC5446A76B2B47C3BCCA15432C0FC2@pdsmsx503.ccr.corp.intel.com>
2008-12-16 12:29 ` Keir Fraser
2008-12-16 12:33 ` Li, Xin
2008-12-06 11:45 Li, Haicheng
2008-12-06 12:16 ` Keir Fraser
2008-12-06 12:21 ` Li, Haicheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4942CB7C.6070500@eu.citrix.com \
--to=gianluca.guida@eu.citrix.com \
--cc=haicheng.li@intel.com \
--cc=keir.fraser@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
--cc=xin.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.