From: Avi Kivity <avi@redhat.com>
To: Jeremy Fitzhardinge <jeremy@goop.org>
Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>,
Dan Magenheimer <dan.magenheimer@oracle.com>,
Xen-devel <xen-devel@lists.xensource.com>,
kurt.hackel@oracle.com, the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Glauber de Oliveira Costa <gcosta@redhat.com>,
Keir Fraser <keir.fraser@eu.citrix.com>,
Zach Brown <zach.brown@oracle.com>,
Chris Mason <chris.mason@oracle.com>
Subject: Re: [Xen-devel] Re: [PATCH 3/5] x86/pvclock: add vsyscall implementation
Date: Wed, 07 Oct 2009 23:37:47 +0200 [thread overview]
Message-ID: <4ACD0A2B.1080307@redhat.com> (raw)
In-Reply-To: <4ACD05D8.5090903@goop.org>
On 10/07/2009 11:19 PM, Jeremy Fitzhardinge wrote:
>
>> When do you copy?
>>
>> I'd rather have a single copy for guest and host.
>>
> When Xen updates the parameters normally. The interface never really
> needed to share the memory between hypervisor and guest, and I think
> avoiding it is a bit more robust.
>
> But for KVM, you already use the MSR to place the pvclock_vcpu_time_info
> structure, so you could just place it in the page and use the same
> memory for kernel and usermode.
>
Yes.
>> If the hypervisor does a pvclock->version = somethingelse->version++
>> then the guest may get confused. But I understand you have a
>> guest-private ->version?
>>
> The guest should never get confused by the version being changed by the
> hypervisor. It's already part of the ABI. Or did you mean something else?
>
If the guest does a RMW on the version, but the host does not (copying
it from somewhere else), then the guest RMW can be lost.
Looking at the code, that's what kvm does:
vcpu->hv_clock.version += 2;
shared_kaddr = kmap_atomic(vcpu->time_page, KM_USER0);
memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock,
sizeof(vcpu->hv_clock));
so a guest-side ++version can be lost.
> I'm not sure what you mean by "guest-private version"; the versions are
> always guest-private: te version is part of the pvclock structure,
> which is per-vcpu, which is private to each guest. The guest nevern
> maintains a separate long-term copy of the structure, only a transient
> snapshot while computing time from the tsc (that's the current pvclock.c
> code).
>
Same for kvm. I'm not worried about cross-guest corruption, just the
guest and host working together to confuse the guest.
>> No need to read them atomically.
>>
>> cpu1 = vgetcpu()
>> hver1 = pvclock[cpu1].hver
>> kver1 = pvclock[cpu1].kver
>> tsc = rdtsc
>> /* multipication magic with pvclock[cpu1]*/
>> cpu2 = vgetcpu()
>> hver2 = pvclock[cpu2].hver
>> kver2 = pvclock[cpu2].kver
>> valid = cpu1 == cpu2&& hver1 == hver2&& kver1 == kver2
>>
> I don't think that's necessary, but I can certainly live with it if it
> makes you happier.
>
I think the version issue requires it.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
WARNING: multiple messages have this Message-ID (diff)
From: Avi Kivity <avi@redhat.com>
To: Jeremy Fitzhardinge <jeremy@goop.org>
Cc: Dan Magenheimer <dan.magenheimer@oracle.com>,
Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>,
kurt.hackel@oracle.com, the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Glauber de Oliveira Costa <gcosta@redhat.com>,
Xen-devel <xen-devel@lists.xensource.com>,
Keir Fraser <keir.fraser@eu.citrix.com>,
Zach Brown <zach.brown@oracle.com>,
Chris Mason <chris.mason@oracle.com>
Subject: Re: Re: [PATCH 3/5] x86/pvclock: add vsyscall implementation
Date: Wed, 07 Oct 2009 23:37:47 +0200 [thread overview]
Message-ID: <4ACD0A2B.1080307@redhat.com> (raw)
In-Reply-To: <4ACD05D8.5090903@goop.org>
On 10/07/2009 11:19 PM, Jeremy Fitzhardinge wrote:
>
>> When do you copy?
>>
>> I'd rather have a single copy for guest and host.
>>
> When Xen updates the parameters normally. The interface never really
> needed to share the memory between hypervisor and guest, and I think
> avoiding it is a bit more robust.
>
> But for KVM, you already use the MSR to place the pvclock_vcpu_time_info
> structure, so you could just place it in the page and use the same
> memory for kernel and usermode.
>
Yes.
>> If the hypervisor does a pvclock->version = somethingelse->version++
>> then the guest may get confused. But I understand you have a
>> guest-private ->version?
>>
> The guest should never get confused by the version being changed by the
> hypervisor. It's already part of the ABI. Or did you mean something else?
>
If the guest does a RMW on the version, but the host does not (copying
it from somewhere else), then the guest RMW can be lost.
Looking at the code, that's what kvm does:
vcpu->hv_clock.version += 2;
shared_kaddr = kmap_atomic(vcpu->time_page, KM_USER0);
memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock,
sizeof(vcpu->hv_clock));
so a guest-side ++version can be lost.
> I'm not sure what you mean by "guest-private version"; the versions are
> always guest-private: te version is part of the pvclock structure,
> which is per-vcpu, which is private to each guest. The guest nevern
> maintains a separate long-term copy of the structure, only a transient
> snapshot while computing time from the tsc (that's the current pvclock.c
> code).
>
Same for kvm. I'm not worried about cross-guest corruption, just the
guest and host working together to confuse the guest.
>> No need to read them atomically.
>>
>> cpu1 = vgetcpu()
>> hver1 = pvclock[cpu1].hver
>> kver1 = pvclock[cpu1].kver
>> tsc = rdtsc
>> /* multipication magic with pvclock[cpu1]*/
>> cpu2 = vgetcpu()
>> hver2 = pvclock[cpu2].hver
>> kver2 = pvclock[cpu2].kver
>> valid = cpu1 == cpu2&& hver1 == hver2&& kver1 == kver2
>>
> I don't think that's necessary, but I can certainly live with it if it
> makes you happier.
>
I think the version issue requires it.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
next prev parent reply other threads:[~2009-10-07 21:39 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-06 0:50 [PATCH RFC] Extending pvclock down to usermode for vsyscall Jeremy Fitzhardinge
2009-10-06 0:50 ` Jeremy Fitzhardinge
2009-10-06 0:50 ` [PATCH 1/5] x86/pvclock: make sure rdtsc doesn't speculate out of region Jeremy Fitzhardinge
2009-10-06 0:50 ` Jeremy Fitzhardinge
2009-10-06 0:50 ` [PATCH 2/5] x86/pvclock: no need to use strong read barriers in pvclock_get_time_values Jeremy Fitzhardinge
2009-10-06 0:50 ` Jeremy Fitzhardinge
2009-10-06 0:50 ` [PATCH 3/5] x86/pvclock: add vsyscall implementation Jeremy Fitzhardinge
2009-10-06 0:50 ` Jeremy Fitzhardinge
2009-10-06 9:04 ` Avi Kivity
2009-10-06 9:04 ` Avi Kivity
2009-10-06 14:19 ` Dan Magenheimer
2009-10-06 14:19 ` Dan Magenheimer
2009-10-06 15:11 ` Avi Kivity
2009-10-06 15:11 ` Avi Kivity
2009-10-06 18:46 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-06 18:46 ` Jeremy Fitzhardinge
2009-10-07 10:25 ` [Xen-devel] " Avi Kivity
2009-10-07 10:25 ` Avi Kivity
2009-10-07 19:29 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-07 19:29 ` Jeremy Fitzhardinge
2009-10-07 20:09 ` [Xen-devel] " Avi Kivity
2009-10-07 20:09 ` Avi Kivity
2009-10-07 21:19 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-07 21:19 ` Jeremy Fitzhardinge
2009-10-07 21:37 ` Avi Kivity [this message]
2009-10-07 21:37 ` Avi Kivity
2009-10-07 21:51 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-07 21:51 ` Jeremy Fitzhardinge
2009-10-07 21:53 ` [Xen-devel] " Avi Kivity
2009-10-07 21:53 ` Avi Kivity
2009-10-07 20:48 ` [Xen-devel] " Dan Magenheimer
2009-10-07 20:48 ` Dan Magenheimer
2009-10-07 21:08 ` [Xen-devel] " Avi Kivity
2009-10-07 21:08 ` Avi Kivity
2009-10-07 22:36 ` [Xen-devel] " Dan Magenheimer
2009-10-07 22:36 ` Dan Magenheimer
2009-10-10 0:24 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-10 0:24 ` Jeremy Fitzhardinge
2009-10-10 18:10 ` [Xen-devel] " Avi Kivity
2009-10-10 18:10 ` Avi Kivity
2009-10-12 18:20 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-12 18:20 ` Jeremy Fitzhardinge
2009-10-12 18:29 ` [Xen-devel] " Avi Kivity
2009-10-12 18:29 ` Avi Kivity
2009-10-12 19:13 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-12 19:13 ` Jeremy Fitzhardinge
2009-10-13 6:39 ` [Xen-devel] " Avi Kivity
2009-10-13 6:39 ` Avi Kivity
2009-10-13 20:00 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-13 20:00 ` Jeremy Fitzhardinge
2009-10-14 12:32 ` [Xen-devel] " Avi Kivity
2009-10-14 12:32 ` Avi Kivity
2009-10-15 19:17 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-15 19:17 ` Jeremy Fitzhardinge
2009-10-27 17:29 ` [Xen-devel] " Dan Magenheimer
2009-10-27 17:29 ` Dan Magenheimer
2009-10-27 18:20 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-27 18:20 ` Jeremy Fitzhardinge
2009-10-28 5:52 ` [Xen-devel] " Avi Kivity
2009-10-28 5:52 ` Avi Kivity
2009-10-28 9:29 ` [Xen-devel] " Glauber Costa
2009-10-28 9:34 ` Avi Kivity
2009-10-28 9:34 ` Avi Kivity
2009-10-28 17:47 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-28 17:47 ` Jeremy Fitzhardinge
2009-10-29 12:13 ` [Xen-devel] " Avi Kivity
2009-10-29 12:13 ` Avi Kivity
2009-10-29 13:03 ` [Xen-devel] " Chris Mason
2009-10-29 13:03 ` Chris Mason
2009-10-29 14:46 ` [Xen-devel] " Dan Magenheimer
2009-10-29 14:46 ` Dan Magenheimer
2009-10-29 15:07 ` [Xen-devel] " Avi Kivity
2009-10-29 15:07 ` Avi Kivity
2009-10-29 15:55 ` [Xen-devel] " Dan Magenheimer
2009-10-29 15:55 ` Dan Magenheimer
2009-10-29 16:15 ` [Xen-devel] " Dan Magenheimer
2009-10-29 16:15 ` Dan Magenheimer
2009-11-01 9:28 ` [Xen-devel] " Avi Kivity
2009-11-01 9:28 ` Avi Kivity
2009-11-02 15:28 ` [Xen-devel] " Dan Magenheimer
2009-11-02 15:28 ` Dan Magenheimer
2009-11-02 15:41 ` [Xen-devel] " Avi Kivity
2009-11-02 15:41 ` Avi Kivity
2009-11-01 9:32 ` [Xen-devel] " Avi Kivity
2009-11-01 9:32 ` Avi Kivity
2009-11-02 15:46 ` [Xen-devel] " Dan Magenheimer
2009-11-02 15:46 ` Dan Magenheimer
2009-11-03 5:12 ` [Xen-devel] " Avi Kivity
2009-11-03 5:12 ` Avi Kivity
2009-11-04 20:30 ` [Xen-devel] " Dan Magenheimer
2009-11-04 20:30 ` Dan Magenheimer
2009-11-05 6:47 ` [Xen-devel] " Avi Kivity
2009-11-05 6:47 ` Avi Kivity
2009-11-05 14:52 ` [Xen-devel] " Dan Magenheimer
2009-11-05 14:52 ` Dan Magenheimer
2009-11-05 15:07 ` [Xen-devel] " Keir Fraser
2009-11-05 15:07 ` Keir Fraser
2009-11-04 21:19 ` [Xen-devel] " john stultz
2009-11-04 21:19 ` john stultz
2009-11-04 21:28 ` Dan Magenheimer
2009-11-04 21:28 ` Dan Magenheimer
2009-11-05 0:02 ` [Xen-devel] " john stultz
2009-11-05 0:02 ` john stultz
2009-11-05 0:45 ` [Xen-devel] " Dan Magenheimer
2009-11-05 0:45 ` Dan Magenheimer
2009-10-30 23:30 ` pvclock implementation in pv_ops kernel: why not __native_read_tsc()? Dan Magenheimer
2009-10-31 1:17 ` Jeremy Fitzhardinge
2009-10-06 0:50 ` [PATCH 4/5] x86/fixmap: add a predicate for usermode fixmaps Jeremy Fitzhardinge
2009-10-06 0:50 ` Jeremy Fitzhardinge
2009-10-06 10:23 ` [Xen-devel] " Jan Beulich
2009-10-06 10:23 ` Jan Beulich
2009-10-06 18:47 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-06 18:47 ` Jeremy Fitzhardinge
2009-10-06 0:50 ` [PATCH 5/5] xen/time: add pvclock_clocksource_vread support Jeremy Fitzhardinge
2009-10-06 0:50 ` Jeremy Fitzhardinge
2009-10-06 10:28 ` [Xen-devel] " Jan Beulich
2009-10-06 10:28 ` Jan Beulich
2009-10-06 18:48 ` [Xen-devel] " Jeremy Fitzhardinge
2009-10-06 18:48 ` Jeremy Fitzhardinge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ACD0A2B.1080307@redhat.com \
--to=avi@redhat.com \
--cc=chris.mason@oracle.com \
--cc=dan.magenheimer@oracle.com \
--cc=gcosta@redhat.com \
--cc=jeremy.fitzhardinge@citrix.com \
--cc=jeremy@goop.org \
--cc=keir.fraser@eu.citrix.com \
--cc=kurt.hackel@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xensource.com \
--cc=zach.brown@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.