From mboxrd@z Thu Jan  1 00:00:00 1970
From: Juergen Gross <juergen.gross@ts.fujitsu.com>
Subject: Re: stale TLB contents?
Date: Mon, 24 Jan 2011 14:29:42 +0100
Message-ID: <4D3D7EC6.3060000@ts.fujitsu.com>
References: <4D3D780A.4030001@ts.fujitsu.com>
	<20110124131340.GN8286@whitby.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <20110124131340.GN8286@whitby.uk.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Tim Deegan <Tim.Deegan@citrix.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

On 01/24/11 14:13, Tim Deegan wrote:
> At 13:00 +0000 on 24 Jan (1295874058), Juergen Gross wrote:
>> Hi,
>>
>> in our BS2000 guest running as HVM with EPT on x86_64 I have a problem which
>> seems to be related to stale TLB entries. I'm pretty sure I have invalidated
>> the TLB correctly after a change of the page tables, so I've searched for
>> possible problems in the hypervisor.
>>
>> Xen is version 4.0 from SLES 11 SP1.
>>
>> If I have read the sources correctly, neither INVLPG nor reload of CR3 are
>> handled by the hypervisor. And I didn't find an explicit clearing of the TLB
>> when a vcpu is switching physical cpus. So I think the following scenario is
>> possible:
>>
>> - a vcpu is running on physical cpu A creating a TLB entry
>> - the vcpu is scheduled on physical cpu B, while physical cpu A is left idle
>> - on physical cpu B the TLB entry is cleared by INVLPG or load CR3
>> - the vcpu is scheduled on physical cpu A again (no other vcpu was active
>>     there in between), CR3 is same as when vcpu left cpu A
>> - the old TLB entry from the vcpu is still valid there!
>>
>> Do I miss something?
>
> vmx_do_resume() calls hvm_asid_flush_vcpu() if the VCPU is migrating
> onto this CPU, so the VCPU should get a fresh ASID when it comes back to
> CPU A.  Processors with no ASID support flush their TLBs on every
> VMENTER and VMEXIT, so I don't see where we could leak TLB entries.

Ah, this was the missing information I needed!
Thanks, I'll keep on searching...


Juergen

-- 
Juergen Gross                 Principal Developer Operating Systems
TSP ES&S SWE OS6                       Telephone: +49 (0) 89 3222 2967
Fujitsu Technology Solutions              e-mail: juergen.gross@ts.fujitsu.com
Domagkstr. 28                           Internet: ts.fujitsu.com
D-80807 Muenchen                 Company details: ts.fujitsu.com/imprint.html