From mboxrd@z Thu Jan  1 00:00:00 1970
From: Razvan Cojocaru <rcojocaru@bitdefender.com>
Subject: Re: [PATCH RFC 3/9] xen: Force-enable relevant MSR
 events; optimize the number of sent MSR events
Date: Wed, 09 Jul 2014 11:02:01 +0300
Message-ID: <53BCF6F9.7090405@bitdefender.com>
References: <1404308041-15461-1-git-send-email-rcojocaru@bitdefender.com>
	<1404308041-15461-3-git-send-email-rcojocaru@bitdefender.com>
	<53B426CE.6070400@citrix.com>
	<53B444CF020000780001FB22@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <53B444CF020000780001FB22@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>, Andrew Cooper <andrew.cooper3@citrix.com>, xen-devel@lists.xen.org
Cc: tim@xen.org
List-Id: xen-devel@lists.xenproject.org

On 07/02/2014 06:43 PM, Jan Beulich wrote:
>>>> On 02.07.14 at 17:35, <andrew.cooper3@citrix.com> wrote:
>> On 02/07/14 14:33, Razvan Cojocaru wrote:
>>> @@ -700,6 +700,25 @@ void vmx_disable_intercept_for_msr(struct vcpu *v, u32 msr, int type)
>>>      if ( msr_bitmap == NULL )
>>>          return;
>>>  
>>> +    /* Filter out MSR-s needed by the memory introspection engine */
>>> +    switch ( msr )
>>> +    {
>>> +    case MSR_IA32_SYSENTER_EIP:
>>> +    case MSR_IA32_SYSENTER_ESP:
>>> +    case MSR_IA32_SYSENTER_CS:
>>> +    case MSR_IA32_MC0_CTL:
>>> +    case MSR_STAR:
>>> +    case MSR_LSTAR:
>>> +
>>
>> Given the performance implications of forcing interception of these
>> MSRs, it would be gated on mem_access being active for the domain.
> 
> Absolutely.

Unfortunately the call to vmx_disable_intercept_for_msr() happens _very_
early, and by the time our application gets to enable mem_access on the
domain, the interception for these MSRs has already been disabled, with
unacceptable consequences.

I've tested this with an "if (
mem_event_check_ring(&d->mem_event->access) )" test.

Also, ideally we'd like to be able to start monitoring an already
started domain, and in that case the mem_access test would be useless
even considering a workaround for the case above.


Thanks,
Razvan Cojocaru