From mboxrd@z Thu Jan 1 00:00:00 1970 From: Razvan Cojocaru Subject: Re: [PATCH RFC V2 3/6] xen: Force-enable relevant MSR events; optimize the number of sent MSR events Date: Fri, 11 Jul 2014 21:22:11 +0300 Message-ID: <53C02B53.8020107@bitdefender.com> References: <1405093418-23481-1-git-send-email-rcojocaru@bitdefender.com> <1405093418-23481-3-git-send-email-rcojocaru@bitdefender.com> <53C018FB.3080307@citrix.com> <53C02859.10208@bitdefender.com> <53C02AA9.1080307@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <53C02AA9.1080307@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrew Cooper , xen-devel@lists.xen.org Cc: mdontu@bitdefender.com, tim@xen.org, JBeulich@suse.com List-Id: xen-devel@lists.xenproject.org On 07/11/2014 09:19 PM, Andrew Cooper wrote: > On 11/07/14 19:09, Razvan Cojocaru wrote: >> On 07/11/2014 08:03 PM, Andrew Cooper wrote: >>> On 11/07/14 16:43, Razvan Cojocaru wrote: >>>> Vmx_disable_intercept_for_msr() will now refuse to disable interception of >>>> MSRs needed for memory introspection. It is not possible to gate this on >>>> mem_access being active for the domain, since by the time mem_access does >>>> become active the interception for the interesting MSRs has already been >>>> disabled (vmx_disable_intercept_for_msr() runs very early on). >>>> >>>> Changes since V1: >>>> - Replaced printk() with gdprintk(XENLOG_DEBUG, ...). >>>> >>>> Signed-off-by: Razvan Cojocaru >>>> --- >>>> xen/arch/x86/hvm/vmx/vmcs.c | 18 ++++++++++++++++++ >>>> 1 file changed, 18 insertions(+) >>>> >>>> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c >>>> index 8ffc562..35fcfcc 100644 >>>> --- a/xen/arch/x86/hvm/vmx/vmcs.c >>>> +++ b/xen/arch/x86/hvm/vmx/vmcs.c >>>> @@ -700,6 +700,24 @@ void vmx_disable_intercept_for_msr(struct vcpu *v, u32 msr, int type) >>>> if ( msr_bitmap == NULL ) >>>> return; >>>> >>>> + /* Filter out MSR-s needed for memory introspection */ >>>> + switch ( msr ) >>> This absolutely must be gated on mem_events being enabled for the domain. >>> >>> It is too much of a performance penalty to apply to domains which are >>> not being introspected. >> I understand, but it really runs very early on, and the mem_event part >> comes in after the MSR interception is disabled. This effectively >> renders a lot of memory introspection functionality useless. > > In which case the hypercall which enables mem_event needs to prod the > vmcs state an explicitly enable intercepts for these MSRs. (and > conversly re-disables intercepts if mem_events are disabled) > > You can probably get away with hvm_funcs to enable and disable mem events. That makes sense. Would Aravindh's solution also be acceptable to you (using a Xen command line parameter and gate it based on that rather than a mem_event listener being present)? Thanks, Razvan Cojocaru