From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH] xen: Disable REP MOVSD optimization if
 introspection is active
Date: Mon, 27 Oct 2014 11:14:12 +0000
Message-ID: <544E2904.4010204@citrix.com>
References: <1414406263-11421-1-git-send-email-rcojocaru@bitdefender.com>
	<544E2383.1020604@citrix.com> <544E27F3.2080703@bitdefender.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <544E27F3.2080703@bitdefender.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Razvan Cojocaru <rcojocaru@bitdefender.com>, xen-devel@lists.xen.org
Cc: keir@xen.org, jbeulich@suse.com
List-Id: xen-devel@lists.xenproject.org

On 27/10/14 11:09, Razvan Cojocaru wrote:
> On 10/27/2014 12:50 PM, Andrew Cooper wrote:
>> On 27/10/14 10:37, Razvan Cojocaru wrote:
>>> REP MOVSD emulation is optimized to write several pages at once
>>> if possible. While this is a very good thing in general, it
>>> can interfere with a memory introspection application's ability
>>> to detect suspect behaviour, since it supresses potentially
>>> telling future page faults. This patch disables the optimization,
>>> gated on introspection being active for the domain.
>> An individual rep_movs() call should only optimise to within the current
>> page, then break back out to the emulator when passing the page boundary.
>>
>> How does this suppress pagefaults?
> You're right, sorry for the confusion. Indeed, although we do need (and
> have tested) the patch, its description is misleading (and wrong, as
> you've rigtly noticed).
>
> Rep_movs() does indeed optimise within the current page, however the
> introspection application looks at the EPT mem_event parameters in order
> to decide what to do, and the problem is that for the optimized cases
> only one mem_event is being sent (for the first MOV) with the initial
> gpa and gla. Then no more events are being sent for the rest of the
> operation in that page, which is confusing for a client application
> expecting to be called for each actual write to a protected page.
>
> If you feel that the patch is acceptable, I'll correct the description
> when submitting V2.

I feel that there is a reasonable argument to be made for disabling
optimisations like this in the case that you want mem_events for each step.

~Andrew