From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: memaccess: skipping mem_access_send_req
Date: Fri, 10 Apr 2015 17:03:26 +0100
Message-ID: <5527F44E.6090302@citrix.com>
References: <DA845EDCE27355428C520DC5B8DC05CE763FB38550@GEORGE.Emea.Arm.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5410027389997848400=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <DA845EDCE27355428C520DC5B8DC05CE763FB38550@GEORGE.Emea.Arm.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

--===============5410027389997848400==
Content-Type: multipart/alternative;
	boundary="------------050503020502020004040002"

--------------050503020502020004040002
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit

On 10/04/15 16:04, Gareth Stockwell wrote:
>
> My understanding of memaccess is that it provides the following
> functionality:
>
>  
>
> 1. Modify permission values in the page table of the target domain.
>
> 2. When the domain generates an illegal access, the exception handler
> delegates to memaccess, which pauses the VCPU and records the event in
> a ring buffer.
>
> 3. Some permission values are special in that they automatically
> mutate to a different value following the first access; others are
> persistently applied.
>
>  
>
> We would like to use memaccess to perform (1) - but rather than
> pausing the VCPU in (2), instead simply directly inject the exception
> into the VCPU.  I can see two ways of doing this:
>
>  
>
> a) Implement an observer of the ring buffer, which triggers injection
> of the exception and unpausing of the VCPU.
>
> b) Define new xenmem_access_t values which cause the exception handler
> to reinject rather than adding a message to the ring buffer.
>
>  
>
> (a) seems cumbersome, and requires multiple context switches in order
> to handle the exception.
>
> (b) therefore looks preferable, and I think should be fairly simple to
> implement on top of https://github.com/tklengyel/xen/tree/arm_memaccess15.
>
>  
>
> Does this sound reasonable?  Or is there a better way of modifying
> access permissions for a specific pfn range of a target domain?
>

Are you perhaps looking for something similar to Intel #VE support? 
(although I guess you are looking at ARM rather than x86)

It is not safe to always re-inject back into the vcpu, especially if the
permission changes were around the guest kernel stack, but a restricted
subset ought to be safe to bounce straight in.

~Andrew

--------------050503020502020004040002
Content-Type: text/html; charset="windows-1252"
Content-Length: 4646
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta content=3D"text/html; charset=3Dwindows-1252"
      http-equiv=3D"Content-Type">
  </head>
  <body bgcolor=3D"#FFFFFF" text=3D"#000000">
    <div class=3D"moz-cite-prefix">On 10/04/15 16:04, Gareth Stockwell
      wrote:<br>
    </div>
    <blockquote
cite=3D"mid:DA845EDCE27355428C520DC5B8DC05CE763FB38550@GEORGE.Emea.Arm.com"
      type=3D"cite">
      <meta http-equiv=3D"Content-Type" content=3D"text/html;
        charset=3Dwindows-1252">
      <meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
      <div class=3D"WordSection1">
        <p class=3D"MsoNormal">My understanding of memaccess is that it
          provides the following functionality:<o:p></o:p></p>
        <p class=3D"MsoNormal"><o:p>=A0</o:p></p>
        <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">1. Modify
          permission values in the page table of the target domain.<o:p></o:p></p>
        <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">2. When the
          domain generates an illegal access, the exception handler
          delegates to memaccess, which pauses the VCPU and records the
          event in a ring buffer.<o:p></o:p></p>
        <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">3. Some
          permission values are special in that they automatically
          mutate to a different value following the first access; others
          are persistently applied.<o:p></o:p></p>
        <p class=3D"MsoNormal"><o:p>=A0</o:p></p>
        <p class=3D"MsoNormal">We would like to use memaccess to perform
          (1) - but rather than pausing the VCPU in (2), instead simply
          directly inject the exception into the VCPU.=A0 I can see two
          ways of doing this:<o:p></o:p></p>
        <p class=3D"MsoNormal"><o:p>=A0</o:p></p>
        <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">a) Implement an
          observer of the ring buffer, which triggers injection of the
          exception and unpausing of the VCPU.<o:p></o:p></p>
        <p class=3D"MsoNormal" style=3D"margin-left:36.0pt">b) Define new
          xenmem_access_t values which cause the exception handler to
          reinject rather than adding a message to the ring buffer.<o:p></o:p></p>
        <p class=3D"MsoNormal"><o:p>=A0</o:p></p>
        <p class=3D"MsoNormal">(a) seems cumbersome, and requires multiple
          context switches in order to handle the exception.<o:p></o:p></p>
        <p class=3D"MsoNormal">(b) therefore looks preferable, and I think
          should be fairly simple to implement on top of
          <a moz-do-not-send=3D"true"
            href=3D"https://github.com/tklengyel/xen/tree/arm_memaccess15">https://github.com/tklengyel/xen/tree/arm_memaccess15</a>.<o:p></o:p></p>
        <p class=3D"MsoNormal"><o:p>=A0</o:p></p>
        <p class=3D"MsoNormal">Does this sound reasonable=3F=A0 Or is there a
          better way of modifying access permissions for a specific pfn
          range of a target domain=3F<o:p></o:p></p>
      </div>
    </blockquote>
    <br>
    Are you perhaps looking for something similar to Intel #VE support=3F=A0
    (although I guess you are looking at ARM rather than x86)<br>
    <br>
    It is not safe to always re-inject back into the vcpu, especially if
    the permission changes were around the guest kernel stack, but a
    restricted subset ought to be safe to bounce straight in.<br>
    <br>
    ~Andrew<br>
  </body>
</html>

--------------050503020502020004040002--


--===============5410027389997848400==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============5410027389997848400==--