From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: X86 ML <x86@kernel.org>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Borislav Petkov <bp@alien8.de>,
Steven Rostedt <rostedt@goodmis.org>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Getting rid of invalid SYSCALL RSP under Xen?
Date: Mon, 27 Jul 2015 00:05:37 +0100 [thread overview]
Message-ID: <55B567C1.3050709@citrix.com> (raw)
In-Reply-To: <CALCETrUBgBLKk2kSm3KwfmBvwjmqE40NqMxZHF6gr8WSGxhuOw@mail.gmail.com>
On 26/07/2015 23:08, Andy Lutomirski wrote:
>
>>> If so, can we just
>>> enter later on:
>>>
>>> pushq %r11 /* pt_regs->flags */
>>> pushq $__USER_CS /* pt_regs->cs */
>>> pushq %rcx /* pt_regs->ip */
>>>
>>> <-- Xen enters here
>>>
>>> pushq %rax /* pt_regs->orig_ax */
>>> pushq %rdi /* pt_regs->di */
>>> pushq %rsi /* pt_regs->si */
>>> pushq %rdx /* pt_regs->dx */
>> This looks plausible, and indeed preferable to the current doublestep
>> with undo_xen_syscall.
>>
>> One slight complication is that xen_enable_syscall() will want to
>> special case register_callback() to not set CALLBACKF_mask_events, as
>> the entry point is now after re-enabling interrupts.
> I wouldn't do that. Let's just move the ENABLE_INTERRUPTS a few
> instructions later even on native -- I want to do that anyway.
That would also work.
>
>>> For SYSRET, I think the way to go is to force Xen to always use the
>>> syscall slow path. Instead, Xen could hook into
>>> syscall_return_via_sysret or even right before the opportunistic
>>> sysret stuff. Then we could remove the USERGS_SYSRET hooks entirely.
>>>
>>> Would this work?
>> None of the opportunistic sysret stuff makes sense under Xen. The path
>> will inevitably end up in xen_iret making a hypercall. Short circuiting
>> all of this seems like a good idea, especially if it allows for the
>> removal of the UERGS_SYSRET.
> Doesn't Xen decide what to do based on VGCF_IN_SYSCALL? Maybe Xen
> should have its own opportunistic VGCF_IN_SYSCALL logic.
VGCF_in_syscall affects whether the extra r11/rcx get restored or not,
as the hypercall itself is implemented using syscall. As the extra
r11/rcx (and rax for that matter) are unconditionally saved in the
hypercall stub, I can't see anything Linux could usefully do,
opportunistically speaking.
>
> Hmm, maybe some of this would be easier to think about if, rather than
> having a paravirt op, we could have:
>
> ALTERNATIVE "", "jmp xen_pop_things_and_iret", X86_FEATURE_XEN
>
> Or just IF_XEN("jmp ...");
>
> As a practical matter, x86_64 has native and Xen -- I don't think
> there's any other paravirt platform that needs the asm hooks.
It would certainly seem so. A careful use of IF_XEN() or two would make
the code far clearer to read, and to drop the hooks.
~Andrew
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
Borislav Petkov <bp@alien8.de>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: Re: Getting rid of invalid SYSCALL RSP under Xen?
Date: Mon, 27 Jul 2015 00:05:37 +0100 [thread overview]
Message-ID: <55B567C1.3050709@citrix.com> (raw)
In-Reply-To: <CALCETrUBgBLKk2kSm3KwfmBvwjmqE40NqMxZHF6gr8WSGxhuOw@mail.gmail.com>
On 26/07/2015 23:08, Andy Lutomirski wrote:
>
>>> If so, can we just
>>> enter later on:
>>>
>>> pushq %r11 /* pt_regs->flags */
>>> pushq $__USER_CS /* pt_regs->cs */
>>> pushq %rcx /* pt_regs->ip */
>>>
>>> <-- Xen enters here
>>>
>>> pushq %rax /* pt_regs->orig_ax */
>>> pushq %rdi /* pt_regs->di */
>>> pushq %rsi /* pt_regs->si */
>>> pushq %rdx /* pt_regs->dx */
>> This looks plausible, and indeed preferable to the current doublestep
>> with undo_xen_syscall.
>>
>> One slight complication is that xen_enable_syscall() will want to
>> special case register_callback() to not set CALLBACKF_mask_events, as
>> the entry point is now after re-enabling interrupts.
> I wouldn't do that. Let's just move the ENABLE_INTERRUPTS a few
> instructions later even on native -- I want to do that anyway.
That would also work.
>
>>> For SYSRET, I think the way to go is to force Xen to always use the
>>> syscall slow path. Instead, Xen could hook into
>>> syscall_return_via_sysret or even right before the opportunistic
>>> sysret stuff. Then we could remove the USERGS_SYSRET hooks entirely.
>>>
>>> Would this work?
>> None of the opportunistic sysret stuff makes sense under Xen. The path
>> will inevitably end up in xen_iret making a hypercall. Short circuiting
>> all of this seems like a good idea, especially if it allows for the
>> removal of the UERGS_SYSRET.
> Doesn't Xen decide what to do based on VGCF_IN_SYSCALL? Maybe Xen
> should have its own opportunistic VGCF_IN_SYSCALL logic.
VGCF_in_syscall affects whether the extra r11/rcx get restored or not,
as the hypercall itself is implemented using syscall. As the extra
r11/rcx (and rax for that matter) are unconditionally saved in the
hypercall stub, I can't see anything Linux could usefully do,
opportunistically speaking.
>
> Hmm, maybe some of this would be easier to think about if, rather than
> having a paravirt op, we could have:
>
> ALTERNATIVE "", "jmp xen_pop_things_and_iret", X86_FEATURE_XEN
>
> Or just IF_XEN("jmp ...");
>
> As a practical matter, x86_64 has native and Xen -- I don't think
> there's any other paravirt platform that needs the asm hooks.
It would certainly seem so. A careful use of IF_XEN() or two would make
the code far clearer to read, and to drop the hooks.
~Andrew
next prev parent reply other threads:[~2015-07-26 23:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-23 16:49 Getting rid of invalid SYSCALL RSP under Xen? Andy Lutomirski
2015-07-26 19:34 ` Andrew Cooper
2015-07-26 22:08 ` Andy Lutomirski
2015-07-26 23:05 ` Andrew Cooper [this message]
2015-07-26 23:05 ` Andrew Cooper
2015-07-26 23:27 ` Andy Lutomirski
2015-07-27 13:52 ` Andrew Cooper
2015-07-27 13:52 ` Andrew Cooper
2015-07-26 23:27 ` Andy Lutomirski
2015-07-26 22:08 ` Andy Lutomirski
2015-07-26 19:34 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55B567C1.3050709@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=rostedt@goodmis.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.