From: Ben Catterall <Ben.Catterall@citrix.com>
To: Tim Deegan <tim@xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
xen-devel@lists.xensource.com,
Ian Campbell <Ian.Campbell@citrix.com>,
Jan Beulich <jbeulich@suse.com>
Subject: Re: HVM x86 deprivileged mode: AMD SVM TR problem
Date: Wed, 19 Aug 2015 17:36:41 +0100 [thread overview]
Message-ID: <55D4B099.4070901@citrix.com> (raw)
In-Reply-To: <20150819154352.GA45974@deinos.phlegethon.org>
On 19/08/15 16:43, Tim Deegan wrote:
> At 16:04 +0100 on 19 Aug (1440000260), Ben Catterall wrote:
>> I've hit a blocker on getting this working for AMD's SVM and would
>> appreciate any thoughts. Hopefully I've missed a much simpler way of
>> doing this or I've missed something!
>>
>> So, AMD and Intel differ in how they handle the TR on a VMEXIT and
>> VMRUM. On a VMEXIT, Intel Save the guest's TR and then restore the
>> host's TR. AMD do not save the guest's TR nor do they restore the host's
>> TR.
>>
>> So, we need to context switch it out. The only ways that I know of to do
>> this are with the ltr and str instructions. Now, ltr will throw #GP if
>> loaded with a null selector and, when loaded, will immediately fetch
>> from the current GDT the descriptor's data.
>>
>> After issuing a VMEXIT and moving into deprivileged mode, I need a valid
>> TSS so that we can handle exceptions in ring 3, otherwise, thanks to an
>> invalid TSS selector in the TR causing a system shutdown (AMD manual),
>> the guest could crash the system.
>>
>> At the moment, I can save the guest's TR, load the host's TR and then
>> happily handle exceptions when we are in ring 3 now so that's fixed the
>> shutdown issue. But, when moving back to the guest, I have no easy way
>> to restore the TR.
>
> I think the CPU will load that state for you from the VMCB when
> entering the guest. (At least, if it doesn't, I don't know how VCPU
> migration works at the moment.) So only the VMEXIT path needs any
> attention.
This pointed me in another direction, thanks!
From what I've understood, the behaviour of VMEXIT and VMRUN
instructions don't save/load that state from the VMCB. Though, if that's
the case, I'd also like to know how the migration code works :).
However, AMD provides VMSAVE and VMLOAD (section 15.4.4 AMD manual 2)
which DO save/load the TR (and other registers) but, it's an optional
extra and Xen's entry.S for SVM doesn't use it. (I can't find any uses
via grep in the source code either)
I guess if we use this then this alleviates much of the complexity as,
looking at what it saves, I think we would be fine to use VMSAVE and
VMLOAD just when we are doing a HVM depriv operation, and not need to
call them every time we took a VMEXIT and that then gets round this problem.
Thanks!
>
> Cheers,
>
> Tim.
>
next prev parent reply other threads:[~2015-08-19 16:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-19 15:04 HVM x86 deprivileged mode: AMD SVM TR problem Ben Catterall
2015-08-19 15:43 ` Tim Deegan
2015-08-19 16:36 ` Ben Catterall [this message]
2015-08-20 9:34 ` Tim Deegan
2015-08-20 10:51 ` Ben Catterall
2015-08-20 14:32 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55D4B099.4070901@citrix.com \
--to=ben.catterall@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.