From: Razvan Cojocaru <rcojocaru@bitdefender.com>
To: "Lengyel, Tamas" <tlengyel@novetta.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Stefano Stabellini <stefano.stabellini@citrix.com>,
Jan Beulich <JBeulich@suse.com>,
xen-devel@lists.xenproject.org, Keir Fraser <keir@xen.org>
Subject: Re: [PATCH 2/2] altp2m: Implement p2m_get_mem_access for altp2m views
Date: Thu, 28 Jan 2016 18:32:04 +0200 [thread overview]
Message-ID: <56AA4284.3080700@bitdefender.com> (raw)
In-Reply-To: <CAD33N+5dj19fxy99MyboSkdGgUVt9v9-ebaDh7Sqqoyz6=KqRg@mail.gmail.com>
On 01/28/2016 05:58 PM, Lengyel, Tamas wrote:
>
>
> On Thu, Jan 28, 2016 at 8:20 AM, Razvan Cojocaru
> <rcojocaru@bitdefender.com <mailto:rcojocaru@bitdefender.com>> wrote:
>
> On 01/28/2016 05:12 PM, Lengyel, Tamas wrote:
> >
> > On Jan 28, 2016 8:02 AM, "Razvan Cojocaru" <rcojocaru@bitdefender.com <mailto:rcojocaru@bitdefender.com>
> > <mailto:rcojocaru@bitdefender.com <mailto:rcojocaru@bitdefender.com>>> wrote:
> >>
> >> On 01/28/2016 04:42 PM, Lengyel, Tamas wrote:
> >> >
> >> > On Jan 28, 2016 6:38 AM, "Jan Beulich" <JBeulich@suse.com <mailto:JBeulich@suse.com>
> > <mailto:JBeulich@suse.com <mailto:JBeulich@suse.com>>
> >> > <mailto:JBeulich@suse.com <mailto:JBeulich@suse.com>
> <mailto:JBeulich@suse.com <mailto:JBeulich@suse.com>>>> wrote:
> >> >>
> >> >> >>> On 27.01.16 at 21:06, <tlengyel@novetta.com <mailto:tlengyel@novetta.com>
> > <mailto:tlengyel@novetta.com <mailto:tlengyel@novetta.com>>
> >> > <mailto:tlengyel@novetta.com <mailto:tlengyel@novetta.com>
> <mailto:tlengyel@novetta.com <mailto:tlengyel@novetta.com>>>> wrote:
> >> >> > --- a/xen/arch/x86/mm/p2m.c
> >> >> > +++ b/xen/arch/x86/mm/p2m.c
> >> >> > @@ -1572,7 +1572,9 @@ void p2m_mem_access_emulate_check(struct
> > vcpu *v,
> >> >> > bool_t violation = 1;
> >> >> > const struct vm_event_mem_access *data =
> &rsp->u.mem_access;
> >> >> >
> >> >> > - if ( p2m_get_mem_access(v->domain, _gfn(data->gfn),
> >> > &access) == 0 )
> >> >> > + if ( p2m_get_mem_access(v->domain, _gfn(data->gfn),
> >> >> > + altp2m_active(v->domain) ?
> >> > vcpu_altp2m(v).p2midx : 0,
> >> >> > + &access) == 0 )
> >> >>
> >> >> This looks to be a behavioral change beyond what title and
> >> >> description say, and it's not clear whether that's actually the
> >> >> behavior everyone wants.
> >> >
> >> > I'm fairly comfident its exactly the expected behavior when one
> uses
> >> > mem_access in altp2m tables and emulation. Right now because
> the lack of
> >> > this AFAIK emulation would not work correctly with altp2m. But
> Razvan
> >> > probably can chime in as he uses this path actively.
> >>
> >> I've done an experiment to see how much slower using altp2m would
> be as
> >> compared to emulation - so I'm not a big user of the feature, but
> I did
> >> find it cumbersome to have to work with two sets of APIs (one for
> what
> >> could arguably be called the default altp2m view, i.e. the regular
> >> xc_set_mem_access(), and one for altp2m, i.e.
> >> xc_altp2m_set_mem_access()). Furthermore, the APIs do not currently
> >> offer the same features (most notably, xc_altp2m_get_mem_access() is
> >> completely missing). I've mentioned this to Tamas while initially
> trying
> >> to get it to work.
> >>
> >> Now, whether the behaviour I expect is what everyone expects is, of
> >> course, wide open to debate. But I think we can all agree that the
> >> altp2m interface can, and probably should, be improved.
> >>
> >
> > There is that, but also, what is the exact logic behind doing this
> check
> > before emulation? AFAIU emulation happens in response to a vm_event so
> > we should be fairly certain that this check succeeds as it just
> verifies
> > that indeed the permissions are restricted by mem_access in the
> p2m (and
> > with altp2m this should be the active one). But when is this check
> > normally expected to fail?
>
> That check is important, please do not remove it. A vm_event is sent
> into userspace to our monitoring application, but the monitoring
> application can actually remove the page restrictions before replying,
> so in that case emulation is pointless - there will be no more page
> faults for that instruction.
>
>
> I see, but then why would you reply with VM_EVENT_FLAG_EMULATE? You know
> you removed the permission before sending the reply, so this sounds like
> something specific to your application.
It's cheap insurance that things go right. If there's some issue with
page rights, or some external tool somehow does an xc_set_mem_access(),
things won't go wrong. And they will go wrong if Xen thinks it should
emulate the next instruction and the next instruction is not the one
that has caused the original fault. I would think that benefits any
application.
Thanks,
Razvan
next prev parent reply other threads:[~2016-01-28 16:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-27 20:06 [PATCH 1/2] altp2m: Merge p2m_set_altp2m_mem_access and p2m_set_mem_access Tamas K Lengyel
2016-01-27 20:06 ` [PATCH 2/2] altp2m: Implement p2m_get_mem_access for altp2m views Tamas K Lengyel
2016-01-28 8:44 ` Razvan Cojocaru
2016-01-28 10:50 ` Wei Liu
2016-01-28 13:38 ` Jan Beulich
2016-01-28 14:42 ` Lengyel, Tamas
2016-01-28 14:56 ` Jan Beulich
2016-01-28 14:59 ` Lengyel, Tamas
2016-01-28 15:03 ` Razvan Cojocaru
2016-01-28 15:12 ` Lengyel, Tamas
2016-01-28 15:20 ` Razvan Cojocaru
2016-01-28 15:58 ` Lengyel, Tamas
2016-01-28 16:32 ` Razvan Cojocaru [this message]
2016-01-28 16:40 ` Lengyel, Tamas
2016-01-28 17:04 ` Razvan Cojocaru
2016-01-28 17:17 ` Lengyel, Tamas
2016-01-28 8:43 ` [PATCH 1/2] altp2m: Merge p2m_set_altp2m_mem_access and p2m_set_mem_access Razvan Cojocaru
2016-01-28 10:50 ` Wei Liu
2016-01-28 10:55 ` Ian Campbell
2016-01-28 11:00 ` Wei Liu
2016-01-28 14:30 ` Lengyel, Tamas
2016-01-28 14:36 ` Wei Liu
2016-01-28 13:17 ` Jan Beulich
2016-01-28 14:34 ` Lengyel, Tamas
2016-01-28 14:39 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56AA4284.3080700@bitdefender.com \
--to=rcojocaru@bitdefender.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=keir@xen.org \
--cc=stefano.stabellini@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tlengyel@novetta.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.