From: Corneliu ZUZU <czuzu@bitdefender.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Tamas K Lengyel <tamas@tklengyel.com>
Cc: Kevin Tian <kevin.tian@intel.com>, Keir Fraser <keir@xen.org>,
Jan Beulich <jbeulich@suse.com>,
Razvan Cojocaru <rcojocaru@bitdefender.com>,
Xen-devel <xen-devel@lists.xen.org>,
Stefano Stabellini <stefano.stabellini@citrix.com>,
Jun Nakajima <jun.nakajima@intel.com>
Subject: Re: [PATCH 0/1] ARM: Implement support for write-ctrlreg vm-events
Date: Mon, 7 Mar 2016 14:49:29 +0200 [thread overview]
Message-ID: <56DD78D9.7060501@bitdefender.com> (raw)
In-Reply-To: <56DD7654.8010405@citrix.com>
[-- Attachment #1.1: Type: text/plain, Size: 3171 bytes --]
On 3/7/2016 2:38 PM, Andrew Cooper wrote:
> On 07/03/16 09:12, Tamas K Lengyel wrote:
>>
>>
>> On Mon, Mar 7, 2016 at 9:22 AM, Corneliu ZUZU <czuzu@bitdefender.com
>> <mailto:czuzu@bitdefender.com>> wrote:
>>
>> On 3/3/2016 4:10 PM, Corneliu ZUZU wrote:
>>
>> Then,
>> QUESTIONS (FOR VM-EVENTS & ARM MAINTAINERS ESPECIALLY):
>>
>> Q1) [...]
>>
>> Q2) [...]
>>
>> Q3) [...]
>>
>> Q4) [...]
>>
>>
>> Hey all,
>>
>> I have a question relating to this part of code @
>> vmx_update_guest_cr:
>>
>> if ( paging_mode_hap(v->domain) )
>> {
>> /* Manage GUEST_CR3 when CR0.PE <http://CR0.PE>=0. */
>> uint32_t cr3_ctls = (CPU_BASED_CR3_LOAD_EXITING |
>> CPU_BASED_CR3_STORE_EXITING);
>> v->arch.hvm_vmx.exec_control &= ~cr3_ctls;
>> if ( !hvm_paging_enabled(v) &&
>> !vmx_unrestricted_guest(v) )
>> v->arch.hvm_vmx.exec_control |= cr3_ctls;
>>
>> /* Trap CR3 updates if CR3 memory events are enabled. */
>> if ( v->domain->arch.monitor.write_ctrlreg_enabled &
>> monitor_ctrlreg_bitmask(VM_EVENT_X86_CR3) )
>> v->arch.hvm_vmx.exec_control |=
>> CPU_BASED_CR3_LOAD_EXITING;
>>
>> vmx_update_cpu_exec_control(v);
>> }
>>
>> While trying to move the check for VM_EVENT_X86_CR3 to the
>> scheduling tail, a few questions came to my mind.
>>
>> 1). Tamas, Razvan, maybe you guys could clarify this. I noticed
>> this part of code is only executed if paging_mode_hap(v->domain).
>> Is EPT mandatory to monitor CR3 writes or is it just that when
>> shadow paging is enabled, CR3 r/w are unconditionally trapped?
>>
>>
>> EPT is not really required for CR3 monitoring, it just has been the
>> case that vm_events have been only implemented for hap-enabled
>> domains. AFAIK for non-hap case CR3 needs to be trapped
>> unconditionally, yes.
>
> Specifically, the shadow pagetable code needs to swap shadows when the
> guest switches cr3.
>
>> If the former is true, shouldn't we do a check like this in
>> vm_event_monitor_get_capabilities instead?
>>
>>
>> Yes, it should now, this code was just written before
>> vm_event_monitor_get_capabilities was introduced and we haven't
>> gotten around converting this check to it.
>>
>>
>> 2). I was also wondering why CR3 load/stores are trapped if
>> paging is disabled for a domain.
>>
>>
>> Good question, I was wondering about that myself at some point but I
>> haven't found an answer to it. Maybe some git archaeology can help
>> determining when that was added and why ;)
>
> Gen1 VT-x didn't support running a guest in non-paged mode. Gen2
> introduced "unrestricted-guest" which works as intended, but Gen1 has
> to fake non-pagad mode using identity paging. As a result, CR3 cannot
> be used as scratch space like it can in non-paged mode, and the guest
> must be prevented from moving CR3 away from the gfn set up by the
> domain builder in HVM_PARAM_IDENT_PT.
>
> ~Andrew
Nice, thanks a bunch.
Corneliu.
[-- Attachment #1.2: Type: text/html, Size: 6834 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
prev parent reply other threads:[~2016-03-07 12:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-03 14:10 [PATCH 0/1] ARM: Implement support for write-ctrlreg vm-events Corneliu ZUZU
2016-03-03 14:11 ` [PATCH 1/1] arm/monitor vm-events: implement write-ctrlreg support Corneliu ZUZU
2016-03-03 16:02 ` [PATCH 0/1] ARM: Implement support for write-ctrlreg vm-events Corneliu ZUZU
2016-03-03 16:15 ` Razvan Cojocaru
2016-03-03 18:04 ` Corneliu ZUZU
2016-03-03 18:51 ` Razvan Cojocaru
2016-03-03 20:40 ` Corneliu ZUZU
2016-03-03 20:52 ` Razvan Cojocaru
2016-03-04 17:48 ` Corneliu ZUZU
2016-03-07 8:22 ` Corneliu ZUZU
2016-03-07 9:12 ` Tamas K Lengyel
2016-03-07 9:31 ` Corneliu ZUZU
2016-03-07 9:45 ` Tamas K Lengyel
2016-03-07 12:07 ` Corneliu ZUZU
2016-03-07 12:26 ` Corneliu ZUZU
2016-03-07 12:38 ` Andrew Cooper
2016-03-07 12:49 ` Corneliu ZUZU [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DD78D9.7060501@bitdefender.com \
--to=czuzu@bitdefender.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=rcojocaru@bitdefender.com \
--cc=stefano.stabellini@citrix.com \
--cc=tamas@tklengyel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.