From: Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
To: Ingo Molnar <mingo-X9Un+BFzKDI@public.gmane.org>
Cc: kvm-devel <kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
Subject: Re: [patch] kvm: make cr3 loading more robust
Date: Wed, 03 Jan 2007 14:25:24 +0200 [thread overview]
Message-ID: <459BA0B4.20804@qumranet.com> (raw)
In-Reply-To: <20070103121301.GC2786-X9Un+BFzKDI@public.gmane.org>
Ingo Molnar wrote:
>> That's a good solution. I don't see why it has to be made
>> non-writable -- it has undefined content, and any old value will do.
>> We have (or maybe had) something like that somewhere.
>>
>
> it should always return 0xff content because that's how real hardware
> behaves. It's essentially ROM-alike, with 0xff content. Writes are
> ignored. (last i checked)
>
>
Still, software can't depend on it (maybe some old stuff does to get the
end of memory). You can't randomly poke at memory.
> also having it writable means it's an information leak as we want to
> share this page amongst guests, etc. Then explicitly faulting the guest
> would be alot cleaner.
>
We can have a per-vm page.
>
>> An alternative is to add a flag to the vcpu which would be examined on
>> entry (vcpu->triple_faulted).
>>
>
> well, the triple fault isnt really explicit behavior of the cr3 loading,
> it is "just" a side-effect of having an all-0xff piece of physical
> memory holding the CPU's page tables. Such a cr3 can be loaded fine, but
> the next instruction fetched will be 0xff 0xff, which should be an
> undefined opcode. The resulting fault will try to execute based off an
> invalid IDT so we get a double fault, which then also tries to execute
> 0xff 0xff (if the IDT entry didnt generate a #GPF beforehand, due to an
> invalid segment descriptor) so it results in a triple fault.
It's an optimization then :)
> Does VMX
> report triple faults?
>
Yes.
If we add a "read-only memory slot" abstraction we can use it for the
unwired address space.
Note that the corner cases will never be 100% emulatable. For example,
you can set cr3 to point at your IDE DMA mmio space or something like
that. It's quite all right to kill the guest quietly at that point, as
no real-life guest will do that.
The kvm goals do not include cycle accurate emulation. We want to be
reasonably close to real hardware for the real-life uses. I'd like to
get the other cases right too, but not at the expense of simplicity and
correctness. Of course, it has to be secure even in non-real-life
situations.
--
error compiling committee.c: too many arguments to function
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
next prev parent reply other threads:[~2007-01-03 12:25 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-03 2:10 [patch] kvm: make cr3 loading more robust Ingo Molnar
[not found] ` <20070103021057.GA11316-X9Un+BFzKDI@public.gmane.org>
2007-01-03 8:29 ` Avi Kivity
[not found] ` <459B695C.5090004-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-01-03 11:52 ` Ingo Molnar
[not found] ` <20070103115230.GB937-X9Un+BFzKDI@public.gmane.org>
2007-01-03 12:00 ` Avi Kivity
[not found] ` <459B9AC7.6020506-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-01-03 12:01 ` Avi Kivity
2007-01-03 12:13 ` Ingo Molnar
[not found] ` <20070103121301.GC2786-X9Un+BFzKDI@public.gmane.org>
2007-01-03 12:25 ` Avi Kivity [this message]
[not found] ` <459BA0B4.20804-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-01-03 12:28 ` Ingo Molnar
[not found] ` <20070103122814.GA7350-X9Un+BFzKDI@public.gmane.org>
2007-01-03 12:40 ` Ingo Molnar
[not found] ` <20070103124020.GA9738-X9Un+BFzKDI@public.gmane.org>
2007-01-03 13:14 ` Avi Kivity
[not found] ` <459BAC45.9090202-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-01-03 13:20 ` Ingo Molnar
[not found] ` <20070103132033.GA18027-X9Un+BFzKDI@public.gmane.org>
2007-01-03 13:34 ` Avi Kivity
2007-01-03 12:59 ` Avi Kivity
2007-01-03 11:59 ` Ingo Molnar
[not found] ` <20070103115911.GA2786-X9Un+BFzKDI@public.gmane.org>
2007-01-03 12:06 ` Avi Kivity
[not found] ` <459B9C5C.9060008-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-01-03 12:21 ` Ingo Molnar
[not found] ` <20070103122114.GD2786-X9Un+BFzKDI@public.gmane.org>
2007-01-03 12:29 ` Avi Kivity
[not found] ` <459BA194.8070305-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-01-03 12:32 ` Ingo Molnar
[not found] ` <20070103123253.GA8822-X9Un+BFzKDI@public.gmane.org>
2007-01-03 13:13 ` Avi Kivity
2007-01-03 13:37 ` Ingo Molnar
[not found] ` <20070103133714.GA20638-X9Un+BFzKDI@public.gmane.org>
2007-01-03 13:44 ` Ingo Molnar
[not found] ` <20070103134417.GA22055-X9Un+BFzKDI@public.gmane.org>
2007-01-04 8:58 ` Avi Kivity
[not found] ` <459CC1BC.3070308-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-01-04 9:06 ` Ingo Molnar
2007-01-04 8:55 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=459BA0B4.20804@qumranet.com \
--to=avi-atkuwr5tajbwk0htik3j/w@public.gmane.org \
--cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=mingo-X9Un+BFzKDI@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox