From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <ian.campbell@citrix.com>
Subject: Re: [RFC 3/4] HVM x86 deprivileged mode: Code for
 switching into/out of deprivileged mode
Date: Tue, 11 Aug 2015 10:45:21 +0100
Message-ID: <1439286321.9747.210.camel@citrix.com>
References: <1438879519-564-1-git-send-email-Ben.Catterall@citrix.com>
	<1438879519-564-4-git-send-email-Ben.Catterall@citrix.com>
	<55C3C9C7.8030808@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <55C3C9C7.8030808@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>, Ben Catterall <Ben.Catterall@citrix.com>, xen-devel@lists.xensource.com
Cc: george.dunlap@eu.citrix.com, tim@xen.org, keir@xen.org, jbeulich@suse.com
List-Id: xen-devel@lists.xenproject.org

On Thu, 2015-08-06 at 21:55 +0100, Andrew Cooper wrote:
> On 06/08/15 17:45, Ben Catterall wrote:
> > The process to switch into and out of deprivileged mode can be likened 
> > to
> > setjmp/longjmp.
> > 
> > To enter deprivileged mode, we take a copy of the stack from the 
> > guest's
> > registers up to the current stack pointer. This allows us to restore 
> > the stack
> > when we have finished the deprivileged mode operation, meaning we can 
> > continue
> > execution from that point. This is similar to if a context switch had 
> > happened.
> > 
> > To exit deprivileged mode, we copy the stack back, replacing the 
> > current stack.
> > We can then continue execution from where we left off, which will 
> > unwind the
> > stack and free up resources. This method means that we do not need to
> > change any other code paths and its invocation will be transparent to 
> > callers.
> > This should allow the feature to be more easily deployed to different 
> > parts
> > of Xen.
> > 
> > Note that this copy of the stack is per-vcpu but, it will contain per
> > -pcpu data.
> > Extra work is needed to properly migrate vcpus between pcpus.
> 
> Under what circumstances do you see there being persistent state in the
> depriv area between calls, given that the calls are synchronous from VM
> actions?

Would we not want to keep (some of) the device model's state in a depriv
area? e.g. anything which is purely internal to the DM which is therefore
only accessed from depriv-land?

Ian.