From: George Dunlap <george.dunlap@eu.citrix.com>
To: Tim Deegan <tim@xen.org>
Cc: Keir Fraser <keir@xen.org>, Jan Beulich <jbeulich@suse.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH v14 07/17] pvh: vmx-specific changes
Date: Thu, 7 Nov 2013 14:50:20 +0000 [thread overview]
Message-ID: <527BA8AC.3030905@eu.citrix.com> (raw)
In-Reply-To: <20131107002713.GD32964@deinos.phlegethon.org>
On 07/11/13 00:27, Tim Deegan wrote:
> At 12:14 +0000 on 04 Nov (1383563696), George Dunlap wrote:
>> + if ( is_pvh_domain(d) )
>> + {
>> + /* Disable virtual apics, TPR */
>> + v->arch.hvm_vmx.secondary_exec_control &=
>> + ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES
>> + | SECONDARY_EXEC_APIC_REGISTER_VIRT
>> + | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
>> + v->arch.hvm_vmx.exec_control &= ~CPU_BASED_TPR_SHADOW;
>> +
>> + /* Disable wbinvd (only necessary for MMIO),
>> + * unrestricted guest (real mode for EPT) */
>> + v->arch.hvm_vmx.secondary_exec_control &=
>> + ~(SECONDARY_EXEC_UNRESTRICTED_GUEST
>> + | SECONDARY_EXEC_WBINVD_EXITING);
> WBINVD exiting is used for supporting _real_ MMIO, which PVH guetst
> will still have, right?
>
>> + if ( is_pvh_domain(d) )
>> + vmx_disable_intercept_for_msr(v, MSR_SHADOW_GS_BASE, MSR_TYPE_R | MSR_TYPE_W);
>> +
>> + /*
>> + * PVH: We don't disable intercepts for MSRs: MSR_STAR, MSR_LSTAR,
>> + * MSR_CSTAR, and MSR_SYSCALL_MASK because we need to specify
>> + * save/restore area to save/restore at every VM exit and entry.
>> + * Instead, let the intercept functions save them into
>> + * vmx_msr_state fields. See comment in vmx_restore_host_msrs().
>> + * See also vmx_restore_guest_msrs().
>> + */
> Why are these MSRs special for PVH guests? Are PVH guests restricted
> in how they can use SHADOW_GS?
Your real question is, why is GS_BASE *less* restricted for PVH mode: in
HVM mode (as far as I can tell), we exit on accesses to
MSR_SHADOW_GS_BASE. It looks like the others are trapped because
updating them is rare and saving / restoring them on every context
switch would be expensive. But according to a comment in vmx.c:
/*
* We cannot cache SHADOW_GS_BASE while the VCPU runs, as it can
* be updated at any time via SWAPGS, which we cannot trap.
*/
So SHADOW_GS_BASE is read and written on every context switch.
Is it OK for PVH not to exit here? If so, do we actually need to do it
in HVM mode, or is that an artifact of doing things differently once
upon a time?
FWIW, at the moment, it looks like the trap for SHADOW_GS_BASE is
pointless for HVM as well -- all the handler does is pass through the
read or write without doing anything else -- not even updating
v->arch.hvm_vmx.shadow_gs. SHADOW_GS_BASE is saved & restored
unconditionally on a context switch, so I think we probably could just
stop intercepting it.
Or, for this series, I think I'll take out the special case, and
separately send a patch to disable the intercept for SHADOW_GS_BASE for
all HVM domains.
-George
-George
next prev parent reply other threads:[~2013-11-07 14:50 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-04 12:14 [PATCH v14 00/20] Introduce PVH domU support George Dunlap
2013-11-04 12:14 ` [PATCH v14 01/17] Allow vmx_update_debug_state to be called when v!=current George Dunlap
2013-11-04 16:01 ` Jan Beulich
2013-11-04 16:18 ` George Dunlap
2013-11-04 12:14 ` [PATCH v14 02/17] libxc: Move temporary grant table mapping to end of memory George Dunlap
2013-11-05 10:57 ` Roger Pau Monné
2013-11-05 11:01 ` Ian Campbell
2013-11-04 12:14 ` [PATCH v14 03/17] pvh prep: code motion George Dunlap
2013-11-04 16:14 ` Jan Beulich
2013-11-07 10:48 ` George Dunlap
2013-11-04 12:14 ` [PATCH v14 04/17] Introduce pv guest type and has_hvm_container macros George Dunlap
2013-11-04 16:20 ` Jan Beulich
2013-11-04 16:26 ` George Dunlap
2013-11-04 16:39 ` George Dunlap
2013-11-07 10:55 ` George Dunlap
2013-11-07 11:04 ` Jan Beulich
2013-11-07 11:11 ` George Dunlap
2013-11-04 12:14 ` [PATCH v14 05/17] pvh: Introduce PVH guest type George Dunlap
2013-11-06 23:28 ` Tim Deegan
2013-11-07 11:21 ` George Dunlap
2013-11-07 16:59 ` Tim Deegan
2013-11-04 12:14 ` [PATCH v14 06/17] pvh: Disable unneeded features of HVM containers George Dunlap
2013-11-04 16:21 ` George Dunlap
2013-11-04 16:37 ` Jan Beulich
2013-11-06 23:54 ` Tim Deegan
2013-11-07 9:00 ` Jan Beulich
2013-11-07 17:02 ` Tim Deegan
2013-11-04 12:14 ` [PATCH v14 07/17] pvh: vmx-specific changes George Dunlap
2013-11-04 16:19 ` George Dunlap
2013-11-04 16:42 ` Jan Beulich
2013-11-07 0:28 ` Tim Deegan
2013-11-07 0:27 ` Tim Deegan
2013-11-07 14:50 ` George Dunlap [this message]
2013-11-07 15:40 ` Andrew Cooper
2013-11-07 15:43 ` George Dunlap
2013-11-07 17:00 ` Tim Deegan
2013-11-04 12:14 ` [PATCH v14 08/17] pvh: Do not allow PVH guests to change paging modes George Dunlap
2013-11-04 12:14 ` [PATCH v14 09/17] pvh: PVH access to hypercalls George Dunlap
2013-11-04 12:14 ` [PATCH v14 10/17] pvh: Use PV e820 George Dunlap
2013-11-04 12:15 ` [PATCH v14 11/17] pvh: Set up more PV stuff in set_info_guest George Dunlap
2013-11-04 16:20 ` George Dunlap
2013-11-04 16:53 ` Jan Beulich
2013-11-07 15:51 ` George Dunlap
2013-11-07 16:10 ` Jan Beulich
2013-11-07 16:33 ` George Dunlap
2013-11-04 12:15 ` [PATCH v14 12/17] pvh: Use PV handlers for cpuid, and IO George Dunlap
2013-11-04 16:20 ` George Dunlap
2013-11-05 8:42 ` Jan Beulich
2013-11-07 16:50 ` George Dunlap
2013-11-04 12:15 ` [PATCH v14 13/17] pvh: Disable 32-bit guest support for now George Dunlap
2013-11-04 12:15 ` [PATCH v14 14/17] pvh: Restrict tsc_mode to NEVER_EMULATE " George Dunlap
2013-11-04 12:15 ` [PATCH v14 15/17] pvh: Documentation George Dunlap
2013-11-04 12:15 ` [PATCH v14 16/17] PVH xen tools: libxc changes to build a PVH guest George Dunlap
2013-11-04 12:15 ` [PATCH v14 17/17] PVH xen tools: libxl changes to create " George Dunlap
2013-11-04 16:59 ` [PATCH v14 00/20] Introduce PVH domU support Konrad Rzeszutek Wilk
2013-11-04 17:23 ` George Dunlap
2013-11-04 17:34 ` Tim Deegan
2013-11-08 15:41 ` George Dunlap
2013-11-08 15:53 ` George Dunlap
2013-11-08 17:01 ` Tim Deegan
2013-11-08 17:06 ` George Dunlap
2013-11-08 15:58 ` Konrad Rzeszutek Wilk
2013-11-07 1:11 ` Tim Deegan
2013-11-11 12:37 ` Roger Pau Monné
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=527BA8AC.3030905@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).