From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH RFC V2 3/6] xen: Force-enable relevant MSR
 events; optimize the number of sent MSR events
Date: Fri, 11 Jul 2014 18:03:55 +0100
Message-ID: <53C018FB.3080307@citrix.com>
References: <1405093418-23481-1-git-send-email-rcojocaru@bitdefender.com>
	<1405093418-23481-3-git-send-email-rcojocaru@bitdefender.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1405093418-23481-3-git-send-email-rcojocaru@bitdefender.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Razvan Cojocaru <rcojocaru@bitdefender.com>, xen-devel@lists.xen.org
Cc: mdontu@bitdefender.com, tim@xen.org, JBeulich@suse.com
List-Id: xen-devel@lists.xenproject.org

On 11/07/14 16:43, Razvan Cojocaru wrote:
> Vmx_disable_intercept_for_msr() will now refuse to disable interception of
> MSRs needed for memory introspection. It is not possible to gate this on
> mem_access being active for the domain, since by the time mem_access does
> become active the interception for the interesting MSRs has already been
> disabled (vmx_disable_intercept_for_msr() runs very early on).
>
> Changes since V1:
>  - Replaced printk() with gdprintk(XENLOG_DEBUG, ...).
>
> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
> ---
>  xen/arch/x86/hvm/vmx/vmcs.c |   18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
>
> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
> index 8ffc562..35fcfcc 100644
> --- a/xen/arch/x86/hvm/vmx/vmcs.c
> +++ b/xen/arch/x86/hvm/vmx/vmcs.c
> @@ -700,6 +700,24 @@ void vmx_disable_intercept_for_msr(struct vcpu *v, u32 msr, int type)
>      if ( msr_bitmap == NULL )
>          return;
>  
> +    /* Filter out MSR-s needed for memory introspection */
> +    switch ( msr )

This absolutely must be gated on mem_events being enabled for the domain.

It is too much of a performance penalty to apply to domains which are
not being introspected.

> +    {
> +    case MSR_IA32_SYSENTER_EIP:
> +    case MSR_IA32_SYSENTER_ESP:
> +    case MSR_IA32_SYSENTER_CS:
> +    case MSR_IA32_MC0_CTL:
> +    case MSR_STAR:
> +    case MSR_LSTAR:
> +
> +        gdprintk(XENLOG_DEBUG, "MSR 0x%08x needed for "
> +            "memory introspection, still intercepted\n", msr);

I you are going to split this line then do it at the %08x so the string
is still grepable.

How often do these messages trigger?  It seems like it could be
contribute to a lot of logspam.

> +        return;
> +
> +    default:
> +        break;
> +    }
> +
>      /*
>       * See Intel PRM Vol. 3, 20.6.9 (MSR-Bitmap Address). Early manuals
>       * have the write-low and read-high bitmap offsets the wrong way round.