From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH RFC V2 3/6] xen: Force-enable relevant MSR
 events; optimize the number of sent MSR events
Date: Fri, 11 Jul 2014 19:19:21 +0100
Message-ID: <53C02AA9.1080307@citrix.com>
References: <1405093418-23481-1-git-send-email-rcojocaru@bitdefender.com>	<1405093418-23481-3-git-send-email-rcojocaru@bitdefender.com>	<53C018FB.3080307@citrix.com>
	<53C02859.10208@bitdefender.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <53C02859.10208@bitdefender.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Razvan Cojocaru <rcojocaru@bitdefender.com>, xen-devel@lists.xen.org
Cc: mdontu@bitdefender.com, tim@xen.org, JBeulich@suse.com
List-Id: xen-devel@lists.xenproject.org

On 11/07/14 19:09, Razvan Cojocaru wrote:
> On 07/11/2014 08:03 PM, Andrew Cooper wrote:
>> On 11/07/14 16:43, Razvan Cojocaru wrote:
>>> Vmx_disable_intercept_for_msr() will now refuse to disable interception of
>>> MSRs needed for memory introspection. It is not possible to gate this on
>>> mem_access being active for the domain, since by the time mem_access does
>>> become active the interception for the interesting MSRs has already been
>>> disabled (vmx_disable_intercept_for_msr() runs very early on).
>>>
>>> Changes since V1:
>>>  - Replaced printk() with gdprintk(XENLOG_DEBUG, ...).
>>>
>>> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
>>> ---
>>>  xen/arch/x86/hvm/vmx/vmcs.c |   18 ++++++++++++++++++
>>>  1 file changed, 18 insertions(+)
>>>
>>> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
>>> index 8ffc562..35fcfcc 100644
>>> --- a/xen/arch/x86/hvm/vmx/vmcs.c
>>> +++ b/xen/arch/x86/hvm/vmx/vmcs.c
>>> @@ -700,6 +700,24 @@ void vmx_disable_intercept_for_msr(struct vcpu *v, u32 msr, int type)
>>>      if ( msr_bitmap == NULL )
>>>          return;
>>>  
>>> +    /* Filter out MSR-s needed for memory introspection */
>>> +    switch ( msr )
>> This absolutely must be gated on mem_events being enabled for the domain.
>>
>> It is too much of a performance penalty to apply to domains which are
>> not being introspected.
> I understand, but it really runs very early on, and the mem_event part
> comes in after the MSR interception is disabled. This effectively
> renders a lot of memory introspection functionality useless.

In which case the hypercall which enables mem_event needs to prod the
vmcs state an explicitly enable intercepts for these MSRs. (and
conversly re-disables intercepts if mem_events are disabled)

You can probably get away with hvm_funcs to enable and disable mem events.

~Andrew