From: Don Slutz <dslutz@verizon.com>
To: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Jan Beulich <JBeulich@suse.com>,
xen-devel@lists.xen.org, Don Slutz <dslutz@verizon.com>
Cc: Kevin Tian <kevin.tian@intel.com>, Keir Fraser <keir@xen.org>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Jun Nakajima <jun.nakajima@intel.com>,
Eddie Dong <eddie.dong@intel.com>,
Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Subject: Re: [PATCH v3 04/16] hypervisor part of add vmware_port to xl.cfg
Date: Mon, 08 Sep 2014 13:56:46 -0400 [thread overview]
Message-ID: <540DEDDE.8060704@terremark.com> (raw)
In-Reply-To: <540DCE93.40303@oracle.com>
On 09/08/14 11:43, Boris Ostrovsky wrote:
> On 09/08/2014 11:32 AM, Andrew Cooper wrote:
>> On 08/09/14 16:22, Jan Beulich wrote:
>>>>>> On 08.09.14 at 17:01, <boris.ostrovsky@oracle.com> wrote:
>>>> I wonder whether we should enable #GP intercepts only when we know
>>>> that
>>>> the guest is VMware-aware (which we do as far as I can tell since we
>>>> have a config option).
>>> I didn't look at the patches themselves yes, but I very much expected
>>> this to now be the case considering discussion on the earlier version.
>>> If it's not, I'm not even sure looking at the new version is going
>>> to be
>>> of much use...
>>>
Getting the adjustment of #GP exits at the time of setting of hvm param
vmware_port to 1 is more complex. But I do think that the allowing it
to be deferred until the next #VMEXIT would work just fine.
I will see how well that works.
>>> Jan
>>>
>> I find it incredibly hard to believe that VMWare do unconditional #GP
>> exits, and looking at the Intel manual, you do not actually need to
>> intercept #GP faults.
>>
>> The "unconditional I/O exiting" control can be used to cherry-pick
>> specific IO ports in combination with the IO port bitmap, ahead of the
>> #GP fault due to a failure of IOPL. I would expect AMD has a similar
>> option.
>
> Yes, it does. However, I believe #GP intercept has been added so that
> IO access can be made from guest's ring 3 as well, not to handle IO
> access in general.
>
> Having said that, I don't remember seeing updates to IO permissions
> map in the patch.
>
There are no updates to IO permissions map. My understanding that it
controls access to real hardware, not that it changes the IOPL checking
in the in instruction.
Here is what I am looking at:
This control determines whether executions of I/O
instructions (IN, INS/INSB/INSW/INSD, OUT, and
OUTS/OUTSB/OUTSW/OUTSD) cause VM exits.
Which to me is about #VMEXIT or access host hardware, not
"Change a #GP into a #VMEXIT for this port."
The goal is to get #VMEXITs when needed, not to allow domU to access
a VMware running Xen under it.
For the non-#GP case (domU ring 0 access to the port), it is handled
by register_portio_handler() which would adjust the IO permissions map
as needed.
-Don Slutz
> -boris
>
next prev parent reply other threads:[~2014-09-08 17:56 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-08 13:15 [PATCH v3 00/16] Xen VMware tools support Don Slutz
2014-09-08 13:15 ` [PATCH v3 01/16] hypervisor part of add vmware_hw to xl.cfg Don Slutz
2014-09-11 10:52 ` George Dunlap
2014-09-11 17:21 ` Don Slutz
2014-09-08 13:15 ` [PATCH v3 02/16] tools " Don Slutz
2014-09-11 11:23 ` George Dunlap
2014-09-11 17:48 ` Don Slutz
2014-09-08 13:15 ` [PATCH v3 03/16] vmware: Add VMware provided include files Don Slutz
2014-09-08 13:15 ` [PATCH v3 04/16] hypervisor part of add vmware_port to xl.cfg Don Slutz
2014-09-08 15:01 ` Boris Ostrovsky
2014-09-08 15:22 ` Jan Beulich
2014-09-08 15:32 ` Andrew Cooper
2014-09-08 15:43 ` Boris Ostrovsky
2014-09-08 17:56 ` Don Slutz [this message]
2014-09-08 17:20 ` Don Slutz
2014-09-11 15:34 ` George Dunlap
2014-09-08 13:15 ` [PATCH v3 05/16] tools " Don Slutz
2014-09-15 10:03 ` George Dunlap
2014-09-20 15:52 ` Slutz, Donald Christopher
2014-09-08 13:15 ` [PATCH v3 06/16] hypervisor part of convert vmware_port to xentrace usage Don Slutz
2014-09-08 13:15 ` [PATCH v3 07/16] tools " Don Slutz
2014-09-08 13:15 ` [PATCH v3 08/16] hypervisor part of add limited support of VMware's hyper-call rpc Don Slutz
2014-09-08 13:15 ` [PATCH v3 09/16] tools " Don Slutz
2014-09-08 13:15 ` [PATCH v3 10/16] Add VMware tool's triggers Don Slutz
2014-09-08 13:15 ` [PATCH v3 11/16] Add live migration of VMware's hyper-call RPC Don Slutz
2014-09-08 13:15 ` [PATCH v3 12/16] Add dump of HVM_SAVE_CODE(VMPORT) to xen-hvmctx Don Slutz
2014-09-08 13:15 ` [optional][PATCH v3 13/16] Add xen-hvm-param Don Slutz
2014-09-08 13:15 ` [optional][PATCH v3 14/16] Add xen-vmware-guestinfo Don Slutz
2014-09-08 13:15 ` [optional][PATCH v3 15/16] Add xen-list-vmware-guestinfo Don Slutz
2014-09-08 13:15 ` [optional][PATCH v3 16/16] Add xen-hvm-send-trigger Don Slutz
2014-09-08 13:38 ` [PATCH v3 00/16] Xen VMware tools support Ian Campbell
2014-09-08 16:58 ` Don Slutz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=540DEDDE.8060704@terremark.com \
--to=dslutz@verizon.com \
--cc=Aravind.Gopalakrishnan@amd.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=eddie.dong@intel.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).