Re: [PATCH] x86/EPT: defer enabling of A/D maintenance until PML get enabled

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Kai Huang <kai.huang@linux.intel.com>
To: Jan Beulich <JBeulich@suse.com>, Kai Huang <kaih.linux@gmail.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Kevin Tian <kevin.tian@intel.com>,
	Jun Nakajima <jun.nakajima@intel.com>,
	xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH] x86/EPT: defer enabling of A/D maintenance until PML get enabled
Date: Thu, 15 Oct 2015 14:42:45 +0800	[thread overview]
Message-ID: <561F4AE5.2080102@linux.intel.com> (raw)
In-Reply-To: <561E3C0102000078000AACEB@prv-mh.provo.novell.com>



On 10/14/2015 05:26 PM, Jan Beulich wrote:
>>>> On 14.10.15 at 11:08, <kai.huang@linux.intel.com> wrote:
>> After some thinking, just set/clear p2m->ept.ept_ad is not enough -- we
>> also need to __vmwrite it to VMCS's EPTP, and then call ept_sync_domain.
> Ah, yes, this makes sense of course.
>
>> I have verified attached patch can work.
> Thanks!
>
>> Which implementation would you prefer, existing code or with attached
>> patch? If you prefer the latter, please provide comments.
> I think it's marginal whether to flip the bit in ept_{en,dis}able_pml()
> or vmx_domain_{en,dis}able_pml(); the former would seem slightly
> more logical.
>
> There's one possible problem with the patch though: Deferring the
> sync from the vcpu to the domain function is fine when the domain
> function is the caller, but what about the calls out of vmx.c? The
> calls look safe as the domain isn't running (yet or anymore) at that
> point, but the respective comments may need adjustment (and
> the disable one should also refer to vmx_domain_disable_pml()),
> in order to avoid confusing future readers. Also you'd need to fix
> coding style of these new comments.
Thanks for your comments Jan. Actually I am not happy with combining 
with EPT A/D bit update with PML enabling to single function. After 
thinking again, how about adding a separate vmx function (ex, 
vmx_domain_update_eptp) to update EPTP of VMCS of all vcpus of domain 
after p2m->ept.ept_ad is updated. Another good is this function can also 
be used in the future for other runtime updates to p2m->ept.

What's your idea?

Below is the temporary code verified to be able to work. If you are OK 
with this approach (and comments are welcome), I will send out the 
formal patch.

diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 3592a88..cddab15 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -1553,6 +1553,30 @@ void vmx_domain_flush_pml_buffers(struct domain *d)
          vmx_vcpu_flush_pml_buffer(v);
  }

+static void vmx_vcpu_update_eptp(struct vcpu *v, u64 eptp)
+{
+    vmx_vmcs_enter(v);
+    __vmwrite(EPT_POINTER, eptp);
+    vmx_vmcs_exit(v);
+}
+
+/*
+ * Update EPTP data to VMCS of all vcpus of the domain. Must be called when
+ * domain is paused.
+ */
+void vmx_domain_update_eptp(struct domain *d)
+{
+    struct p2m_domain *p2m = p2m_get_hostp2m(d);
+    struct vcpu *v;
+
+    ASSERT(atomic_read(&d->pause_count));
+
+    for_each_vcpu( d, v )
+        vmx_vcpu_update_eptp(v, ept_get_eptp(&p2m->ept));
+
+    ept_sync_domain(p2m);
+}
+
  int vmx_create_vmcs(struct vcpu *v)
  {
      struct arch_vmx_struct *arch_vmx = &v->arch.hvm_vmx;
diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index 74ce9e0..cbba06a 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -1129,17 +1129,26 @@ void ept_sync_domain(struct p2m_domain *p2m)

  static void ept_enable_pml(struct p2m_domain *p2m)
  {
      /*
-     * No need to check if vmx_domain_enable_pml has succeeded or not, as
+     * No need to return if vmx_domain_enable_pml has succeeded or not, as
       * ept_p2m_type_to_flags will do the check, and write protection 
will be
       * used if PML is not enabled.
       */
-    vmx_domain_enable_pml(p2m->domain);
+    if ( vmx_domain_enable_pml(p2m->domain) )
+        return;
+
+    p2m->ept.ept_ad = 1;
+    vmx_domain_update_eptp(p2m->domain);
  }

  static void ept_disable_pml(struct p2m_domain *p2m)
  {
      vmx_domain_disable_pml(p2m->domain);
+
+    p2m->ept.ept_ad = 0;
+    vmx_domain_update_eptp(p2m->domain);
  }

  static void ept_flush_pml_buffers(struct p2m_domain *p2m)
@@ -1166,8 +1177,6 @@ int ept_p2m_init(struct p2m_domain *p2m)

      if ( cpu_has_vmx_pml )
      {
-        /* Enable EPT A/D bits if we are going to use PML. */
-        ept->ept_ad = cpu_has_vmx_pml ? 1 : 0;
          p2m->enable_hardware_log_dirty = ept_enable_pml;
          p2m->disable_hardware_log_dirty = ept_disable_pml;
          p2m->flush_hardware_cached_dirty = ept_flush_pml_buffers;
diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h 
b/xen/include/asm-x86/hvm/vmx/vmcs.h
index f1126d4..ec526db 100644
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -518,6 +518,8 @@ int vmx_domain_enable_pml(struct domain *d);
  void vmx_domain_disable_pml(struct domain *d);
  void vmx_domain_flush_pml_buffers(struct domain *d);

+void vmx_domain_update_eptp(struct domain *d);
+
  #endif /* ASM_X86_HVM_VMX_VMCS_H__ */


Thanks,
-Kai

>
> Jan
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
>

next prev parent reply	other threads:[~2015-10-15  6:46 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-28 14:42 [PATCH] x86/EPT: defer enabling of A/D maintenance until PML get enabled Jan Beulich
2015-09-28 15:00 ` George Dunlap
2015-09-29 12:51 ` Andrew Cooper
2015-09-30  8:58 ` Kai Huang
2015-09-30  9:54   ` Jan Beulich
2015-09-30 12:45     ` Kai Huang
2015-10-14  1:19       ` Kai Huang
2015-10-14  9:08         ` Kai Huang
2015-10-14  9:26           ` Jan Beulich
2015-10-15  6:42             ` Kai Huang [this message]
2015-10-15  7:11               ` Jan Beulich
2015-10-15  7:35                 ` Kai Huang
2015-10-15  7:41                   ` Kai Huang
2015-10-15  8:26                   ` Jan Beulich

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3592a88 dfblob:cddab15 dfblob:74ce9e0 dfblob:cbba06a
dfblob:f1126d4 dfblob:ec526db )
 OR (
bs:"Re: [PATCH] x86/EPT: defer enabling of A/D maintenance until PML get enabled" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=561F4AE5.2080102@linux.intel.com \
    --to=kai.huang@linux.intel.com \
    --cc=JBeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=jun.nakajima@intel.com \
    --cc=kaih.linux@gmail.com \
    --cc=kevin.tian@intel.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).