From: Juergen Gross <jgross@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Razvan Cojocaru <rcojocaru@bitdefender.com>,
Jan Beulich <jbeulich@suse.com>
Cc: wei.liu2@citrix.com, george.dunlap@eu.citrix.com, tim@xen.org,
ian.jackson@eu.citrix.com, xen-devel@lists.xen.org,
paul.durrant@citrix.com, keir@xen.org
Subject: Re: [for-4.7] x86/emulate: synchronize LOCKed instruction emulation
Date: Thu, 14 Apr 2016 10:18:04 +0200 [thread overview]
Message-ID: <570F523C.90101@suse.com> (raw)
In-Reply-To: <570F4E58.1040403@citrix.com>
On 14/04/16 10:01, Andrew Cooper wrote:
> On 14/04/2016 08:46, Juergen Gross wrote:
>> On 14/04/16 08:31, Razvan Cojocaru wrote:
>>> On 04/14/16 09:09, Juergen Gross wrote:
>>>> On 14/04/16 07:56, Razvan Cojocaru wrote:
>>>>> This indeed doesn't guard against LOCKed instructions being run in
>>>>> parallel with and without emulation, however that is a case that should
>>>>> almost never occur - at least not with introspection, where currently
>>>>> all emulation happens as a result of EPT faults - so either all
>>>>> instructions hitting a restricted page are emulated, or all ar run
>>>>> directly. As long as all emulation can safely run in parallel and all
>>>>> parallel non-emulation is also safe, it should be alright. But, yes,
>>>>> this patch doesn't cover the case you're mentioning.
>>>> What about grant pages? There could be parallel accesses from different
>>>> domains, one being introspected, the other not.
>>> I'm not familiar with the code there, but the main issue is, I think,
>>> LOCKed instructions that access (read / write) the same memory area - as
>>> long as that doesn't happen, it should be fine, which may be the reason
>>> why it hasn't caused problems so far.
>> Depends on the guest, I suppose. :-)
>>
>> I've been bitten by this before in my former position: we had a custom
>> pv-driver in dom0 which wasn't using LOCKed instructions accessing a
>> grant page. Reason was dom0 had one vcpu only and the Linux kernel
>> patched all LOCKs away as it didn't deem them being necessary. This
>> resulted in a very hard to debug communication failure between domU
>> and dom0.
>>
>>> While not perfect, I believe that the added safety is worth the small
>>> performance impact for writes. I feel that going from unsafe parallel
>>> emulation to safe parallel emulation is a good step to take, at least
>>> until the problem can be fixed completely by more complex measures.
>> I'm fine with you saying for your use case the solution is good enough.
>>
>> Just wanted to point out a possible problem. This might not happen
>> for most guest types, but you can't be sure. :-)
>
> But accesses into a mapped grant don't trap for emulation. Why would
> locks here be any different to usual?
With memory introspection switched on they will trap, won't they?
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-04-14 8:18 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-13 12:26 [for-4.7] x86/emulate: synchronize LOCKed instruction emulation Razvan Cojocaru
2016-04-14 4:35 ` Jan Beulich
2016-04-14 5:56 ` Razvan Cojocaru
2016-04-14 6:09 ` Juergen Gross
2016-04-14 6:31 ` Razvan Cojocaru
2016-04-14 7:46 ` Juergen Gross
2016-04-14 8:01 ` Andrew Cooper
2016-04-14 8:18 ` Juergen Gross [this message]
2016-04-14 8:25 ` Razvan Cojocaru
2016-04-14 8:07 ` Andrew Cooper
2016-04-14 8:09 ` Razvan Cojocaru
2016-04-14 9:08 ` Razvan Cojocaru
2016-04-14 15:33 ` Jan Beulich
2016-04-14 15:44 ` Jan Beulich
2016-04-14 16:00 ` Razvan Cojocaru
2016-04-14 16:11 ` Jan Beulich
2016-04-14 8:51 ` Razvan Cojocaru
2016-04-14 15:31 ` Jan Beulich
2016-04-14 15:40 ` Razvan Cojocaru
2016-04-14 10:35 ` David Vrabel
2016-04-14 11:43 ` Razvan Cojocaru
2016-04-14 15:40 ` Jan Beulich
2016-04-14 15:45 ` Andrew Cooper
2016-04-14 16:09 ` Jan Beulich
2016-04-14 15:45 ` Razvan Cojocaru
2016-04-14 16:08 ` Jan Beulich
2016-04-18 12:14 ` Razvan Cojocaru
2016-04-18 16:45 ` Jan Beulich
2016-04-19 11:01 ` Razvan Cojocaru
2016-04-19 16:35 ` Jan Beulich
2016-04-26 16:03 ` George Dunlap
2016-04-26 17:23 ` Razvan Cojocaru
2016-04-26 17:39 ` Andrew Cooper
2016-04-27 6:25 ` Jan Beulich
2016-04-27 7:36 ` Andrew Cooper
2016-04-27 6:22 ` Jan Beulich
2016-04-27 7:14 ` Razvan Cojocaru
2016-05-03 14:20 ` Razvan Cojocaru
2016-05-03 14:30 ` Jan Beulich
2016-05-03 14:41 ` Razvan Cojocaru
2016-05-03 15:13 ` Jan Beulich
2016-05-04 11:32 ` Razvan Cojocaru
2016-05-04 13:42 ` Jan Beulich
2016-05-05 9:25 ` Razvan Cojocaru
2016-05-05 16:38 ` Jan Beulich
2016-05-13 15:27 ` Wei Liu
2016-05-13 15:51 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=570F523C.90101@suse.com \
--to=jgross@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=paul.durrant@citrix.com \
--cc=rcojocaru@bitdefender.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).