[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC 21/22] xen/arm: p2m: Re-implement p2m_set_mem_access using p2m_{set, get}_entry

On Mon, Aug 1, 2016 at 10:33 AM, Julien Grall <julien.grall@xxxxxxx> wrote:
>
>
> On 01/08/16 17:27, Tamas K Lengyel wrote:
>>
>> On Mon, Aug 1, 2016 at 10:15 AM, Julien Grall <julien.grall@xxxxxxx>
>> wrote:
>>>
>>>
>>>
>>> On 01/08/16 16:59, Tamas K Lengyel wrote:
>>>>
>>>>
>>>> On Mon, Aug 1, 2016 at 9:40 AM, Julien Grall <julien.grall@xxxxxxx>
>>>> wrote:
>>>> IMHO we should just pause the domain while mem_access permissions are
>>>> being changed. On x86 it is not necessary as the mem_access
>>>> bookkeeping is kept in the ept pte entries but since on ARM the two
>>>> things are disjoint it is required. Even on x86 though - while it's
>>>> not strictly necessary - I think it would be a good idea to just pause
>>>> the domain as from a user perspective it would be more intuitive then
>>>> keeping the vCPUs running.
>>>
>>>
>>>
>>> The problem is not because of the bookkeeping, but how the TLBs work. I
>>> never mentioned the radix tree in my previous mail because storing the
>>> access in the entry will not help here. The entry may have been updated
>>> but
>>> the TLBs not yet invalidated.
>>>
>>> x86 does not seem to be affected because if the mem access check fail,
>>> the
>>> instruction is replayed (see hvm_hap_nested_page_fault). This is exactly
>>> the
>>> solution I suggested, which is IHMO the best.
>>
>>
>> I see. Yes, indeed that sounds like the route to take here.
>
>
> I am looking forward to see a patch.
>
>>>
>>> I don't think pausing all the vCPUs of a domain is a good solution, the
>>> overhead will be too high for modifying only one page (see
>>> p2m_mem_access_check for instance).
>>>
>>
>> IMHO the overhead of pausing the domain for setting mem_access
>> permissions is not critical as it is done only on occasion. We can
>> certainly leave the default behavior like this but I'll probably also
>> introduce a new XENMEM_access_op_set_access_sync op that will pause
>> the domain for the duration of the op.
>
>
> Oh, you meant for a user app to set the memaccess. I guess it is fine. I
> mentioned p2m_mem_access_check because this function is supposed to be
> called often in the data/instruction abort handlers, so pausing a domain
> here would be a big overhead.

Right, that would be in most cases. We have a couple mem_access types
though that automatically change to a different one on the first
violation (rx2rw, n2rwx) which could also benefit from the domain
being paused for the duration of the change. All the other permissions
are fine as they are and should only require a domain pause when the
user is setting them.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.