Xen project Mailing List

Re: [Xen-devel] [PATCH v2 20/25] arm/altp2m: Add altp2m paging mechanism.

To: Sergej Proskurin <proskurin@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

From: Julien Grall <julien.grall@xxxxxxx>

Date: Sat, 6 Aug 2016 15:21:29 +0100

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Delivery-date: Sat, 06 Aug 2016 14:21:43 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/08/2016 13:57, Sergej Proskurin wrote:

Hi Julien,

Hello Sergej,

On 08/04/2016 06:59 PM, Julien Grall wrote:

Hi Sergej,

On 01/08/16 18:10, Sergej Proskurin wrote:

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 12be7c9..628abd7 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c


[...]

@@ -2403,35 +2405,64 @@ static void do_trap_instr_abort_guest(struct
cpu_user_regs *regs,


[...]

     switch ( fsc )
     {
+    case FSC_FLT_TRANS:
+    {
+        if ( altp2m_active(d) )
+        {
+            const struct npfec npfec = {
+                .insn_fetch = 1,
+                .gla_valid = 1,
+                .kind = hsr.iabt.s1ptw ? npfec_kind_in_gpt :
npfec_kind_with_gla
+            };
+
+            /*
+             * Copy the entire page of the failing instruction into the
+             * currently active altp2m view.
+             */
+            if ( altp2m_lazy_copy(v, gpa, gva, npfec, &p2m) )
+                return;


I forgot to mention that I think there is a race condition here. If
multiple vCPU (let say A and B) use the same altp2m, they may fault here.

If vCPU A already fixed the fault, this function will return false and
continue. So this will lead to inject an instruction abort to the guest.


I believe this is exactly what I have experienced in the last days. I
have applied Tamas' patch [0] but it did not entirely solve the issue. I
will provide more information about the exact behavior a bit later.

+
+            rc = p2m_mem_access_check(gpa, gva, npfec);
+
+            /* Trap was triggered by mem_access, work here is done */
+            if ( !rc )
+                return;
+        }
+
+        break;
+    }


[...]

@@ -2470,23 +2503,31 @@ static void do_trap_data_abort_guest(struct
cpu_user_regs *regs,

     switch ( fsc )
     {
-    case FSC_FLT_PERM:
+    case FSC_FLT_TRANS:
     {
-        const struct npfec npfec = {
-            .read_access = !dabt.write,
-            .write_access = dabt.write,
-            .gla_valid = 1,
-            .kind = dabt.s1ptw ? npfec_kind_in_gpt :
npfec_kind_with_gla
-        };
+        if ( altp2m_active(current->domain) )
+        {
+            const struct npfec npfec = {
+                .read_access = !dabt.write,
+                .write_access = dabt.write,
+                .gla_valid = 1,
+                .kind = dabt.s1ptw ? npfec_kind_in_gpt :
npfec_kind_with_gla
+            };

-        rc = p2m_mem_access_check(info.gpa, info.gva, npfec);
+            /*
+             * Copy the entire page of the failing data access into the
+             * currently active altp2m view.
+             */
+            if ( altp2m_lazy_copy(v, info.gpa, info.gva, npfec, &p2m) )
+                return;


Ditto.

Ok.

+
+            rc = p2m_mem_access_check(info.gpa, info.gva, npfec);
+
+            /* Trap was triggered by mem_access, work here is done */
+            if ( !rc )
+                return;
+        }


Best regards,
~Sergej

[0] https://github.com/tklengyel/xen branch arm_mem_access_reinject

-- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.