[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage

To: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Wed, 5 Oct 2016 13:54:16 -0700
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Steve Capper <Steve.Capper@xxxxxxx>
Delivery-date: Wed, 05 Oct 2016 20:54:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>



On 05/10/2016 13:23, Tamas K Lengyel wrote:

Hi Julien,
It is expected that certain combinations of mem_access flags will put
the domain into unstable condition, resulting in a crash or a hang. As
Razvan mentioned, on x86 we can end up triggering EPT misconfiguration
with the wrong set of flags. The user of the API is expected to know
what he/she is doing in this regard, we don't do any enforcements or
sanity checking on the Xen side.

As to the issue you describe, indeed that can happen. If the user marks
a pagetable area non-readable/non-writable and the way ARM reports a
walk for an instruction-fetch as an execute violation when it traps, it
will hang the VM in a continuous violation state as no execute-violation
was requested to be triggered on the gfn by the user. There are other
situations where this can happen, as on ARM there is no such thing as
execute-only memory, so any time the user requests memory to be
execute-only or writable-executable will lead to problems like this -
instruction fetch violation when the user only requested
read-violations. But again, the users are expected to know what they are
doing and perform their own sanity checks as appropriate.

I think the problem I described is neither the fault of the user,neither a misconfiguration of the page table. Let me clarify it.

The user can purposefully restrict the access to stage-1 page table todetect when the OS is modifying them. By side effect, this will alsoimpact the page table walker.

A prefetch abort (e.g when an error occurs when the processor is tryingto load the instruction) can either occur during a stage-1 page tablewalk (e.g the underlying memory of stage-1 page table has beenprotected) or because the permission in the stage-2 entry has beenrestricted.

In the case of the latter, this will always be because the memory is notexecutable. However, for the former may happen if the page table walker(i.e the MMU) is reading/writing the entry.

However, Xen ARM today is always considering that a prefetch abort willhappen because it was not possible to execute the instruction.

I requested clarification about the flags because we need to fix thisvalid issue. From the usage on ARM and in the vm event app, it is notclear how those flags should be used.


Regards,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage
  - From: Razvan Cojocaru

References:
- [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage
  - From: Julien Grall
- Re: [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage
  - From: Razvan Cojocaru
- Re: [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage
  - From: Tamas K Lengyel

Prev by Date: Re: [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage
Next by Date: Re: [Xen-devel] Xen Code Review Dashboard - Outreachy Program Project
Previous by thread: Re: [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage
Next by thread: Re: [Xen-devel] Clarification regarding MEM_ACCESS_* flags usage
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.