[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1] x86/mm: Supresses vm_events caused by page-walks

On 10/30/2017 07:38 PM, Tamas K Lengyel wrote:
> On Mon, Oct 30, 2017 at 11:19 AM, Razvan Cojocaru
> <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> On 10/30/2017 07:07 PM, Tamas K Lengyel wrote:
>>> On Mon, Oct 30, 2017 at 11:01 AM, Razvan Cojocaru
>>> <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>>> On 10/30/2017 06:39 PM, Tamas K Lengyel wrote:
>>>>> On Mon, Oct 30, 2017 at 10:24 AM, Razvan Cojocaru
>>>>> <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>>>>> On 30.10.2017 18:01, Tamas K Lengyel wrote:
>>>>>>> On Mon, Oct 30, 2017 at 4:32 AM, Alexandru Isaila
>>>>>>> <aisaila@xxxxxxxxxxxxxxx> wrote:
>>>>>>>> This patch is adding a way to enable/disable nested pagefault
>>>>>>>> events. It introduces the xc_monitor_nested_pagefault function
>>>>>>>> and adds the nested_pagefault_disabled in the monitor structure.
>>>>>>>> This is needed by the introspection so it will only get gla
>>>>>>>> faults and not get spammed with other faults.
>>>>>>>> In p2m_set_ad_bits the v->arch.sse_pg_dirty.eip and
>>>>>>>> v->arch.sse_pg_dirty.gla are used to mark that this is the
>>>>>>>> second time a fault occurs and the dirty bit is set.
>>>>>>> Could you describe under what conditions do you get these other faults?
>>>>>> Hey Tamas, the whole story is at page 8 of this document:
>>>>>> https://www.researchgate.net/publication/281835515_Proposed_Processor_Extensions_for_Significant_Speedup_of_Hypervisor_Memory_Introspection
>>>>> Hi Razvan,
>>>>> thanks but I'm not sure that doc addresses my question. You
>>>>> effectively filter out npfec_kind_in_gpt and npfec_kind_unknown in
>>>>> this patch. The first, npfec_kind_in_gpt should only happen if you
>>>>> have restricted access to the gpt with ept and the processor couldn't
>>>>> walk the table. But if you don't want to get events of these types
>>>>> then why not simply not restrict access the gpt to begin with? And as
>>>>> for npfec_kind_unknown, I don't think that gets generated under any
>>>>> situation. So hence my question, what is your setup that makes this
>>>>> patch necessary?
>>>> On the npfec_kind_unknown case, indeed, we were wondering when that
>>>> might possibly occur when discussing this patch - it's probably reserved
>>>> for the future?
>>>> On why our introspection engine decides to restrict access to those
>>>> specific pages, I am not intimate with its inner workings, and not sure
>>>> how much could be disclosed here in any case. Is it not a worthwhile
>>>> (and otherwise harmless) tool to be able to switch A/D bits-triggered
>>>> EPT faults anyway, for introspection purposes?
>>> It changes the default behavior of mem_access events so I just wanted
>>> to get some background on when that is really required. Technically
>>> there is no reason why we couldn't do that filtering in Xen. I think
>>> it might be better to flip the filter the other way though so the
>>> default behavior remains as is (ie. change the option to enable
>>> filtering instead of enabling monitoring).
>> Wait, it shouldn't change the default behaviour at all. If nobody calls
>> that function, all the EPT event kinds should be sent out - the new
>> monitor flag is a "disable" flag for non-GLA event (the so-called
>> "nested page fault" events).
> Oh yea you are right, I completely overlooked that it is named
> "nested_pagefault_disabled" =) Maybe a comment in the domctl header
> would be warranted to note that this is enabled by default when
> mem_access is used.

Other than adding the above mentioned comment, does anyone require other
changes we should make in V2?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.