[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection

To: "Bitweasil ." <bitweasil@xxxxxxxxxxxxxx>
From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
Date: Fri, 26 Jan 2018 18:40:25 +0200
Cc: andrew.cooper3@xxxxxxxxxx, tamas@xxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel@xxxxxxxxxxxxx
Delivery-date: Fri, 26 Jan 2018 16:40:41 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 01/26/2018 06:17 PM, Bitweasil . wrote:
> The proposed changes would only have an impact if CR3 exiting is
> enabled, which implies a pair of world switches and other code execution
> in a different region of memory and with different page tables anyway.
> 
> Under normal operation, CR3 exiting is not turned on, so this will have
> no impact on operation.
> 
> Are there any non-introspection cases in which CR3 exiting will be
> enabled for hardware virtualized guests?  Given the time cost of a pair
> of world switches and handling the associated code, I question if one
> could even measure the difference of the TLB flush or not.  The CR3
> reporting performance hit under KPTI is quite catastrophic anyway,
> though I expect one could mitigate that somewhat with CR3-targets, if
> one wanted to.

CR3 exits seem indeed to be enabled via {hvm,vmx}_update_cr(v, 0),
however I believe that they currently remain enabled even after the
vm_event consumer detaches from the guest (I dont think
CPU_BASED_CR3_LOAD_EXITING is being cleared from
v->arch.hvm_vmx.exec_control). This needs testing, but I believe it to
be correct.


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
  - From: Bitweasil .
- Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
  - From: Razvan Cojocaru
- Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
  - From: Bitweasil .
- Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
  - From: Razvan Cojocaru
- Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
  - From: Bitweasil .
- Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
  - From: Razvan Cojocaru
- Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
  - From: Bitweasil .

Prev by Date: Re: [Xen-devel] [PATCH] xen/pvshim: fix GNTTABOP_query_size hypercall forwarding with SMAP
Next by Date: Re: [Xen-devel] [PATCH] xen/pvshim: fix GNTTABOP_query_size hypercall forwarding with SMAP
Previous by thread: Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection
Next by thread: [Xen-devel] [xen-unstable-smoke test] 118312: tolerable all pass - PUSHED
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.