|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] x86/HVM: correct hvmemul_map_linear_addr() for multi-page case
>>> On 25.09.18 at 17:30, <andrew.cooper3@xxxxxxxxxx> wrote: > On 25/09/18 13:41, Jan Beulich wrote: >>>>> On 20.09.18 at 14:41, <andrew.cooper3@xxxxxxxxxx> wrote: >>> On 13/09/18 11:12, Jan Beulich wrote: >>>> The function does two translations in one go for a single guest access. >>>> Any failure of the first translation step (guest linear -> guest >>>> physical), resulting in #PF, ought to take precedence over any failure >>>> of the second step (guest physical -> host physical). >>> Why? What is the basis of this presumption? >>> >>> As far as what real hardware does... >>> >>> This test sets up a ballooned page and a read-only page. I.e. a second >>> stage fault on the first part of a misaligned access, and a first stage >>> fault on the second part of the access. >>> >>> (d1) --- Xen Test Framework --- >>> (d1) Environment: HVM 64bit (Long mode 4 levels) >>> (d1) Test splitfault >>> (d1) About to read >>> (XEN) *** EPT qual 0000000000000181, gpa 000000000011cffc >>> (d1) Reading PTR: got 00000000ffffffff >>> (d1) About to write >>> (XEN) *** EPT qual 0000000000000182, gpa 000000000011cffc >>> (d1) ****************************** >>> (d1) PANIC: Unhandled exception at 0008:00000000001047e0 >>> (d1) Vec 14 #PF[-d-sWP] %cr2 000000000011d000 >>> (d1) ****************************** >>> >>> The second stage fault is recognised first, which is contrary to your >>> presumption, i.e. the code in its current form appears to be correct. >> Coming back to this example of yours: As a first step, are we in >> agreement that with the exception of very complex instructions >> (FSAVE, FXSAVE, XSAVE etc) instructions are supposed to work in an >> all-or-nothing manner when it comes to updating of architectural >> state (be it registers or memory)? > > No. Read Chapter Intel Vol3 8.1 and 8.2, which makes it quite clear > that misaligned accesses may be split access, and observably so to other > processors in the system. > > I've even found a new bit in it which says that >quadword SSE accesses > may even result in a partial write being completed before #PF is raised. But note that this is indeed limited to x87 / SSE insns. And there's nothing said that this behavior is mandatory. Hence if we emulated things such that (a) we meet the requirements for MOV and ALU insns and (b) we make x87 / SSE ones match (a), all would still be within spec. Furthermore both section individually state that LOCKed insns perform their accesses atomically, regardless of alignment. To me this implies no #PF when part of the write has already happened (presumably achieved by the walks needed for the reads already done as write-access walks). I think hvmemul_rmw() matches this already, yet even there a possible #PF on the second part of a split access could be detected and reported without doing two walks, by way of the change proposed here. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |