[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86: Always have CR4.PKE set in HVM context

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Mon, 3 May 2021 14:14:50 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C5m17tToisrf52j6nqdrPs9TooiC3tVzUWmKZJAxMao=; b=EsLV8+LwD5n3lkf176LOfgD5b/7Yj8P+xrhShnjW34hrQjTVG0Vkl1XYSeER2wWWmbzQoq3xd4LWtcT0xgr/aKdgH+nmCNe0JWfZx6/wtAP/BsWFd+ooe3CLJzLEVqaAp71LXqKo6ubKHmRKHl2aMAfdm4WYimWKDMx/KVyUo0r/EMMdkDP1simCJGLhMlXYr32m0Ud+Ds2wk9w9dfCp/hBqxDH6RLbVs9uGcpWPGlFYXFSrwEqPQlllI6gUr46FQAg6b6lcg4+Rn//SuTgQPn0NgyKUEeEosk05GRulFlnfnzTEgBlM9j4WxwVZShmThoiBuNMf/7m4z/mNh96IQw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yc8+lG531LPjT8Or0AkHWUfvh3Z5sWiPlG34Wtl8If9jSvcIWnT1/vz4loxg3/g2Bgc1sJg2WZ5Mdmbl3WK7kmSaLF8Q+s1T7XlobKyHCBC70ojnG58f/dmVnc5xnuYeAIEdFbk8Kegw7C+ggG7KSIZ+cvKVxQiKmHfZm5radLYbyWpAG1Qj/jAj8bVNxz+kulndvFsKo0ARYmN/O1zepKSQ8SKcug5MgNZ2A7uKq8UK9CX1RGNiGm/r+3TRO0mh70q4CCGHZevfCLMcOob38Rt5eGZu2HcDFRSUNiIGCJxanq55fkbcAiLRGJNN/vd7GkNvpId8KGcRq1bdykyLSg==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 03 May 2021 13:15:26 +0000
  • Ironport-hdrordr: A9a23:UyyloKMNCyaaBsBcT2zw55DYdL4zR+YMi2QD/3taDTRIb82VkN 2vlvwH1RnyzA0cQm0khMroAsa9aFvm39pQ7ZMKNbmvGDPntmyhMZ144eLZrwHIMxbVstRQ3a IIScVDIfXtEFl3itv76gGkE9AmhOKK6rysmP229RZQZCtBApsQijtRIACdD0FwWU1iDZ02CJ KT6qN81kWdUF4Qadm2AWRAYvPKoMfFmImjTRkNARMm7wfmt0LV1JfRFR+E0hACFw5e2LtKyx m5ryXVxIWG98u6xBjVynPJ4/1t9ufJ59NfCKW3+7AoAxr2jALAXvUHZ5Sju3QPrPir+BIWlr D30m0dFuBSz1+UQW2vuxvq3GDboUUTwlvv00WRj3emgeGRfkNCN+N7iYhUcgTU5iMb1bkWus I7vBPti7NtARzNhyj77dTTPisa8nacmnY+jfUVy0VWTIp2Us4gkaUk4EhXHJ0cdRiKjrwPLe 8GNrC/2N9ra1+AK1jWsm5zqebcJUgbL1OtR0gPvdGtyD5GnHx15Ftw/r1vol4wsL06UJVK/O LCL+BBk6xPVNYfaeZHCP4GWtbfMB2DfTv8dEapZXj3HqAOPHzA77bx/bUO/emvPLgF1oE7lp jtWE5R3FRCNX7GOImr5tlm4xrNSGKyUXDG0cdF/aV0vbX6Wf7CLTCDYEpGqbrin9wvRungH9 qjMpNfBPHuaUH0H5xS4gH4U55ObVEDTcwuvMohUV7mmLOKFqTa8sjgNNrDLrvkFjgpHknlBG EYYTT1LMJcqm+xXHvVhwXQRmPNdkTz8YkYKtmew8EjjKw2cqFcuAkcjlq0ouuRLydZj6AwdE xiZJPr+5nL4VWezCLt1SFEKxBdBkFa7PHLSHVRvzIHNEvybPIms9WbcmZC4WufKnZEPoTrOT 8ag24y1bO8LpSWyyxnIcmgKHimg3wao2/PaJsAhKuZ54PAdokjBpgrHIx9fD+7ViBdqEJPki NueQUETkjQGnfFkqO+lqEZA+nZap1bmwekIcldrFrFrkWCrcQTRn8WNgTeE/K/sEILfX55l1 dx+6gQjP6rgjC0M1Yyh+w+LRlxcmiNOalHCw6EfY1QvbjudGhLPCG3rA3fryt2Vnvh9k0UiG CkCSGPY/nEDmBQvW1i3r/w/El5cXiceExMeml32LcNZ1juizJW66umd6Cz22yeZh85zuYRPC rsTBESLgltrurHniK9qXKnLzEL158uNuvSAPAfaLnVwGqqM5DNv7oBBeVo8JFsM83OvucHXf mEQRKcKCr1BooSqlWoj0dgHBMxhGgvkPvu1hGg0XOx22QnB+HOZHthXLMWLrinniHZbsfN9K 88q907veG9aDqsLvGHzLzadD5FJFf4p3WsQ+QhtJBTuuYTudJIbu7meAqN8EsC+hM0aPrQvg c5Zo9Q5bjaII9hf8AIYUtijxEUveXKCHFuixD8B+81QEokgHDaNe6Y+ragk8taPmSx4C/LfW SF+yJT//35TzKO+L4TBaU3O3lXYiEHmQJf1dLHU43bEwOxce5fuHK8L3+mabdYIZL1VIk4n1 Jf49uSmfWQeDe98AfMvSFjKqYL12q8W8u9DEatHuFPmubKdWiks++P4MSpii3wRib+Q0MEhZ ddfUhVV/99sFAZ/cUK+xn3bLf2rEIjm0Zf5j8itmeF4PnZ3E7rWWdcMQPYhZ1KWyJ0KXbgt7 WczdSl
  • Ironport-sdr: LqPKTZNzNWi38lZ6Qvveb1feCTSnvjbsyovASPoBXtk8ZHk4NdtP7utWmjecQTpiNU2GeuJZRu DOqQvBkWzv9l5ulSnZcqm+1yH0BOTV6nR0toWnAGl3LI6+qKIXbKpaZkzPDkwn6x37ODGZoHfr xBsS7H18QiisIRPSamCCIqt7YRfoRYhRmKDuG5uAhJatcJbYivc5asEuvZMcZjv0yXOD1UyAFR 94wjQPUuluGsa4rooD8XR2o/zpv0PapjooQ5ygl7I8+tZX3hlQ5VSYxs89xEXpf5zyBoJJMzm/ Imk=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 03/05/2021 13:42, Jan Beulich wrote:
> On 30.04.2021 00:12, Andrew Cooper wrote:
>> The sole user of read_pkru() is the emulated pagewalk, and guarded behind
>> guest_pku_enabled() which restricts the path to HVM (hap, even) context only.
>>
>> The commentary in read_pkru() concerning _PAGE_GNTTAB overlapping with
>> _PAGE_PKEY_BITS is only applicable to PV guests.
>>
>> The context switch path, via write_ptbase() unconditionally writes CR4 on any
>> context switch.
>>
>> Therefore, we can guarantee to separate CR4.PKE between PV and HVM context at
>> no extra cost.  Set PKE in mmu_cr4_features on boot, so it becomes set in HVM
>> context, and clear it in pv_make_cr4().
>>
>> Rename read_pkru() to rdpkru() now that it is a simple wrapper around the
>> instruction.  This saves two CR4 writes on every pagewalk, which typically
>> occur more than one per emulation.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> ---
>> CC: Jan Beulich <JBeulich@xxxxxxxx>
>> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
>> CC: Wei Liu <wl@xxxxxxx>
>>
>> It also occurs to me that for HVM/Idle => HVM/Idle context switches, we never
>> need to change CR4.  I think this is substantially clearer following XSA-293 
>> /
>> c/s b2dd00574a4f ("x86/pv: Rewrite guest %cr4 handling from scratch") which
>> introduced pv_make_cr4().
> Never needing to change CR4 doesn't uniformly mean writes can be avoided.
> Part of the purpose of the writes is to flush the TLB. Per-domain as well
> as shadow mappings may be in need of such if global mappings are used
> anywhere.

Per domain are not global.  Shadows from HVM guests are a) surely not
global given their changeability, and b) in a non-root TLB tag.

Details like this do need checking, but it shouldn't be hard to improve
on what we've currently got.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.