Xen project Mailing List

RE: [PATCH v2 3/3] x86/vmx: implement Notify VM Exit

To: Pau Monné, Roger <roger.pau@xxxxxxxxxx>, "Beulich, Jan" <JBeulich@xxxxxxxx>

From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>

Date: Wed, 8 Jun 2022 03:51:03 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bkkumWqgbaZ3AgzGuQ+NeBErrcxjIN5t/ctVRL3LnYE=; b=jfdIMt3VIdNmVrLRyZ81I1LrUgtbSo7qh3xOdib20t6+YU0VBMug9ff38k8K+EPZw1MlyCwsif90H6QifmSgr/WYoQz5E23m7gMEy7/MqzyeQu/jSe77W5LhGAsB5hMyKSeYldyFqKV7poUiwq+Q6eBOQvNLuLL/EucFtr6qfEmrVY3raUvVFyt0wIvB5YajstxSGfwj5i2he6AnocG8frFS5pYSLZpH5dtevA1IPm1d/jqTXLbboJsJmtDj4yTUS/diQPkMICo+vlZgbtgQD7VFkOzmWV8WpmX4Feu4pWjhVNtcczDWCEkrvlpH9XpsGPBob3NeMiaO5zUAmkqhvg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SjZ3E/f2CD/kAykjOLjc+rgX0DBTXXw7JhM9OyNqp51ztXOTxywjoXu1Mf+/B8Rc8B2KYbvK+zz5E8Zzkbl6/BzeLuCodrsbqERTZpKxIHOj0CSbHjTt/t+rxwyVzNm3OhxOMZ9kRsjBREt42rLmM1c1uq6EsvZAjhnwXbHsSlRdEhYgQWfOzZzCIk1Qg8I7c/2IHOQqyzRnEi2g6RcH8hOoz5bdrrwElcLwziZkJ1b4gc7y2N7CSqJkIKP9bkXvq5FOnX7IFmOaXpxThN/id0TbbSGLZ/Rvqqno3hYcC5OTTjwjYvq9ZtlwCyUxYDcEkj6zdJMOwTvTj8ChlGXdDg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;

Cc: "Cooper, Andrew" <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 08 Jun 2022 03:51:35 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYcPGLnpUujBwR5EWVeB9tTYBUAq09rvQAgAAghACABdMugIAAJ8gAgAEpgQA=

Thread-topic: [PATCH v2 3/3] x86/vmx: implement Notify VM Exit

> From: Roger Pau Monné > Sent: Tuesday, June 7, 2022 6:06 PM > > On Tue, Jun 07, 2022 at 09:43:25AM +0200, Jan Beulich wrote: > > On 03.06.2022 16:46, Roger Pau Monné wrote: > > > On Fri, Jun 03, 2022 at 02:49:54PM +0200, Jan Beulich wrote: > > >> On 26.05.2022 13:11, Roger Pau Monne wrote: > > >>> --- a/xen/arch/x86/hvm/vmx/vmx.c > > >>> +++ b/xen/arch/x86/hvm/vmx/vmx.c > > >>> @@ -1419,10 +1419,19 @@ static void cf_check > vmx_update_host_cr3(struct vcpu *v) > > >>> > > >>> void vmx_update_debug_state(struct vcpu *v) > > >>> { > > >>> + unsigned int mask = 1u << TRAP_int3; > > >>> + > > >>> + if ( !cpu_has_monitor_trap_flag && > cpu_has_vmx_notify_vm_exiting ) > > >> > > >> I'm puzzled by the lack of symmetry between this and ... > > >> > > >>> + /* > > >>> + * Only allow toggling TRAP_debug if notify VM exit is > > >>> enabled, as > > >>> + * unconditionally setting TRAP_debug is part of the XSA-156 > > >>> fix. > > >>> + */ > > >>> + mask |= 1u << TRAP_debug; > > >>> + > > >>> if ( v->arch.hvm.debug_state_latch ) > > >>> - v->arch.hvm.vmx.exception_bitmap |= 1U << TRAP_int3; > > >>> + v->arch.hvm.vmx.exception_bitmap |= mask; > > >>> else > > >>> - v->arch.hvm.vmx.exception_bitmap &= ~(1U << TRAP_int3); > > >>> + v->arch.hvm.vmx.exception_bitmap &= ~mask; > > >>> > > >>> vmx_vmcs_enter(v); > > >>> vmx_update_exception_bitmap(v); > > >>> @@ -4155,6 +4164,9 @@ void vmx_vmexit_handler(struct > cpu_user_regs *regs) > > >>> switch ( vector ) > > >>> { > > >>> case TRAP_debug: > > >>> + if ( cpu_has_monitor_trap_flag && > cpu_has_vmx_notify_vm_exiting ) > > >>> + goto exit_and_crash; > > >> > > >> ... this condition. Shouldn't one be the inverse of the other (and > > >> then it's the one down here which wants adjusting)? > > > > > > The condition in vmx_update_debug_state() sets the mask so that > > > TRAP_debug will only be added or removed from the bitmap if > > > !cpu_has_monitor_trap_flag && cpu_has_vmx_notify_vm_exiting (note > that > > > otherwise TRAP_debug is unconditionally set if > > > !cpu_has_vmx_notify_vm_exiting). > > > > > > Hence it's impossible to get a VMExit TRAP_debug with > > > cpu_has_monitor_trap_flag && cpu_has_vmx_notify_vm_exiting because > > > TRAP_debug will never be set by vmx_update_debug_state() in that > > > case. > > > > Hmm, yes, I've been misguided by you not altering the existing setting > > of v->arch.hvm.vmx.exception_bitmap in construct_vmcs(). Instead you > > add an entirely new block of code near the bottom of the function. Is > > there any chance you could move up that adjustment, perhaps along the > > lines of > > > > v->arch.hvm.vmx.exception_bitmap = HVM_TRAP_MASK > > | (paging_mode_hap(d) ? 0 : (1U << TRAP_page_fault)) > > | (v->arch.fully_eager_fpu ? 0 : (1U << TRAP_no_device)); > > if ( cpu_has_vmx_notify_vm_exiting ) > > { > > __vmwrite(NOTIFY_WINDOW, vm_notify_window); > > /* > > * Disable #AC and #DB interception: by using VM Notify Xen is > > * guaranteed to get a VM exit even if the guest manages to lock the > > * CPU. > > */ > > v->arch.hvm.vmx.exception_bitmap &= ~((1U << TRAP_debug) | > > (1U << TRAP_alignment_check)); > > } > > vmx_update_exception_bitmap(v); > > Sure, will move up when posting a new version then. I will wait for > feedback from Jun or Kevin regarding the default window size before > doing so. > let me check internally.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.