From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [RFC 3/4] HVM x86 deprivileged mode: Code for
 switching into/out of deprivileged mode
Date: Tue, 18 Aug 2015 09:55:16 -0700
Message-ID: <55D36374.6060805@citrix.com>
References: <20150810094928.GC3094@deinos.phlegethon.org>
	<55C87989.6050700@citrix.com>
	<20150811095535.GA884@deinos.phlegethon.org>
	<55CA2824.4020405@citrix.com>
	<20150811170522.GD884@deinos.phlegethon.org>
	<55CA2E91.4030204@citrix.com> <55CA3EF3.7090001@oracle.com>
	<55CB4A56.1000600@citrix.com> <55CB4B14.8060704@citrix.com>
	<55D1E770.5070906@citrix.com>
	<20150817150713.GB42311@deinos.phlegethon.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <20150817150713.GB42311@deinos.phlegethon.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Tim Deegan <tim@xen.org>, Ben Catterall <Ben.Catterall@citrix.com>
Cc: xen-devel@lists.xensource.com, keir@xen.org, ian.campbell@citrix.com, george.dunlap@eu.citrix.com, Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>, jbeulich@suse.com, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
List-Id: xen-devel@lists.xenproject.org



On 17/08/15 08:07, Tim Deegan wrote:
> At 14:53 +0100 on 17 Aug (1439823232), Ben Catterall wrote:
>> On 12/08/15 14:33, Andrew Cooper wrote:
>>> On 12/08/15 14:29, Andrew Cooper wrote:
>>>> On 11/08/15 19:29, Boris Ostrovsky wrote:
>>>>> Would switching TR only when we know that we need to enter this
>>>>> deprivileged mode help?
>>>> This is an absolute must.  It is not safe to use syscall/sysexit without
>>>> IST in place for NMIs and MCEs.
>>>>
>>>>> Assuming that it is less expensive than copying the stack.
>>>> I was referring to the stack overflow issue, and whether it might be
>>>> sensible to pro-actively which TR.
>>> Ahem! s/which/switch/
>>>
>>> ~Andrew
>>>
>> So, have we arrived at a decision for this? Thanks!

Apologies for the delay - I am currently at the Xen Developer Summit.

> Seems to have stalled a bit.  OK, I propose that:
>   - we use TR/IST to make Xen take interrupts/exceptions at a different SP;

Xen re-enables interrupts in most interrupt handlers, which means that 
they must not have an IST set.  If an IST was set, a second interrupt 
would clobber the frame of the first.

However, just adjusting tss->rsp0 and syscall top-of-stack to the 
current rsp when entering depriv mode should be sufficient, and will 
avoid needing to copy the stack.

>   - we make that SP be an extension of the main stack, so that things
>     like current() Just Work[tm];
>   - we set this up and tear it down when we enter/leave depriv mode.
>   - someone ought to look at the case where IST handlers copy
>     themselves to the main stack, and see if we need to adjust that too.

They will need adjusting, but just disabling the copy entirely should be ok.

>
> Any other proposals?
>
> I think we can leave the question of TR switching on VMEXIT as a
> separate issue.

Agreed.  It is orthogonal to this problem.

~Andrew