From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Catterall Subject: Re: [RFC 3/4] HVM x86 deprivileged mode: Code for switching into/out of deprivileged mode Date: Wed, 19 Aug 2015 11:36:51 +0100 Message-ID: <55D45C43.7050700@citrix.com> References: <20150810094928.GC3094@deinos.phlegethon.org> <55C87989.6050700@citrix.com> <20150811095535.GA884@deinos.phlegethon.org> <55CA2824.4020405@citrix.com> <20150811170522.GD884@deinos.phlegethon.org> <55CA2E91.4030204@citrix.com> <55CA3EF3.7090001@oracle.com> <55CB4A56.1000600@citrix.com> <55CB4B14.8060704@citrix.com> <55D1E770.5070906@citrix.com> <20150817150713.GB42311@deinos.phlegethon.org> <55D36374.6060805@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <55D36374.6060805@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrew Cooper , Tim Deegan Cc: xen-devel@lists.xensource.com, keir@xen.org, ian.campbell@citrix.com, george.dunlap@eu.citrix.com, Aravind Gopalakrishnan , jbeulich@suse.com, Boris Ostrovsky , Suravee Suthikulpanit List-Id: xen-devel@lists.xenproject.org On 18/08/15 17:55, Andrew Cooper wrote: > > > On 17/08/15 08:07, Tim Deegan wrote: >> At 14:53 +0100 on 17 Aug (1439823232), Ben Catterall wrote: >>> On 12/08/15 14:33, Andrew Cooper wrote: >>>> On 12/08/15 14:29, Andrew Cooper wrote: >>>>> On 11/08/15 19:29, Boris Ostrovsky wrote: >>>>>> Would switching TR only when we know that we need to enter this >>>>>> deprivileged mode help? >>>>> This is an absolute must. It is not safe to use syscall/sysexit >>>>> without >>>>> IST in place for NMIs and MCEs. >>>>> >>>>>> Assuming that it is less expensive than copying the stack. >>>>> I was referring to the stack overflow issue, and whether it might be >>>>> sensible to pro-actively which TR. >>>> Ahem! s/which/switch/ >>>> >>>> ~Andrew >>>> >>> So, have we arrived at a decision for this? Thanks! > > Apologies for the delay - I am currently at the Xen Developer Summit. > No worries! Hope you're enjoying the summit. :) >> Seems to have stalled a bit. OK, I propose that: >> - we use TR/IST to make Xen take interrupts/exceptions at a >> different SP; > > Xen re-enables interrupts in most interrupt handlers, which means that > they must not have an IST set. If an IST was set, a second interrupt > would clobber the frame of the first. > > However, just adjusting tss->rsp0 and syscall top-of-stack to the > current rsp when entering depriv mode should be sufficient, and will > avoid needing to copy the stack. Got it, thanks! > >> - we make that SP be an extension of the main stack, so that things >> like current() Just Work[tm]; >> - we set this up and tear it down when we enter/leave depriv mode. >> - someone ought to look at the case where IST handlers copy >> themselves to the main stack, and see if we need to adjust that too. > > They will need adjusting, but just disabling the copy entirely should be > ok. ok. > >> >> Any other proposals? >> >> I think we can leave the question of TR switching on VMEXIT as a >> separate issue. > > Agreed. It is orthogonal to this problem. > > ~Andrew