[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
Date: Thu, 03 Jul 2014 12:34:10 +0300
Cc: tim@xxxxxxx, xen-devel@xxxxxxxxxxxxx
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
Delivery-date: Thu, 03 Jul 2014 09:33:33 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=ko3Za76duLSeZHIw9Bg22X25vzW3ZjjND3lYVVdO5uqm2rjYR475F6QNax5l9f+K9AJsb0+y9nMTMWmjsyZbNrGVTOdJa68dL6X+4bCWsfU3GYZ8vE+MiEyKe0X7I9peulXDhJpDMogIzYT2ybIuxy3fRv6fH5UyWTkEkrx465C7Yrfp4gAPevN8wbQrTaHy0hn4TcY8WTT3ulwAFwbaaPDNdIvA32mdHUB7Gwwbjdp43YebfhYlk/wztbEz7JTz0lldrJl9LftyhIsP5UlQ0uhijCtAle0k+xUlCES7hTZyTkZFa6MUBP13g6TllcasTJDDvEuH9voJ+JpoumowXg==; h=Received:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/03/2014 12:22 PM, Jan Beulich wrote:
>>>> On 03.07.14 at 11:12, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> On 07/03/2014 12:02 PM, Jan Beulich wrote:
>>>>>> On 03.07.14 at 10:55, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>>> On 07/02/2014 06:56 PM, Jan Beulich wrote:
>>>>>>>> On 02.07.14 at 15:33, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>>>>> In a scenario where a page fault that triggered a mem_event occured,
>>>>>> p2m_mem_access_check() will now be able to either 1) emulate the
>>>>>> current instruction, 2) skip the current instruction, or 3) emulate
>>>>>> it, but don't allow it to perform any writes. Since some SSE2
>>>>>> instructions are problematic to emulate (Firefox uses some),
>>>>>> support for setting the A and D (accessed and dirty) bits has been
>>>>>> added (please see p2m_set_ad_bits()).
>>>>>
>>>>> Sadly that reference is useless - the function doesn't have any
>>>>> explanation what all this is about either.
>>>>
>>>> p2m_set_ad_bits() ends up calling the code in
>>>> xen/arch/x86/mm/hap/guest_walk.c, namely an "instantiation" of
>>>> hap_p2m_ga_to_gfn(GUEST_PAGING_LEVELS)(), which in turn calls
>>>> guest_walk_tables() (from xen/arch/x86/mm/guest_walk.c), which sets up
>>>> the A/D bits allowing the problematic instructions to run while
>>>> bypassing emulation for that specific case.
>>>
>>> That's the mechanical part one can indeed work out from the patch.
>>> The interesting but unexplained thing here is which "some SSE2
>>> instructions" you refer to, and what's so special about them (you
>>> not also including e.g. AVX here makes me further curious, as in
>>> most cases AVX ones are direct extensions of SSEn ones, and hence
>>> I'd expect them to be similarly problematic).
>>
>> An example that kept appearing with Xen 4.3 and Firefox in our test
>> environment was: divsd xmm0, qword ptr [0x21c290]
> 
> And what's so special about it? Just that there's a better chance of it
> raising #XM? And why would divss (which is SSE, not SSE2) or vdivsd
> (AVX) not have similar problems?

Nothing is particularly special about it, apart from the fact that it
caused our hypervisor to print out:

Emulation failed @ 001b:21107d: f2 0f 5e 05 90 c2 21 00 8b 4d

and Firefox crashed. Indeed, I agree with Andrew that this looks like a
bug in Xen's emulator, however rather than treating each case
individually and risk random application crashes with instructions we
missed, we decided to, for our purposes, treat this as a class of cases
that can be handled in the same way regardless of the specific instruction.


Thanks,
Razvan Cojocaru

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH RFC 1/9] xen: Emulate with no writes; compute current instruction length
  - From: Razvan Cojocaru
- [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
  - From: Razvan Cojocaru
- Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
  - From: Razvan Cojocaru
- Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
  - From: Razvan Cojocaru
- Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] Bisected Xen-unstable: "Segment register inaccessible for d1v0" when starting HVM guest on intel
Next by Date: Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc
Previous by thread: Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
Next by thread: Re: [Xen-devel] [PATCH RFC 7/9] xen: Handle resumed instruction based on previous mem_event reply
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.