|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
This set of patches adds support to hvm domains for EPTP switching by creating
multiple copies of the host p2m (currently limited to 10 copies).
The primary use of this capability is expected to be in scenarios where access
to memory needs to be monitored and/or restricted below the level at which the
guest OS page tables operate. Two examples that were discussed at the 2014 Xen
developer summit are:
VM introspection:
http://www.slideshare.net/xen_com_mgr/
zero-footprint-guest-memory-introspection-from-xen
Secure inter-VM communication:
http://www.slideshare.net/xen_com_mgr/nakajima-nvf
Each p2m copy is populated lazily on EPT violations, and only contains entries
for
ram p2m types. Permissions for pages in alternate p2m's can be changed in a
similar
way to the existing memory access interface, and gfn->mfn mappings can be
changed.
All this is done through extra HVMOP types.
The cross-domain HVMOP code has been compile-tested only. Also, the cross-domain
code is hypervisor-only, the toolstack has not been modified.
The intra-domain code has been tested. Violation notifications can only be
received
for pages that have been modified (access permissions and/or gfn->mfn mapping)
intra-domain, and only on VCPU's that have enabled notification.
VMFUNC and #VE will both be emulated on hardware without native support.
This code is not compatible with nested hvm functionality and will refuse to
work
with nested hvm active. It is also not compatible with migration. It should be
considered experimental.
Ed White (11):
VMX: VMFUNC and #VE definitions and detection.
VMX: implement suppress #VE.
x86/HVM: Hardware alternate p2m support detection.
x86/MM: Improve p2m type checks.
x86/altp2m: basic data structures and support routines.
VMX/altp2m: add code to support EPTP switching and #VE.
x86/altp2m: introduce p2m_ram_rw_ve type.
x86/altp2m: add remaining support routines.
x86/altp2m: define and implement alternate p2m HVMOP types.
x86/altp2m: fix log-dirty handling.
x86/altp2m: alternate p2m memory events.
docs/misc/xen-command-line.markdown | 7 +
xen/arch/x86/hvm/Makefile | 3 +-
xen/arch/x86/hvm/altp2mhvm.c | 77 ++++++
xen/arch/x86/hvm/hvm.c | 264 +++++++++++++++++++-
xen/arch/x86/hvm/vmx/vmcs.c | 40 +++
xen/arch/x86/hvm/vmx/vmx.c | 139 +++++++++++
xen/arch/x86/mm/guest_walk.c | 2 +-
xen/arch/x86/mm/hap/Makefile | 1 +
xen/arch/x86/mm/hap/altp2m_hap.c | 191 +++++++++++++++
xen/arch/x86/mm/hap/guest_walk.c | 4 +-
xen/arch/x86/mm/hap/hap.c | 30 ++-
xen/arch/x86/mm/mm-locks.h | 4 +
xen/arch/x86/mm/p2m-ept.c | 40 ++-
xen/arch/x86/mm/p2m.c | 472 +++++++++++++++++++++++++++++++++++-
xen/arch/x86/mm/paging.c | 5 -
xen/common/mem_access.c | 1 +
xen/include/asm-arm/p2m.h | 7 +
xen/include/asm-x86/domain.h | 7 +
xen/include/asm-x86/hvm/altp2mhvm.h | 42 ++++
xen/include/asm-x86/hvm/hvm.h | 23 ++
xen/include/asm-x86/hvm/vcpu.h | 9 +
xen/include/asm-x86/hvm/vmx/vmcs.h | 16 ++
xen/include/asm-x86/hvm/vmx/vmx.h | 14 +-
xen/include/asm-x86/msr-index.h | 1 +
xen/include/asm-x86/p2m.h | 61 ++++-
xen/include/public/hvm/hvm_op.h | 68 ++++++
xen/include/public/mem_event.h | 9 +
27 files changed, 1513 insertions(+), 24 deletions(-)
create mode 100644 xen/arch/x86/hvm/altp2mhvm.c
create mode 100644 xen/arch/x86/mm/hap/altp2m_hap.c
create mode 100644 xen/include/asm-x86/hvm/altp2mhvm.h
--
1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |