[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 4/7] x86/hvm: Adjust hvm_nx_enabled() to match how Xen behaves
>>> On 27.02.17 at 15:03, <andrew.cooper3@xxxxxxxxxx> wrote: > On Intel hardware, EFER is not fully switched between host and guest > contexts. > In practice, this means that Xen's EFER.NX setting leaks into guest context, > and influences the behaviour of the hardware pagewalker. > > When servicing a pagefault, Xen's model of guests behaviour should match > hardware's behaviour, to allow correct interpretation of the pagefault error > code, and to avoid creating observable difference in behaviour from the > guests > point of view. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> with one nit (see below). > Fixing this isn't trivial. On more modern hardware, we can use EFER loading. > On older hardware, we can use general MSR loading if available. On > older-hardware-yet, we could reload EFER right before/after vmentry/vmexit. > However, doing so would require reloading EFER before any data accesses (as > the NX bit will cause #PF[RSVD]), and that is rather hard given the need to > preserve the GPRs. I think the primary goal should be to get this right on modern hardware. > --- a/xen/include/asm-x86/hvm/hvm.h > +++ b/xen/include/asm-x86/hvm/hvm.h > @@ -292,8 +292,10 @@ int hvm_girq_dest_2_vcpu_id(struct domain *d, uint8_t > dest, uint8_t dest_mode); > (hvm_paging_enabled(v) && ((v)->arch.hvm_vcpu.guest_cr[4] & > X86_CR4_SMEP)) > #define hvm_smap_enabled(v) \ > (hvm_paging_enabled(v) && ((v)->arch.hvm_vcpu.guest_cr[4] & > X86_CR4_SMAP)) > +/* HVM guests on Intel hardware leak Xen's NX settings into guest context. > */ > #define hvm_nx_enabled(v) \ > - (!!((v)->arch.hvm_vcpu.guest_efer & EFER_NX)) > + ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && cpu_has_nx) || \ > + !!((v)->arch.hvm_vcpu.guest_efer & EFER_NX)) The !! can now be dropped. When the change mentioned above is done we'll need to remember that this then also needs tweaking. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |