Re: [PATCH] x86/monitor: add option to disable Xen's pagetable walking on events

On Mon, Jan 4, 2021 at 8:04 AM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> On 03/01/2021 19:01, Tamas K Lengyel wrote:
> > Add option to the monitor interface to disable walking of the guest 
> > pagetable
> > on certain events. This is a performance optimization for tools that never
> > require that information or prefer to do it themselves. For example LibVMI
> > maintains a virtual TLB which is faster to lookup then what Xen does here.
> There is no plausible way that a remote agent can do this (correctly)
> faster than Xen can.  Even if you foreign map the entire VM up front,
> and track every PTE write (to maintain the vTLB properly), the best you
> can achieve is the same speed as Xen, but that would also require
> intercepting the TLB management instructions which isn't available in
> the monitor API.

When the value is in the vTLB, especially for nested addresses, it is
faster. To maintain the vTLB properly is a hurdle but that's a
separate issue and may not be relevant to all use-cases. Can also be
done by the way without having to track every PTE write simply by
trapping on the OS functions known for updating/moving the pagetable.

> Also, there is an important side effect of setting A/D bits which libVMI
> doesn't handle, but is relevant for gla-not-valid faults.

Care to elaborate?

> I accept that "not doing things the agent doesn't care about" is a valid
> reason, but this isn't the only place where a pagewalk occurs, and some
> cases require pagewalks before we can even generate the event (e.g. LMSW
> on AMD for CR0 monitoring).
> As such, I don't think "disable pagewalks" is something we can actually
> do.  Wouldn't it be better to call this "auto translate rip to gfn" or
> similar, seeing as it is ancillary information?

I don't much care about what it's called, but




