Xen project Mailing List

Re: [PATCH 2/2] x86: Add Support for Paging-Write Feature

From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

Date: Thu, 19 Dec 2024 20:07:31 -0500

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=tklengyel.com; spf=pass smtp.mailfrom=tamas@xxxxxxxxxxxxx; dmarc=pass header.from=<tamas@xxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1734656890; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=mpYogTiX0TPPOuB1caBYMoaxkBiu2LrwlS8Vkn57nrs=; b=GC5nCSuKrhzkpq7e+PSwyaN2r6E19AUPuSX043h5tJkfeXb+Z2KGfHTNLVLqGGmVP2HB8SpxgJ5BWq/K9N6vvC6KRKnxLqg7TvxJ4t/+EWzBkm/Yr7LB2Qy45kUPfbg67jAvrjeGWQ+vmDqe/26ntbNc6R3mfTwitm5TY4yy6JA=

Arc-seal: i=1; a=rsa-sha256; t=1734656890; cv=none; d=zohomail.com; s=zohoarc; b=nUMoqtNrkLiY2fr723A/5ix9WqZLEEUT6yoqsGFdoR5RPMDCuB4rVEC6OAlBoHCPRyMIOw24wBbRMeQjVnxc58GrNV7dG8Djwlhy5DFGxU7AZwujMA3Psd24vfQXvJG4fJHcHrxY/C/eMzP53TqAaq85MAE1dKjwwCPO8fbRPi0=

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Fri, 20 Dec 2024 01:08:34 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Dec 19, 2024 at 1:17 PM Petr Beneš <w1benny@xxxxxxxxx> wrote: > > From: Petr Beneš <w1benny@xxxxxxxxx> > > This patch introduces a new XENMEM_access_r_pw permission. Functionally, it > is similar to XENMEM_access_r, but for processors with > TERTIARY_EXEC_EPT_PAGING_WRITE support (Intel 12th Gen/Alder Lake and later), > it also permits the CPU to write to the page during guest page-table walks > (e.g., updating A/D bits) without triggering an EPT violation. > > This behavior works by both enabling the EPT paging-write feature and setting > the EPT paging-write flag in the EPT leaf entry. > > This feature provides a significant performance boost for introspection tools > that monitor guest page-table updates. Previously, every page-table > modification by the guest—including routine updates like setting A/D > bits—triggered an EPT violation, adding unnecessary overhead. The new > XENMEM_access_r_pw permission allows these "uninteresting" updates to occur > without EPT violations, improving efficiency. > > Additionally, this feature simplifies the handling of race conditions in > scenarios where an introspection tool: > > - Sets an "invisible breakpoint" in the altp2m view for a function F > - Monitors guest page-table updates to track whether the page containing F is > paged out > - Encounters a cleared Access (A) bit on the page containing F while the > guest is about to execute the breakpoint > > In the current implementation: > > - If xc_monitor_inguest_pagefault() is enabled, the introspection tool must > emulate both the breakpoint and the setting of the Access bit. > - If xc_monitor_inguest_pagefault() is disabled, Xen handles the EPT > violation without notifying the introspection tool, setting the Access bit > and emulating the instruction. However, Xen fetches the instruction from the > default view instead of the altp2m view, potentially causing the breakpoint > to be missed. I'm glad to see this mystery resolved! \o/ > diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c > index 21728397f9..5ad78ae4b5 100644 > --- a/xen/arch/x86/mm/p2m-ept.c > +++ b/xen/arch/x86/mm/p2m-ept.c > @@ -176,6 +176,10 @@ static void ept_p2m_type_to_flags(const struct > p2m_domain *p2m, > break; > case p2m_access_rwx: > break; > + case p2m_access_r_pw: > + entry->w = entry->x = 0; > + entry->pw = !!cpu_has_vmx_ept_paging_write; I don't see ept_entry_t having a pw field. What's the deal there? Tamas

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.