Re: [Xen-devel] Re: [PATCH 3/5] x86/pvclock: add vsyscall implementation

From: Avi Kivity
Date: Wed Oct 07 2009 - 17:40:04 EST

Next message: Steven Rostedt: "Re: Linux 2.6.32-rc3"
Previous message: Alan Stern: "Re: [PATCH 4/5] usb_serial: Kill port mutex"
In reply to: Jeremy Fitzhardinge: "Re: [Xen-devel] Re: [PATCH 3/5] x86/pvclock: add vsyscall implementation"
Next in thread: Jeremy Fitzhardinge: "Re: [Xen-devel] Re: [PATCH 3/5] x86/pvclock: add vsyscall implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/07/2009 11:19 PM, Jeremy Fitzhardinge wrote:

When do you copy?

I'd rather have a single copy for guest and host.

When Xen updates the parameters normally. The interface never really
needed to share the memory between hypervisor and guest, and I think
avoiding it is a bit more robust.

But for KVM, you already use the MSR to place the pvclock_vcpu_time_info
structure, so you could just place it in the page and use the same
memory for kernel and usermode.

Yes.

If the hypervisor does a pvclock->version = somethingelse->version++
then the guest may get confused. But I understand you have a
guest-private ->version?

The guest should never get confused by the version being changed by the
hypervisor. It's already part of the ABI. Or did you mean something else?

If the guest does a RMW on the version, but the host does not (copying it from somewhere else), then the guest RMW can be lost.

Looking at the code, that's what kvm does:

vcpu->hv_clock.version += 2;

shared_kaddr = kmap_atomic(vcpu->time_page, KM_USER0);

memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock,
sizeof(vcpu->hv_clock));

so a guest-side ++version can be lost.

I'm not sure what you mean by "guest-private version"; the versions are
always guest-private: te version is part of the pvclock structure,
which is per-vcpu, which is private to each guest. The guest nevern
maintains a separate long-term copy of the structure, only a transient
snapshot while computing time from the tsc (that's the current pvclock.c
code).

Same for kvm. I'm not worried about cross-guest corruption, just the guest and host working together to confuse the guest.

No need to read them atomically.

cpu1 = vgetcpu()
hver1 = pvclock[cpu1].hver
kver1 = pvclock[cpu1].kver
tsc = rdtsc
/* multipication magic with pvclock[cpu1]*/
cpu2 = vgetcpu()
hver2 = pvclock[cpu2].hver
kver2 = pvclock[cpu2].kver
valid = cpu1 == cpu2&& hver1 == hver2&& kver1 == kver2

I don't think that's necessary, but I can certainly live with it if it
makes you happier.

I think the version issue requires it.

--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Rostedt: "Re: Linux 2.6.32-rc3"
Previous message: Alan Stern: "Re: [PATCH 4/5] usb_serial: Kill port mutex"
In reply to: Jeremy Fitzhardinge: "Re: [Xen-devel] Re: [PATCH 3/5] x86/pvclock: add vsyscall implementation"
Next in thread: Jeremy Fitzhardinge: "Re: [Xen-devel] Re: [PATCH 3/5] x86/pvclock: add vsyscall implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]