This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] stale TLB contents?

To: Juergen Gross <juergen.gross@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] stale TLB contents?
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Mon, 24 Jan 2011 13:13:40 +0000
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 24 Jan 2011 05:14:31 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4D3D780A.4030001@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4D3D780A.4030001@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)
At 13:00 +0000 on 24 Jan (1295874058), Juergen Gross wrote:
> Hi,
> in our BS2000 guest running as HVM with EPT on x86_64 I have a problem which
> seems to be related to stale TLB entries. I'm pretty sure I have invalidated
> the TLB correctly after a change of the page tables, so I've searched for
> possible problems in the hypervisor.
> Xen is version 4.0 from SLES 11 SP1.
> If I have read the sources correctly, neither INVLPG nor reload of CR3 are
> handled by the hypervisor. And I didn't find an explicit clearing of the TLB
> when a vcpu is switching physical cpus. So I think the following scenario is
> possible:
> - a vcpu is running on physical cpu A creating a TLB entry
> - the vcpu is scheduled on physical cpu B, while physical cpu A is left idle
> - on physical cpu B the TLB entry is cleared by INVLPG or load CR3
> - the vcpu is scheduled on physical cpu A again (no other vcpu was active
>    there in between), CR3 is same as when vcpu left cpu A
> - the old TLB entry from the vcpu is still valid there!
> Do I miss something?

vmx_do_resume() calls hvm_asid_flush_vcpu() if the VCPU is migrating
onto this CPU, so the VCPU should get a fresh ASID when it comes back to
CPU A.  Processors with no ASID support flush their TLBs on every
VMENTER and VMEXIT, so I don't see where we could leak TLB entries.

If there is a leak it should be fairly easy to repro with a toy kernel
and an idle host.



Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>