WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH][SVM] CPL initialization fix

To: "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][SVM] CPL initialization fix
From: "Robert Phillips" <rsp.vi.xen@xxxxxxxxx>
Date: Mon, 10 Mar 2008 16:01:55 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ben Guthro <bguthro@xxxxxxxxxxxxxxx>
Delivery-date: Mon, 10 Mar 2008 13:02:21 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=dND3uyZV0rmt9pJG3ePSSYN/Kn/fHwq8ZwqI3u8faSE=; b=Zxl6QdJ8lXvgbQlcEiMdQs1BoOaMnuetJzB/k7UBAcQW/0WRNjSg1SG4Fp3GWlggQY/b8d5eUjyXlm8Px0pO5DaJ/ZA3MKs0UTLr+plrjvJnmdlOP5O7UzuK2slg6FCJmpD9+jJtUNJD9rH7EFJMQH1dgcVeIYdzoDdpk3UYpOg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Ex+kcUIGzufzXzRlFCK9P+QCTLQBbWdax00yGoZ+xyAFFlsoehzA4eo5gPjXeDeXdCL/jPlm+9tTyVggBydPRebwNn8NBK7+VNtTFKLQLnevYBKHrGro+0vzrWdNnsrcovDFilL4yYOD6KOS4lKz5lEYVCHt97mjqAep2HdjL9U=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C3FB3BDF.1DC3E%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C3FB3A02.1DC1F%keir.fraser@xxxxxxxxxxxxx> <C3FB3BDF.1DC3E%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Neither of the sections that you quote specify that it is correct to set the CPL from the SS DPL.  They say (a) the SS DPL is set from the CPL and (b) the SS DPL is (always mysteriously) equal to the CPL

I found the AMD (and Intel) manuals to be inconsistent.

AMD's manual, Vol.2:
4.9.2 Privilege-Level Types
Current Privilege-Level. The current privilege-level (CPL) is the privilege level at which the processor is currently executing. The CPL is stored in an internal processor register that is invisible to software. Software changes the CPL by performing a control transfer to a different code segment with a new privilege level.

So the processor switches CPL by changing code segments, and the CPL is taken from the code segment's DPL.

And what, one might ask, if the stack segment and code segment have different DPLs?  The AMD manual doesn't say.  It simply asserts that they will be equal.

In our experience this is not true.

When we perform a live migrate from a HVM VS without PV drivers [what Ben Guthro referred to as a QEMU-only virtual server], we simply pause the guest in whatever state we find it.  We found that when the guest happened to be in user-mode code (CPL == 3), the migrate failed because, on the receiving node, the CPL would be restored to 0.  The zero came from SS.DPL.  However the value in CS.DPL was 3.
SS.DPL was not equal to CS.DPL.
When we changed the code (per this patch), the CPL would be restored from CS.DPL.  That value was correct in all cases.

-- rsp


On 3/10/08, Keir Fraser <keir.fraser@xxxxxxxxxxxxx> wrote:
For reference, from AMD's manual, Vol.2:
"The processor reads the current privilege level from the CPL field in the
VMCB, not from SS.DPL. However, SS.DPL should match the CPL field."

And from Intel's manual, Vol.3B:
"Note that the value of the DPL field for SS is always equal to the logical
processor¹s current privilege level (CPL)."


  -- Keir


On 10/3/08 19:18, "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx> wrote:

> CPL is architecturally SS.DPL in almost all cases. It's certainly not
> CS.DPL. What do you mean by 'migrate a QEMU guest'?
>
>  -- Keir
>
> On 10/3/08 19:14, "Ben Guthro" <bguthro@xxxxxxxxxxxxxxx> wrote:
>
>> CPL should be determined by code segment's DPL, not data segment's.
>>
>> This solves a problem migrating a QEMU guest without PV-on-HVM drivers
>>
>> Signed-off-by: Robert Plillips <rphillips@xxxxxxxxxxxxxxx>
>> Signed-off-by: Ben Guthro <bguthro@xxxxxxxxxxxxxxxx>
>> diff -r f76f151a7431 xen/arch/x86/hvm/svm/svm.c
>> --- a/xen/arch/x86/hvm/svm/svm.c
>> +++ b/xen/arch/x86/hvm/svm/svm.c
>> @@ -557,7 +557,7 @@ static void svm_set_segment_register(str
>>          break;
>>      case x86_seg_ss:
>>          memcpy(&vmcb->ss, reg, sizeof(*reg));
>> -        vmcb->cpl = vmcb->ss.attr.fields.dpl;
>> +        vmcb->cpl = vmcb->cs.attr.fields.dpl;
>>          break;
>>      case x86_seg_tr:
>>          memcpy(&vmcb->tr, reg, sizeof(*reg));
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel



--
--------------------------------------------------------------------
Robert S. Phillips                          Virtual Iron Software
rphillips@xxxxxxxxxxxxxxx                Tower 1, Floor 2
978-849-1220                                 900 Chelmsford Street
                                                    Lowell, MA 01851
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel