Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Xen: Research

[Xen-devel] Implementing split memory in Xen is annoyingly hard?

 

 

Xen research RSS feed   Index | Next | Previous | View Threaded


sbahram at nc

Dec 11, 2008, 11:47 PM

Post #1 of 4 (411 views)
Permalink
[Xen-devel] Implementing split memory in Xen is annoyingly hard?

Hi all,

This might end up being one of my last posts on this topic, as I think I've
determined that what I'd like to do with Xen is quite annoyingly hard for
now. If anyone could please either verify or poke some holes in what I'm
about to say, I'd very much appreciate that.

Let's assume shadow page tables are in use.

#1: Xen can mirror the guest's page table in its shadow page table because
it marks all the guest pages as read only; thus, when a page fault is
generated as a result of a write, it can allow the write to happen, while
quickly updating its own copy at the same time.

#2: Xen absolutely does not, (can not?), cause a fault or other VM exit to
be generated upon an execute or a read of a page.

#3: Since I wish to implement split memory, (Harvard Architecture), I have
to have the ability to intercept all of one of two different classes of
operations. Either I have to intercept all reads and writes, or I have to
intercept all executes.

#4: Since the best I can do is only intercept all writes, not all reads to
go along with that particular class of operation, I can't implement split
memory, (Harvard Architecture), in Xen.

One potential work around:

I could mark every single page of the guest's kernel as NX, and then when
that fault happens, I could then be privy to all executes from within Xen.

Is this an accurate understanding of the situation?

The following links are a subset of what I've been reading to arrive at this
conclusion:

1. https://wiki.cs.dartmouth.edu/nihal/doku.php/xen:memory
2. http://www.anandtech.com/weblog/showpost.aspx?i=467
3.
http://www.intel.com/technology/itj/2006/v10i3/3-xen/4-extending-with-intel-
vt.htm
4. http://forums.amd.com/devblog/blogpost.cfm?catid=317&threadid=104671
5. www.cc.gatech.edu/research/reports/GT-CS-08-09.pdf
6. www.usenix.org/publications/login/2007-02/pdfs/hand.pdf

Take care,
Sina


_______________________________________________
Xen-devel mailing list
Xen-devel [at] lists
http://lists.xensource.com/xen-devel


keir.fraser at eu

Dec 12, 2008, 2:19 AM

Post #2 of 4 (406 views)
Permalink
Re: [Xen-devel] Implementing split memory in Xen is annoyingly hard? [In reply to]

On 12/12/2008 06:47, "Sina Bahram" <sbahram [at] nc> wrote:

> #2: Xen absolutely does not, (can not?), cause a fault or other VM exit to
> be generated upon an execute or a read of a page.

It's not possible to make a page executable but not readable, so indeed I
think you're stumped there, unless you can work out a hackish way to
desynchronise the iTLB and the dTLB (an operation not supported
architecturally by x86 of course).

-- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel [at] lists
http://lists.xensource.com/xen-devel


sbahram at nc

Dec 12, 2008, 2:50 AM

Post #3 of 4 (401 views)
Permalink
RE: [Xen-devel] Implementing split memory in Xen is annoyingly hard? [In reply to]

I'm not trying to make the page executable but not readable, as long as I
can trap all reads, that's all.

I'll be implementing a split TLB which will handle the fact that all
executes get shunted to a "split page".

Another way of saying that is that if someone looks up a virtual address, it
gets translated to one physical address if it's for read/writes and to
another one for executes. Sure one can execute the page that is read/write
and someone could read/write to the page that is execute, but it will never
happen because I'd never translate it that way in my code.

Btw, this completely eliminates anything like lisp, javascript, or anything
else from running, as they run code they have written all the time, but
that's why I only plan on doing it for kernel pages which don't write things
that they then execute.

Hope that's more clear, and is this possible, do you think, or is my summary
in the original email accurate in that it can't be done easily in xen?

Take care,
Sina

-----Original Message-----
From: Keir Fraser [mailto:keir.fraser [at] eu]
Sent: Friday, December 12, 2008 4:20 AM
To: Sina Bahram; xen-devel [at] lists;
xen-research [at] lists
Subject: Re: [Xen-devel] Implementing split memory in Xen is annoyingly
hard?

On 12/12/2008 06:47, "Sina Bahram" <sbahram [at] nc> wrote:

> #2: Xen absolutely does not, (can not?), cause a fault or other VM exit to
> be generated upon an execute or a read of a page.

It's not possible to make a page executable but not readable, so indeed I
think you're stumped there, unless you can work out a hackish way to
desynchronise the iTLB and the dTLB (an operation not supported
architecturally by x86 of course).

-- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel [at] lists
http://lists.xensource.com/xen-devel


Tim.Deegan at citrix

Dec 12, 2008, 3:23 AM

Post #4 of 4 (402 views)
Permalink
Re: [Xen-devel] Implementing split memory in Xen is annoyingly hard? [In reply to]

At 01:47 -0500 on 12 Dec (1229046441), Sina Bahram wrote:
> #2: Xen absolutely does not, (can not?), cause a fault or other VM exit to
> be generated upon an execute or a read of a page.

Yes it can -- the thing you can't do is have a fault _only_ for reads
and not for executes as well.

> #3: Since I wish to implement split memory, (Harvard Architecture), I have
> to have the ability to intercept all of one of two different classes of
> operations. Either I have to intercept all reads and writes, or I have to
> intercept all executes.

Intercepting _all_ reads or _all_ executes in Xen would be so slow as to
be unuseable. You'd be much better off starting with qemu (both in
difficulty of writing the code and in speed of the finished product).

The scheme I outlined in my other email allows you to only need a fault
when the use of a page changes -- i.e. on the first write or the first
execute. Unfortunately it doesn't distinguish between reads and
executes, so unless Intel make a chip that supports execute-only EPT
mappings it won't be good enough to give you the Harvard-architecture
scheme you want. (They might -- maybe someone from Intel can comment).

Cheers,

Tim.

--
Tim Deegan <Tim.Deegan [at] citrix>
Principal Software Engineer, Citrix Systems (R&D) Ltd.
[Company #02300071, SL9 0DZ, UK.]

_______________________________________________
Xen-research mailing list
Xen-research [at] lists
http://lists.xensource.com/mailman/listinfo/xen-research

Xen research RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.