Xen devel - Dec 2007 - Question about alignment check in sh_x86_emulate_write

In in sh_x86_emulate_write:
	if ( vaddr & (bytes-1) )
		return X86EMUL_UNHANDLE;
I met a problem the vaddr is not aligned on word or dword, but have to
emulate it. 
I am wordering about the reason for this check. Is it safe to get rid of
it?

Best Regards,
Disheng, Su

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 20:38 +0800 on 04 Dec (1196800681), Su, Disheng
wrote:
> In in sh_x86_emulate_write:
> 	if ( vaddr & (bytes-1) )
> 		return X86EMUL_UNHANDLE;
> I met a problem the vaddr is not aligned on word or dword, but have to
> emulate it. 
Have you got an OS that does unaligned writes to its pagetables?
Exciting!  What is it doing?
> I am wordering about the reason for this check. Is it safe to get rid of
> it?
Not really.  Among other things, self-aligned writes never cross page
boundaries.

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Citrix Systems.
[Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Tim Deegan wrote:
> At 20:38 +0800 on 04 Dec (1196800681), Su, Disheng wrote:
>> In in sh_x86_emulate_write:
>> 	if ( vaddr & (bytes-1) )
>> 		return X86EMUL_UNHANDLE;
>> I met a problem the vaddr is not aligned on word or dword, but have
>> to emulate it.
> 
> Have you got an OS that does unaligned writes to its pagetables?
> Exciting!  What is it doing?
> 
It does not write to pagetable. I am doing CR0.wp emulation(don''t let
guest turn off CR0.wp, but emulate the trapped instructions in shadow).
Some applications like Anti-virus tools will turn off CR0.wp to change
guest IDT etc.
>> I am wordering about the reason for this check. Is it safe to get
>> rid of it?
> 
> Not really.  Among other things, self-aligned writes never cross page
> boundaries.
> 
Is it Ok to add the checking for cross page boundaries
instead?
> Tim.


Best Regards,
Disheng, Su

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Wow... I had a mail in my drafts folder about exactly this. To answer the
question if any OS''s are affectedm, the answer is yes -  OS/2 in newer
versions than Warp 4  Fix Pack 12 gets stuck on this check. I''ve tested
other guests with this check removed without any apparent ill effects, and
was about to send a patch/RFC about removing it. It looks like 64 bit linux
is the only guest that ever triggers the check, but like I said, I''ve
seen
no ill effect from removing the check even there.

On Dec 4, 2007 1:43 PM, Tim Deegan < Tim.Deegan@citrix.com> wrote:
> At 20:38 +0800 on 04 Dec (1196800681), Su, Disheng wrote:
> > In in sh_x86_emulate_write:
> >       if ( vaddr & (bytes-1) )
> >               return X86EMUL_UNHANDLE;
> > I met a problem the vaddr is not aligned on word or dword, but have to
> > emulate it.
>
> Have you got an OS that does unaligned writes to its pagetables?
> Exciting!  What is it doing?
>
> > I am wordering about the reason for this check. Is it safe to get rid
of
> > it?
>
> Not really.  Among other things, self-aligned writes never cross page
> boundaries.
>
> Tim.
>
> --
> Tim Deegan <Tim.Deegan@citrix.com >
> Principal Software Engineer, Citrix Systems.
> [Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 21:03 +0800 on 04 Dec (1196802182), Su, Disheng
wrote:
> It does not write to pagetable. I am doing CR0.wp emulation(don''t
let
> guest turn off CR0.wp, but emulate the trapped instructions in shadow).
> Some applications like Anti-virus tools will turn off CR0.wp to change
> guest IDT etc.
Oh, I see.
> >> I am wordering about the reason for this check. Is it safe to get
> >> rid of it?
> > 
> > Not really.  Among other things, self-aligned writes never cross page
> > boundaries.
> > 
> Is it Ok to add the checking for cross page boundaries instead?
Yes, but you''ll probably find you need page-crossing support as well if
you''re emulating arbitrary memory writes.  I believe we have a patch
somewhere that does that; I''ll dig it out and polish it up for
-unstable.

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Citrix Systems.
[Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

To expand on my hastily posted comment before - OS/2 does get snagged on the
check because of unaligned page table writes.

On Dec 4, 2007 2:33 PM, Tim Deegan <Tim.Deegan@citrix.com> wrote:
> At 21:03 +0800 on 04 Dec (1196802182), Su, Disheng wrote:
> > It does not write to pagetable. I am doing CR0.wp
emulation(don''t let
> > guest turn off CR0.wp, but emulate the trapped instructions in
shadow).
> > Some applications like Anti-virus tools will turn off CR0.wp to change
> > guest IDT etc.
>
> Oh, I see.
>
> > >> I am wordering about the reason for this check. Is it safe to
get
> > >> rid of it?
> > >
> > > Not really.  Among other things, self-aligned writes never cross
page
> > > boundaries.
> > >
> > Is it Ok to add the checking for cross page boundaries instead?
>
> Yes, but you''ll probably find you need page-crossing support as
well if
> you''re emulating arbitrary memory writes.  I believe we have a
patch
> somewhere that does that; I''ll dig it out and polish it up for
-unstable.
>
> Cheers,
>
> Tim.
>
> --
> Tim Deegan <Tim.Deegan@citrix.com>
> Principal Software Engineer, Citrix Systems.
> [Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 14:52 +0100 on 04 Dec (1196779961), Trolle Selander
wrote:
> To expand on my hastily posted comment before - OS/2 does get snagged on
the
> check because of unaligned page table writes.
Well, I guess there''s always one. :)  Do you know what high-level
operation it''s performing when it uses the unaligned write, BTW?

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Citrix Systems.
[Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Sadly, no. I can only guess what the OS/2 kernel is trying to do from the
VMEXITs I see and disassembly of the relevant code - i have no source access
or "inside knowledge". I could dig out disassembly of the code
surrounding
the mov instruction that actually does the write, if you''re interested.
I
have it somewhere, but I didn''t dig any deeper into this on the OS/2
side
after I found I could get past it by removing the alignment check.

On Dec 4, 2007 3:04 PM, Tim Deegan < Tim.Deegan@citrix.com> wrote:
> At 14:52 +0100 on 04 Dec (1196779961), Trolle Selander wrote:
> > To expand on my hastily posted comment before - OS/2 does get snagged
on
> the
> > check because of unaligned page table writes.
>
> Well, I guess there''s always one. :)  Do you know what high-level
> operation it''s performing when it uses the unaligned write, BTW?
>
> Cheers,
>
> Tim.
>
> --
> Tim Deegan <Tim.Deegan@citrix.com >
> Principal Software Engineer, Citrix Systems.
> [Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi, 

At 13:33 +0000 on 04 Dec (1196775199), Tim Deegan wrote:
> Yes, but you''ll probably find you need page-crossing support as
well if
> you''re emulating arbitrary memory writes.  I believe we have a
patch
> somewhere that does that; I''ll dig it out and polish it up for
-unstable.
Attached.  I took the opportunity to tidy up a bit and move more shared
code out of the write/cmpxchg/cmpxchg8b callbacks into helpers.  This is
smoke-tested but I don''t have a test case for your
virus-scanner''s
behaviour.  Can you check that (a) it seems sane for what you want, and
(b) it actually does something useful?

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Citrix Systems.
[Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

This fixes the issue for the OS/2 case, at least.

On Dec 6, 2007 3:27 PM, Tim Deegan <Tim.Deegan@citrix.com> wrote:
> Hi,
>
> At 13:33 +0000 on 04 Dec (1196775199), Tim Deegan wrote:
> > Yes, but you''ll probably find you need page-crossing support
as well if
> > you''re emulating arbitrary memory writes.  I believe we have
a patch
> > somewhere that does that; I''ll dig it out and polish it up
for
> -unstable.
>
> Attached.  I took the opportunity to tidy up a bit and move more shared
> code out of the write/cmpxchg/cmpxchg8b callbacks into helpers.  This is
> smoke-tested but I don''t have a test case for your
virus-scanner''s
> behaviour.  Can you check that (a) it seems sane for what you want, and
> (b) it actually does something useful?
>
> Cheers,
>
> Tim.
>
> --
> Tim Deegan <Tim.Deegan@citrix.com>
> Principal Software Engineer, Citrix Systems.
> [Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Tim Deegan wrote:
> Hi,
> 
> At 13:33 +0000 on 04 Dec (1196775199), Tim Deegan wrote:
>> Yes, but you''ll probably find you need page-crossing support
as well
>> if you''re emulating arbitrary memory writes.  I believe we
have a
>> patch somewhere that does that; I''ll dig it out and polish it
up for
>> -unstable. 
> 
> Attached.  I took the opportunity to tidy up a bit and move more
> shared code out of the write/cmpxchg/cmpxchg8b callbacks into
> helpers.  This is smoke-tested but I don''t have a test case for
your
> virus-scanner''s behaviour.  Can you check that (a) it seems sane
for
> what you want, and (b) it actually does something useful?
> 
> Cheers,
> 
> Tim.
Sorry for the late(missing your email...) 
There is a minor bug in your patch:
"sh_ctxt->force_write_access == !!(is_hvm_vcpu(v) &&
!hvm_wp_enabled(v));"
With the fix, it solves the virus-scanner''s problem:)


Best Regards,
Disheng, Su

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Tim Deegan wrote:
> Hi,
> 
> At 13:33 +0000 on 04 Dec (1196775199), Tim Deegan wrote:
>> Yes, but you''ll probably find you need page-crossing support
as well
>> if you''re emulating arbitrary memory writes.  I believe we
have a
>> patch somewhere that does that; I''ll dig it out and polish it
up for
>> -unstable. 
> 
> Attached.  I took the opportunity to tidy up a bit and move more
> shared code out of the write/cmpxchg/cmpxchg8b callbacks into
> helpers.  This is smoke-tested but I don''t have a test case for
your
> virus-scanner''s behaviour.  Can you check that (a) it seems sane
for
> what you want, and (b) it actually does something useful?
> 
> Cheers,
> 
> Tim.
Another question is can we check CR0.wp in mandatory_flags? Attached is 
My initial patch to emulate CR0.wp. Could you please have a look at it?

Best Regards,
Disheng, Su


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi, 

At 11:06 +0800 on 11 Dec (1197371200), Su, Disheng
wrote:
> There is a minor bug in your patch:
> "sh_ctxt->force_write_access == !!(is_hvm_vcpu(v) &&
!hvm_wp_enabled(v));"
Oops. :|  I''m surprised gcc let me away wth that, actually.
> With the fix, it solves the virus-scanner''s problem:)
Unfortunately, there''s a more subtle bug in there too (or possibly in
some earlier change that''s gone unnoticed) that''s sending
Windows XP
occasionally to its doom with a pagefault when the IRQL is too high.
I''m glad to hear that it solves the intended problems, though. :)

I''ll fold in your idea of adjusting mandatory_flags instead of
special-casing the failure.

Thanks,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Citrix Systems.
[Company #5334508: XenSource UK Ltd, reg''d c/o EC2Y 5EB, UK.]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel