From patchwork Thu Dec 19 15:47:54 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?b?0JrQvtCy0LDQu9GR0LIg0KHQtdGA0LPQtdC5?=
 <valor@list.ru>
X-Patchwork-Id: 11303875
Return-Path: <SRS0=c1+a=2J=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 79244921
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Thu, 19 Dec 2019 15:49:49 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 552CF206EC
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Thu, 19 Dec 2019 15:49:47 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=list.ru header.i=@list.ru header.b="pC5/ThEf"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 552CF206EC
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=reject dis=none) header.from=list.ru
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1ihy1x-0004Q3-Bq; Thu, 19 Dec 2019 15:48:01 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89)
 (envelope-from <SRS0=Ydfl=2J=list.ru=valor@srs-us1.protection.inumbo.net>)
 id 1ihy1v-0004Py-VZ
 for xen-devel@lists.xenproject.org; Thu, 19 Dec 2019 15:48:00 +0000
X-Inumbo-ID: ed27e9d8-2276-11ea-91fd-12813bfff9fa
Received: from smtp55.i.mail.ru (unknown [217.69.128.35])
 by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id ed27e9d8-2276-11ea-91fd-12813bfff9fa;
 Thu, 19 Dec 2019 15:47:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=list.ru;
 s=mail;
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:Cc:To;
 bh=LEJ6Yv0YD3Iqj8BJvyDk+gHguLV2ux7r7yMIDGFE080=;
 b=pC5/ThEfxKxjpH55uEnvPkss3q+KPGRCFJreoqImiK4J0Uq2zQBPLus8NjPIZpnwXhIt+Ld2SFcIiFNyo1h5BOhMPLtH9QZQlcQr1aN/SQTD8R1YOhRxkavTmD0U3P4l16qVqQzQ5KzCT4gHGHvPFdIzwfGZcDMkwDc/olvHtjg=;
Received: by smtp55.i.mail.ru with esmtpa (envelope-from <valor@list.ru>)
 id 1ihy1s-0006QK-Dh; Thu, 19 Dec 2019 18:47:57 +0300
To: xen-devel@lists.xenproject.org
From: Sergey Kovalev <valor@list.ru>
Message-ID: <771dc0cf-3289-0bc4-4938-07144245f2f2@list.ru>
Date: Thu, 19 Dec 2019 18:47:54 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.0
MIME-Version: 1.0
Content-Language: en-US
Authentication-Results: smtp55.i.mail.ru; auth=pass smtp.auth=valor@list.ru
 smtp.mailfrom=valor@list.ru
X-7564579A: 646B95376F6C166E
X-77F55803: 
 0A44E481635329DB0E1AA8A03B3923177A2A728850F00CFA91EC4B9C220F2F520114B73C7D3696F7F688BCB05C26794DE9AF1B83FE4DB37D2178D4C0D76993276D473D7AE61C2697770E9E0BAA693364
X-7FA49CB5: 
 FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE78FD3E5C3A4BC9E35EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637E00859DD2B9ABE7B8638F802B75D45FF5571747095F342E8C7A0BC55FA0FE5FC3FB2482403EDC07A314C05762A9CD9CB820B5106DAB4114B389733CBF5DBD5E913377AFFFEAFD269A417C69337E82CC2CC7F00164DA146DAFE8445B8C89999725571747095F342E8C26CFBAC0749D213D2E47CDBA5A9658359CC434672EE6371117882F4460429728AD0CFFFB425014E40A5AABA2AD371193AA81AA40904B5D9A18204E546F3947C62B3BD3CC35DA5882D242C3BD2E3F4C64AD6D5ED66289B52E1A3F18E62937ED6A8C29749A63C2581725E5C173C3A84C3494F3C0D6DD222D9BA3038C0950A5D36B5C8C57E37DE458B5A02E28F51ECAD4422CA9DD8327EE4930A3850AC1BE2E735714DD8255FC90F3D1B432E298D3C040743847C11F186F3C5E7DDDDC251EA7DABCC89B49CDF41148F53FDB0A1CE3EC88B3B503F486389A921A5CC5B56E945C8DA
X-Mailru-Sender: 
 9422C5FC7C00AE6974C3817D9F8DFD6210BE437F53DE442C33B04C2AB75BDF006FA35EADE8FD784D625E4CECE70E6D50FB559BB5D741EB968B87F919F3BCAAF1715EC054F9A9AD9C0DA7A0AF5A3A8387
X-Mras: OK
Subject: [Xen-devel] [XEN PATCH v4] x86/vm_event: add short-circuit for
 breakpoints (aka "fast single step")
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: Petre Pircalabu <ppircalabu@bitdefender.com>,
 Tamas K Lengyel <tamas@tklengyel.com>, Wei Liu <wl@xen.org>,
 Andrew Cooper <andrew.cooper3@citrix.com>, Jan Beulich <jbeulich@suse.com>,
 Alexandru Isaila <aisaila@bitdefender.com>,
 =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

When using DRAKVUF (or another system using altp2m with shadow pages similar
to what is described in
https://xenproject.org/2016/04/13/stealthy-monitoring-with-xen-altp2m),
after a breakpoint is hit the system switches to the default
unrestricted altp2m view with singlestep enabled. When the singlestep
traps to Xen another vm_event is sent to the monitor agent, which then
normally disables singlestepping and switches the altp2m view back to
the restricted view.

This patch short-circuiting that last part so that it doesn't need to send the
vm_event out for the singlestep event and should switch back to the restricted
view in Xen automatically.

This optimization gains about 35% speed-up.

Was tested on Debian branch of Xen 4.12. See at:
https://github.com/skvl/xen/tree/debian/knorrie/4.12/fast-singlestep

Rebased on master:
https://github.com/skvl/xen/tree/fast-singlestep

Signed-off-by: Sergey Kovalev <valor@list.ru>
Acked-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
v1 Basic implementation
v2 Fix coding style issues and commit message
v3 Add check for P2M index
v4 Simplify code
---
 xen/arch/x86/hvm/hvm.c         | 15 +++++++++++++++
 xen/arch/x86/hvm/monitor.c     |  9 +++++++++
 xen/arch/x86/vm_event.c        |  8 ++++++--
 xen/include/asm-x86/hvm/hvm.h  |  1 +
 xen/include/asm-x86/hvm/vcpu.h |  4 ++++
 xen/include/public/vm_event.h  | 14 ++++++++++++++
 6 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 47573f71b8..cb3aa06fd2 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -5126,6 +5126,21 @@ void hvm_toggle_singlestep(struct vcpu *v)
     v->arch.hvm.single_step = !v->arch.hvm.single_step;
 }

+void hvm_fast_singlestep(struct vcpu *v, uint16_t p2midx)
+{
+    ASSERT(atomic_read(&v->pause_count));
+
+    if ( !hvm_is_singlestep_supported() )
+        return;
+
+    if ( p2midx >= MAX_ALTP2M )
+        return;
+
+    v->arch.hvm.single_step = true;
+    v->arch.hvm.fast_single_step.enabled = true;
+    v->arch.hvm.fast_single_step.p2midx = p2midx;
+}
+
 /*
  * Segment caches in VMCB/VMCS are inconsistent about which bits are checked,
  * important, and preserved across vmentry/exit.  Cook the values to make them
diff --git a/xen/arch/x86/hvm/monitor.c b/xen/arch/x86/hvm/monitor.c
index 1f23fe25e8..85996a3edd 100644
--- a/xen/arch/x86/hvm/monitor.c
+++ b/xen/arch/x86/hvm/monitor.c
@@ -28,6 +28,7 @@
 #include <asm/hvm/monitor.h>
 #include <asm/altp2m.h>
 #include <asm/monitor.h>
+#include <asm/p2m.h>
 #include <asm/paging.h>
 #include <asm/vm_event.h>
 #include <public/vm_event.h>
@@ -159,6 +160,14 @@ int hvm_monitor_debug(unsigned long rip, enum hvm_monitor_debug_type type,
     case HVM_MONITOR_SINGLESTEP_BREAKPOINT:
         if ( !ad->monitor.singlestep_enabled )
             return 0;
+        if ( curr->arch.hvm.fast_single_step.enabled )
+        {
+            p2m_altp2m_check(curr, curr->arch.hvm.fast_single_step.p2midx);
+            curr->arch.hvm.single_step = false;
+            curr->arch.hvm.fast_single_step.enabled = false;
+            curr->arch.hvm.fast_single_step.p2midx = 0;
+            return 0;
+        }
         req.reason = VM_EVENT_REASON_SINGLESTEP;
         req.u.singlestep.gfn = gfn_of_rip(rip);
         sync = true;
diff --git a/xen/arch/x86/vm_event.c b/xen/arch/x86/vm_event.c
index 52c2a71fa0..848d69c1b0 100644
--- a/xen/arch/x86/vm_event.c
+++ b/xen/arch/x86/vm_event.c
@@ -61,7 +61,8 @@ void vm_event_cleanup_domain(struct domain *d)
 void vm_event_toggle_singlestep(struct domain *d, struct vcpu *v,
                                 vm_event_response_t *rsp)
 {
-    if ( !(rsp->flags & VM_EVENT_FLAG_TOGGLE_SINGLESTEP) )
+    if ( !(rsp->flags & (VM_EVENT_FLAG_TOGGLE_SINGLESTEP |
+                         VM_EVENT_FLAG_FAST_SINGLESTEP)) )
         return;

     if ( !is_hvm_domain(d) )
@@ -69,7 +70,10 @@ void vm_event_toggle_singlestep(struct domain *d, struct vcpu *v,

     ASSERT(atomic_read(&v->vm_event_pause_count));

-    hvm_toggle_singlestep(v);
+    if ( rsp->flags & VM_EVENT_FLAG_TOGGLE_SINGLESTEP )
+        hvm_toggle_singlestep(v);
+    else
+        hvm_fast_singlestep(v, rsp->u.fast_singlestep.p2midx);
 }

 void vm_event_register_write_resume(struct vcpu *v, vm_event_response_t *rsp)
diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h
index 1d7b66f927..09793c12e9 100644
--- a/xen/include/asm-x86/hvm/hvm.h
+++ b/xen/include/asm-x86/hvm/hvm.h
@@ -323,6 +323,7 @@ int hvm_debug_op(struct vcpu *v, int32_t op);

 /* Caller should pause vcpu before calling this function */
 void hvm_toggle_singlestep(struct vcpu *v);
+void hvm_fast_singlestep(struct vcpu *v, uint16_t p2midx);

 int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla,
                               struct npfec npfec);
diff --git a/xen/include/asm-x86/hvm/vcpu.h b/xen/include/asm-x86/hvm/vcpu.h
index 38f5c2bb9b..8b84941111 100644
--- a/xen/include/asm-x86/hvm/vcpu.h
+++ b/xen/include/asm-x86/hvm/vcpu.h
@@ -172,6 +172,10 @@ struct hvm_vcpu {
     bool                flag_dr_dirty;
     bool                debug_state_latch;
     bool                single_step;
+    struct {
+        bool     enabled;
+        uint16_t p2midx;
+    } fast_single_step;

     struct hvm_vcpu_asid n1asid;

diff --git a/xen/include/public/vm_event.h b/xen/include/public/vm_event.h
index aa54c86325..0ffec27d62 100644
--- a/xen/include/public/vm_event.h
+++ b/xen/include/public/vm_event.h
@@ -110,6 +110,15 @@
  * interrupt pending after resuming the VCPU.
  */
 #define VM_EVENT_FLAG_GET_NEXT_INTERRUPT (1 << 10)
+/*
+ * Execute fast singlestepping on vm_event response.
+ * Requires the vCPU to be paused already (synchronous events only).
+ *
+ * On a response requires setting the  p2midx field of fast_singlestep to which
+ * Xen will switch the vCPU to on the occurance of the first singlestep, after
+ * which singlestep gets automatically disabled.
+ */
+#define VM_EVENT_FLAG_FAST_SINGLESTEP    (1 << 11)

 /*
  * Reasons for the vm event request
@@ -276,6 +285,10 @@ struct vm_event_singlestep {
     uint64_t gfn;
 };

+struct vm_event_fast_singlestep {
+    uint16_t p2midx;
+};
+
 struct vm_event_debug {
     uint64_t gfn;
     uint32_t insn_length;
@@ -363,6 +376,7 @@ typedef struct vm_event_st {
         struct vm_event_mov_to_msr            mov_to_msr;
         struct vm_event_desc_access           desc_access;
         struct vm_event_singlestep            singlestep;
+        struct vm_event_fast_singlestep       fast_singlestep;
         struct vm_event_debug                 software_breakpoint;
         struct vm_event_debug                 debug_exception;
         struct vm_event_cpuid                 cpuid;