Ramon van Handel wrote:
> > One of the cool things about running Linux as a guest,
> > is that we can see what gains would be, by modifying and
> > recompiling things so that the GDT would be aligned in
> > it's own page, thus not incurring the exceptions for
> > accesses to adjoining data. If it really made that
> > much difference, I don't see why the diff couldn't
> > make it's way into future Linux versions.
>
> The order in which variables end up in the binary image
> is very subtle. If you turn around two files on the
> link commandline the effect might be quite different.
>
> Just imagine what would happen if all of the mutexes/
> semaphores ended up in the protected page !!! That'd
> incure a huge amount of trashing.
I know that you can force alignment on a power-of-2 boundary
with ".p2align ...". There must be an asm statement to
make sure nothing else goes in the rest of the page(s).
I'd be interested in knowing how to do this if anyone knows.
If so it would be beneficial to force the GDT & IDT into
pages with no other Linux kernel data since we at least
have to write-protect them. TSS segments should be the
same.
Another angle on all this. The only ring that will be
accessing the pages with the IDT, GDT, and adjoining data
is ring0. In ring0 we were talking in terms of virtualizing
the SGDT and SIDT registers, so we can feed them whatever
values we want. So our real GDT and IDT could be at
private linear addresses, and we could potentially
only write-protect the guest's pages which contain what
it thinks are the structures. That would take away
the read exceptions to those pages.
For ring3 we could use the method I was talking about as
the guest app code should not be reading or writing to these
pages and so neither read nor write exceptions should occur
and thus no performance impact.
For a start, we could just use the technique where we
have GDT and IDT at a private address, protect the guest's
pages relating to them, and don't worry about user app
seeing the wrong linear addresses in case it uses the
SGDT and SIDT instructions (as you suggested).
Ignoring app level S{G,D}DT instructions is not going to stop
Linux from running inside, or other clean operating systems.
Though, it's nice to know we do have a solution for the future.
Oh yeah, we could do this too. Place our private GDT and IDT
tables at the expected address. Start all the guest code and data
segments thereafter (as effective address 0) and let them wrap around
to the beginning of memory up to the private GDT and IDT area
again. Even with 4G segments, the guest will still trap out
on access to our protected pages. If we were really demented
maybe we could make use of the fact that some guest OSes protect
the first and last region of pages in the linear address space,
and overlay those protected areas over our private GDT and IDT
structures. The "skew" method. What this would achieve is to
allow even the ring0 guest code to execute SGDT and SIDT instructions
natively without intervention. I'm not saying this is worth it,
but just wanted to sling it out there while I was thinking of it.
-Kevin
