On 06/03/16 17:36, Andy Lutomirski wrote:
>
>> I haven't read the Xen hypervisor code, but what are those 5 words
>> that were pushed on the stack by the hypervisor? It suspiciously is
>> the size of an IRET frame.
> I think it is nominally an IRET frame.
It is a notminal IRET frame. Even to this day, Xen doesn't support
anything other "making it appear as if an interrupt/exception occurred",
even with the syscall/sysenter and artificial entrypoints.
The Xen entrypoint logic predates the introduction of the
syscall/sysenter support in Linux. At the point where your hammer is
already iret shaped and you have a forked version of Linux for running
as a guest, modifying sysenter to be iret shaped is an easy option. For
better or worse, this is now the ABI.
> One might wonder what's in it, given that the hypervisor doesn't know what
> the old IP or SP was.
Looking at the code which synthesizes the iret frame
pushq $FLAT_USER_SS
pushq $0
pushfq
pushq $3 /* ring 3 null cs */
pushq $0 /* null rip */
Completely ignoring it definitely the best course of action.
>
>> Considering that we don't use SYSEXIT on
>> Xen anymore, can we just redirect SYSENTER to the INT80 handler?
>> Perhaps even just disable SYSENTER support in the VDSO on Xen. I
>> can't imagine SYSENTER is any faster than INT80 on Xen, because it has
>> to trap to the hypervisor first.
>>
> I think we should leave it enabled -- having user programs on Xen PV
> trap into the hypervisor for a system call using SYSENTER will still
> be much faster than using INT $0x80 as long as the hypervisor does
> something reasonable.
The trap into Xen has to happen either way (even for the INT $0x80
path). There is almost certainly room for improvement in both paths,
but in principle the sysenter path will be faster.
~Andrew
