bareflank / hypervisor_example_vpid Goto Github PK

Hey guys,
I've been having a long discussion with Xen folks about VPID behavior when CPU-based CR3 loading is enabled (https://lists.xenproject.org/archives/html/xen-devel/2016-09/msg02164.html). Since Xen comes with a ton of baggage in regards of tagged TLB uses, this would be an interesting test-case for BareFlank.

So basically the question is, does the CPU perform TLB flushing automatically when MOV-TO-CR3 is trapped or not. The SDM doesn't explicitly say anything about this either way. On Xen right now there is a mandatory VPID flush when this happens, but as far as I can tell, it is not actually required. However, since there are a lot of unrelated flushes happening on Xen, it may be easier to validate the setup here.

For this I have the following questions:

1. Is it possible to perform pinning a VMCS with BareFlank to a physical core to avoid SMP migration?
2. Is it possible to pin a process to a specific VMCS?

If these tasks can somehow be done, then the experiment would be the following. Run two processes in parallel on the same physical core using the same VPID and enable MOV-TO-CR3 trapping. Both processes will map the same arbitrary virtual address with unique physical pages backing them and write unique canaries to their respective pages. In a busy-loop both continuously fetch this memory and compare it to the original value of their canary. The idea is that if MOV-TO-CR3 doesn't actually flush the TLB as it would normally, then eventually one of the two process' will hit the cached TLB entry of the other one.

Cheers,
Tamas