[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [ARM] Native application design and discussion (I hope)

To: Dario Faggioli <dario.faggioli@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrii Anisov <andrii_anisov@xxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Tue, 9 May 2017 11:32:04 +0100
Cc: Volodymyr Babchuk <vlad.babchuk@xxxxxxxxx>, Artem Mygaiev <joculator@xxxxxxxxx>, george.dunlap@xxxxxxxxxx, Xen Devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Tue, 09 May 2017 10:32:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi Dario,

On 05/09/2017 11:13 AM, Dario Faggioli wrote:

On Fri, 2017-05-05 at 12:28 -0700, Stefano Stabellini wrote:

On Fri, 5 May 2017, Andrii Anisov wrote:

On 24.04.17 21:08, Stefano Stabellini wrote:

The advantages of using EL0 apps are:
- scheduled deterministically
- faster context switch
- lower and deterministic latency
- EL0 apps execution time is accounted appropriately to the guest
that
   they are servicing


Can't the EL0 app be servicing XEN itself?


Short answer: no.

Long answer follows. EL0 apps will run in a different context.

I still feel like I am missing something (most likely, due to my
limited knowledge of ARM arch and XenOnARM code). Can you try to
clarify a bit for me what it "in a different context" in this case, and
 why it is important?

We want to run it in a different exception level to limit the surfaceattack of the hypervisor if the application is buggy.

It was
suggested to keep track of their state in the guest vcpu struct,
which
looks like a good idea to me. If we did that, the only way to have an
EL0 app running without being bound to a specific guest, would be to
run
it on the idle vcpu, which I think is a bad idea.

Which, FTR, is what we do in Xen for a bunch of things already, i.e.,
softirqs and tasklets.

No, we don't switch to the idle vCPU to handle tasklets or softirqs.They will be done before entering to the guest and still in thehypervisor context.


It's actually a rather effective way of executing some piece of Xen
code synchronously with some event (as softirqs are always checked 'on
the way back' from the hypervisor), which I guess in your case could be
 the trap from the guest vCPU requesting service.

And it should not be hard to give such code access to the context of
the vCPU that was previously running (in x86, given we implement what
we call lazy context switch, it's most likely still loaded in the
pCPU!).


I agree with Stefano, switching to the idle vCPU is a pretty bad idea.

the idle vCPU is a fake vCPU on ARM to stick with the common code (wenever leave the hypervisor). In the case of the EL0 app, we want tochange exception level to run the code with lower privilege.

Also IHMO, it should only be used when there are nothing to run and notre-purposed for running EL0 app.


Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [ARM] Native application design and discussion (I hope)
  - From: Dario Faggioli

References:
- Re: [Xen-devel] [ARM] Native application design and discussion (I hope)
  - From: Andrii Anisov
- Re: [Xen-devel] [ARM] Native application design and discussion (I hope)
  - From: Stefano Stabellini
- Re: [Xen-devel] [ARM] Native application design and discussion (I hope)
  - From: Dario Faggioli

Prev by Date: [Xen-devel] [ovmf baseline-only test] 71267: trouble: blocked/broken
Next by Date: Re: [Xen-devel] [PATCH v2 00/18] Refactor x86 trap handling code
Previous by thread: Re: [Xen-devel] [ARM] Native application design and discussion (I hope)
Next by thread: Re: [Xen-devel] [ARM] Native application design and discussion (I hope)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.