Xen project Mailing List

[Xen-devel] Issues/improvements performing flush of guest TLBs

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 15 Jan 2020 12:16:01 +0100

Authentication-results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=roger.pau@xxxxxxxxxx; spf=Pass smtp.mailfrom=roger.pau@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

Delivery-date: Wed, 15 Jan 2020 11:16:25 +0000

Ironport-sdr: mZHQ+uJK7ucLLxxY4tkeQa974IVXCz/7hjlAl0wejDog/brKjwcg/264mXJesuETe83foH02zm PsSAPlcZ+K1ho4UBbaRYhi0UZ/AMa6hVUinfjuVDNBPP22F2fbvpZ4E0qYSaS528xmXZ+G5fbH UZKXP6MyAnGczBR2K3QX7/C/OITVz9mCA/xNLOc8G/9tEJDuPEGr5LV1mU4hHuR4rWveH9RDRz DQtO3/z1QPurdUbAKvGzhqr3fdaGNvPxaRKmc2zBOUCQgdXGpZ24MZziAqG+AdBz7qNuS/k/AF RD4=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hello, For the last days I've been trying to figure out how to properly perform flushes of guest TLBs from the hypervisor. We currently provide a hypercall to HVM guests (HVMOP_flush_tlbs). The hypercall however pauses all vCPUs that require a flush and then call paging_update_cr3, which is highly inefficient. The performance of such implementation on a non-overloaded environment seems to be on par with the guest issuing IPIs and performing cr3/cr4 writes in order to flush, which makes the point of providing such hypercall moot. I would like to provide hooks (in the paging_mode struct) for the HAP and Shadow paging modes in order to perform guest TLB flushes: - HAP: depends on whether ASID/VPID is in use. If not in use the TLBs will be flushed on each vmexit/vmenter. If in use changing the VPID/ASID or flushing the specific VPID/ASID should be enough. This requires calling hvm_asid_flush_vcpu for each vCPU to be flushed and issuing an IPI to the currently running vCPUs in order to trigger a vmexit that will sync the VPID/ASID with the value in the vmcs/vmcb. Ie: for_each_vcpu( v, d ) hvm_asid_flush_vcpu(v); on_selected_cpus(....); - Shadow: it's not clear to me exactly which parts of sh_update_cr3 are needed in order to perform a guest TLB flush. I think calling: #if (SHADOW_OPTIMIZATIONS & SHOPT_VIRTUAL_TLB) /* No longer safe to use cached gva->gfn translations */ vtlb_flush(v); #endif #if (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC) /* Need to resync all the shadow entries on a TLB flush. */ shadow_resync_current_vcpu(v); #endif if ( is_hvm_domain(d) ) /* * Linear mappings might be cached in non-root mode when ASID/VPID is * in use and hence they need to be flushed here. */ hvm_asid_flush_vcpu(v); Should be enough but I'm not very familiar with the shadow code, and hence would like some feedback from someone more familiar with shadow in order to assert exactly what's required to perform a guest TLB flush. Also, AFAICT sh_update_cr3 is not safe to be called on vCPUs currently running on remote pCPUs, albeit there are no assertions to that end. It's also not clear which parts of sh_update_cr3 are safe to be called while the vCPU is running. FWIW, there also seems to be a lot of unneeded flushes of HVM guests TLB, as do_tlb_flush will unconditionally clear all HVM guest TLBs on the pCPU by calling hvm_asid_flush_core which I don't think it's necessary/intended by quite a lot of the Xen TLB flush callers. I guess this would also warrant a different discussion, as there seems to be room for improvement in this area. Thanks, Roger. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.