[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/cpuid: Untangle Invariant TSC handling
On 04.03.2020 19:40, Andrew Cooper wrote: > On 04/03/2020 10:25, Jan Beulich wrote: >> On 03.03.2020 19:24, Andrew Cooper wrote: >>> ITSC being visible to the guest is currently implicit with the toolstack >>> unconditionally asking for it, and Xen clipping it based on the vTSC and/or >>> XEN_DOMCTL_disable_migrate settings. >>> >>> This is problematic for several reasons. >>> >>> First, the implicit vTSC behaviour manifests as a real bug on migration to a >>> host with a different frequency, with ITSC but without TSC scaling >>> capabilities, whereby the ITSC feature becomes advertised to the guest. >>> ITSC >>> will disappear again if the guest migrates to server with the same frequency >>> as the original, or to one with TSC scaling support. >>> >>> Secondly, disallowing ITSC unless the guest doesn't migrate is conceptually >>> wrong. It is common to have migration pools of identical hardware, at which >>> point the TSC frequency is the same, >> This statement is too broad: Pools of identical hardware may have the same >> nominal frequencies, but two distinct systems are hardly ever going to have >> the exact same actual (measured or even real) frequencies. > > There is no such thing as truly invariant TSC. Even with the best > hardware in the world, the reference frequency will change based on > physical properties of the surroundings, including things like ambient > temperature. i.e. even a single server, sitting in a datacenter is > likely to see a fractional change in frequency across a 24h period. > > What matters is the error margins, and how long until it manifests as a > noticeable difference. > >> Recall Olaf's vTSC-tolerance patch that still hasn't landed anywhere? > > This is a different problem. Even on the same system, errors in Xen's > frequency calculations can differ by several hundred kHz (iirc), boot to > boot, making it quite useless for answering the question "am I running > at the frequency the guest saw before?", which is how we just whether to > intercept TSC accesses or not. But that's why I've said "too broad": Right now pools of identical hardware will not look to us as if they all had the same freq. > There are things which can be done about this, such as using frequency > data provided by the CPU directly (rather than correlating it with a > separate timesource). At that point, the only difference between two > identical systems will be the variability in the reference clock, and > PLL circuitry which ultimately multiplies it up from 19.2/25/100 MHz to > the 1-3.5GHz typically encountered for core frequencies. Right. The question just is how large the error margin is from the nominal frequency reported via CPUID leaves 15/16 and the actual frequency. If it's no worse than the differences we observe from our "measurement", then yes, we could and perhaps should use that data if available. >>> and more modern hardware has TSC scaling >>> support anyway. In both cases, it is safe to advertise ITSC and migrate the >>> guest. >>> >>> Remove all implicit logic logic in Xen, and make ITSC part of the max CPUID >>> policies for guests. Plumb an itsc parameter into xc_cpuid_apply_policy() >>> and >>> have libxl__cpuid_legacy() fill in the two cases where it can reasonably >>> expect ITSC to be safe for the guest to see. >>> >>> This is a behaviour change for TSC_MODE_NATIVE, where the ITSC will now >>> reliably not appear, and for the case where the user explicitly requests >>> ITSC, >>> in which case it will appear even if the guest isn't marked as nomigrate. >> How sensible is it to allow the user to request something like ITSC with >> no respective support underneath? > > Right now, Xen will ignore ITSC if the hardware isn't capable, just like > any other missing feature flag. > > When we get the policy auditing logic in better shape, I intend to > reject requests which can't be fulfilled. Okay, good to know. I wonder though how well we'll be able to express in the eventual user visible error message which of the settings was actually refused. >> Shouldn't we translate such a request >> into enabling vTSC if there's no ITSC on the platform? > > No, because a) doing things implicitly like this is the root of far too > many bugs, this patch included, and b) it probably isn't what the user > wants. > > The reason to play around with TSC settings will ultimately to be try > and avoid intercepting RDTSC, because the performance hit from > interception dominates most other factors. > >> Actually looking >> at the change to libxl__cpuid_legacy() I wonder whether you don't instead >> mean "requests vTSC" here. > > I don't see how you come to that conclusion. It is two separate cases > where the toolstack can reasonably expect the guest-observed frequency > not to differ. Looking at this hunk @@ -432,7 +433,22 @@ void libxl__cpuid_legacy(libxl_ctx *ctx, uint32_t domid, if (info->type == LIBXL_DOMAIN_TYPE_HVM) pae = libxl_defbool_val(info->u.hvm.pae); - xc_cpuid_apply_policy(ctx->xch, domid, NULL, 0, pae); + /* + * Advertising Invariant TSC to a guest means that the TSC frequency won't + * change at any point in the future. + * + * We do not have enough information about potential migration + * destinations to know whether advertising ITSC is safe, but if the guest + * isn't going to migrate, then the current hardware is all that matters. + * + * Alternatively, an internal property of vTSC is that the values read are + * invariant. Advertise ITSC when we know the domain will have emualted + * TSC everywhere it goes. + */ + itsc = (libxl_defbool_val(info->disable_migrate) || + info->tsc_mode == LIBXL_TSC_MODE_ALWAYS_EMULATE); + + xc_cpuid_apply_policy(ctx->xch, domid, NULL, 0, pae, itsc); I see the check of ->tsc_mode, which aiui is a request to enable vTSC unconditionally. This plus "no-migrate" get translated to enabling of ITSC. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |