[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/ept: limit calls to memory_type_changed()


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Fri, 23 Sep 2022 10:35:09 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kwPzf9yV1YlzC3age3SnMv40zKY7mzhu3g1z2TAeF7c=; b=gl8QoksCHTCj6DD0EGVrqPNc6pJOCj7fmsfjUF2dLfAjcsIPbvrMURI+L/3L09mqx6vdlJmxO2C8GsCqkBrnuE8jxxv0fSe/amqMXxBIDcO49mosPxWnLOZq5ceXnc0u5d5iGNRDnjhblLaol4aGdoP2vCh2GSO7+bBiJKEPGukrrPqpwgD1E2ah9xUteWH735GCobP3pZDVFYfAYr6mOKjWKpGZnsMOOLLdW0PvngwxqwNLrdL01C4O+mypHhGLipGO8C8Qj1Ve41vJZEFp7NEiAcGcwsEXqeP2Ovz8yCnOTll0J5TK0G+z0Fa2wV2Akr5+q8wuZcf+kFRX0ggPOQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nUnRetdsv+VxtVFyZ4g5k2nXLewzSb+LwP9e0DgXPr8gF8pixLneQsJwyDZlLpIP0gYRVdJP9fUqArlEaft4liYf+WwRVweomZMv3JdoBroc4+tm7laEERgUZ04cKA4upVfxmIBwoMlMMOFiG+Z5fkg1TIu61ziGQPVJpJHP9Rdggcj+6LfLWD0YhxO4ILjRdjwQYQGza797SMvlTz8HXbfFt84TQeUQ2Xwy6Uih2UqtoB8MYUnbTWcEOZgmjiqJqMpSxzipvquFIE/tnJmlLxz9fYr1cmwFuxxjcW1I9+tocFu5j+ol7wbfLTc785ogLU6IBRdfzTYGw85IawQOsQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 23 Sep 2022 08:35:31 +0000
  • Ironport-data: A9a23:7QUr9K9bOUaKmuVRkeURDrVtTnXE43xwBUUsXf1CW+u19neyolnKptwKyRlVrF5Zr7ATAcN/5KyuV8teGgRPYd6hq9398Xa1/0de1qSRicyJiLY5MfPlc5BIijHeKQ7a1hNCHo06NyRhVaM0AxRsi6XJydNRN0mtvJXySpaf4zP8F3A9I83Sh2xirToWCCTql0YQlFONVbp+yoH0Vrmub8fsNEa9uVBIliZUpEWsGLCxk8UXKf8Dl0rHd51wgsC2mtODlPrly8mOVlEDknaU5f4myV/5Ak/n9sFtYfoXNtfQLycVlcOK4ZR5Iu1kcs1J/HQEwSbEJVOZsoD5KQs33x5/dxXuM0L8N2dhGRpCgtlY2k2B+0DzCm2bZMaha7YsZ/aGg5c6sMFxcUTlCZc7VY08pn56fK4hGwv4tSpbbH5bQ0U++DW2fUMJwiFhyTytbLQNTnUJVfR16rKvv+HNJBmlcIrW5gsozbTNgrHI8lrzdxlkqtrUHFUemrTsdWqv2QvG/EG8QVjjcFloL4ZcuGYxsg+DuZx2b9MCOSP774abO7sIb2w73R0pufPQ+Nk262MTxxdWaZprjwPGuAVWVSHjmvPGMW2/VXqA+DVix2YZG0q8YIKMbztnS8t3CDKFN3kaLmvIl0+H0IE5GT6a5/SiPELwwTAzcIWS43OMl/LJ9aO+q/YClV8Rd5dM9tKw41hrCqIqumlx63wzysPCWg1kumWK49Y5/SSjPoXSV8pPQ2q4UgPO7AWkJ2fmcYkKZGqCohyGgUd2cZvetcB5+yZosu8SsvYj+VaxNcLyvhB6EaIBaBeSUVXEkcRCBuewPG6yYj0qbwF2bKNVoY0tePIWqVtDrqGKJXH43Oj6XtKHgirXW13j8Pyq2Aa3GoUqKVTNKdZ4O3gj4FKFBKi1yYFxz7w2d1oMmMwG9CzIUo5DfiYMe0zR0OdcTevvDHjXHuRZcQhxxYsxxIkXgGFntkeX0RxYVg1PYYgfATb02i/cV4anlbCB9iA0FQWseWdpegR90cNYEqVUWV2j7bGO8KRrNecCMYFnooADzVUKjOlwNAuA6YrjG8aRJtHA4uu/tPfjxXBZxDrOlNEC1DYHtCZUxdzqUWvemq/vk+xjhG9RETsepyTrQevNHHAFCHHYBn8AL1o651Fp/woOW8ETT97xh+4LtVrcebrQVmYlMfJQsMohR7GGXzXKYtQKM8UWXTEfpZzbnPap/rSC+149rVkG3gGOn/kU9IU0T1mhzfg+o6g76I5NorFW3l9jQJ6LCc8RWBL3zMMFobzk4iYC+F9Q/zwqrTHqKHusZAs/Ls+W1fr+7IQ2xA2gypdxo2a12dmekJIdLa5D8/JAkItKjmKaA8uaqTdpnInM4wzcoIS0ea/e46DSZxU1o5EgtFJjy1/jEcvjdU8VhEohX4pkBUBboivxkic5hAb+hZOMVMtTSChEx5/vrOGTyikKiFrM47A4G3MkF5FmHDMJI7IejWbdDl6C/jX3q5UMtXkd+PPeysnXadpwDzLtpINbtlL6GtnqriH2SfryQAkkd//V7wtvNRoUFAAf36iC593ndC1TgcRcHGRssOh5Id3pVFzAs/MeASQx5pkodj0r9+ZPWvjCy2L3eSnEkWY/6tApOwPXJ9PAJ7cfYPo4lgVe/InOMCIpLW3aKc6CH1NnlDMcG5YiO5bEqOuqejVDnnIB7RUOqqf293rxl7GmaO2FkibCZvfnukfcgdZPBA8SVFuUHN4E8uo6sesiIrlLjgXiqDGDIFbt7G69bPaKcLYLz4Jhd9SyDSw2z/+lXOmEc7v3wo/hIttz1JGCnPCr3iqWxy11E/OkAtsQ1DShE/ZQwm91H0HvcIce0bMin27QzqypAvAmgQb/vF/yVUPyWzI822hH8aXkjrwd9VSicvvppNIe+pm830HZiiGe+vAhLDJ6eWe386lJtOQij8kzLlGd1bmPLSkCZ6SdLSuNT4ZKo/Ut2JnE5EenhlLkENdCtwVXp+qvsVjoqkwWcXgAv7Uyfk6Gibg7yZ/+P1DOayUl95QaBj9/xY1w3DIVP6x45JapsJBzvD9/ekDhuzOzrZ+LjEjMk477r0F2G6lv5++ULETJqDpGLldxFOSe0UsZsCkmXZmicKWq0DTjZawc58AP607mkIOmRDaslTBaVDw3znalK1+HQ/7ODqFu8mbD5iC0/MTeI2AJMFoaM6jEMpU0pZjMxHWNSQWpIwrLH8+WoyGYMXF95QnsbQynHuPk3WU0bdS15xG0hvqK1CL61Cj4ynH7CA9OlGsrzRhR8tdQxAoDtGN7amvK/pQOYVvt+wIatXtRigeG6IM2oiKkKUVtWvc+olcXpQ1v033crmODxiCEp4RAKmTEfUz8w6DRz3Qa1Hm37Jxou51Sd+pkxwN5M7KWXlSd0Uk2+cWJZbiYgeFgtJO1iAi6UTwXtODQ+RRk8DvPf6JQg89Y9EIwU5T8ICF/TCDjaNM=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Sep 22, 2022 at 09:21:59PM +0200, Jan Beulich wrote:
> On 22.09.2022 18:05, Roger Pau Monne wrote:
> > memory_type_changed() is currently only implemented for Intel EPT, and
> > results in the invalidation of EMT attributes on all the entries in
> > the EPT page tables.  Such invalidation causes EPT_MISCONFIG vmexits
> > when the guest tries to access any gfns for the first time, which
> > results in the recalculation of the EMT for the accessed page.  The
> > vmexit and the recalculations are expensive, and as such should be
> > avoided when possible.
> > 
> > Remove the call to memory_type_changed() from
> > XEN_DOMCTL_memory_mapping: there are no modifications of the
> > iomem_caps ranges anymore that could alter the return of
> > cache_flush_permitted() from that domctl.
> 
> I certainly agree - this was an oversight when the two aspects were
> split. One might argue this is a (performance) fix to the earlier
> commit, and hence might want to go on its own with a Fixes: tag.

Was wondering myself, didn't add the 'Fixes:' tag because of the extra
content.

> > Calls to memory_type_changed() resulting from changes to the domain
> > iomem_caps or ioport_caps ranges are only relevant for EMT
> > calculations if the IOMMU is not enabled, and the call has resulted in
> > a change to the return value of cache_flush_permitted().
> 
> I'm less certain here: These shouldn't be frequent operations, so
> their impact on the guest should be limited?

Citrix has an use case for vGPU where IOMMU regions are added and
removed during guest runtime.  Such functionality makes uses of both
XEN_DOMCTL_iomem_permission and XEN_DOMCTL_memory_mapping.

While the memory_type_changed() call in XEN_DOMCTL_memory_mapping
seems to be the most problematic performance wise, I though it was
nice to try to avoid memory_type_changed() as much as possible, as
those tax the guest quite heavily with EPT_MISCONFIG faults and the
recalculation logic.

> And if we were to restrict the calls, I think we need to clearly
> tie together the various places which need updating together in
> case e.g. the condition in epte_get_entry_emt() is changed.
> Minimally by way of comments, but maybe by way of a small helper
> function (for which I can't seem to be able to think of a good
> name) sitting next to epte_get_entry_emt().

Such helper function is also kind of problematic, as it would have to
live in p2m-ept.c but be used in domctl.c and x86/domctl.c?  It would
have to go through the p2m_domain indirection structure.

Do you have any suggestions about how the function should look like?
I'm afraid the fact it needs the previous cache_flush_permitted()
value makes it kind of weird to encapsulate.

I've attempted to add comments to make it clear why the new checks are
added, but I would also need to add a comment to epte_get_entry_emt()
to notice changes in the condition need to be propagated to call sites
of memory_type_changed().

> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> > ---
> > I feel it's a bit weird to have calls to memory_type_changed() in
> > common domctl code - for once the domctl that trigger the call doesn't
> > change memory types, just adds or removes ranges from iomem_caps
> > (which in turn affects the behaviour of epte_get_entry_emt()).
> 
> Do you have a better suggestion?

No, not really, because we need the return value of
cache_flush_permitted() before and after the changes, so it's not as
easy as introducing a single helper sadly.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.