[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17] x86/hvm: Revert per-domain APIC acceleration support


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 15 Nov 2022 17:12:10 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dVs5NBjHeAMY0x46s4TBtb/ZqluXCirmz2KCHMrmTr0=; b=izNOfm/UpgeRPEcD8zh/fOE89/Aw20rL0Af7rsIBo+nbQhS6suGUFh2k7K0jOv+L5+11hXj0pHx1xve2gqe5+4DJKPq14cHr/osacHOKIL7miQiinkC0aVTR//cFdA5iVEg8HOjj/lwOgiYiMWv7fQVrWUb3Qosz9PhVZeqj91ubZ1iAtrvXPM3NV9XqFYZuMfA5j6Ibc1zBGu2S9NN8VqhoU1H7Vr0AEHLSWLOQHFQ9KdReGe2zHBX149dEEhRfpa/MrNDzW8wAU7oMi1XN72HVxZjJGGhrt1oZ9r+CVzVQSdO+asLQSG4mYQlvuo8/yvcI56SDTclZVQXZs99Asg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mvt3qf5XhDkSCMHeKmWEowcRSSkmZi4Mstq5x3xfuLfC2JulGaEgeEBa+yktqI1BBe9ax4zDfozMtYaxN74fGVzwsgVFGU4K/MotMi8E/hmoj1clOebxEgTwbAarcQYgvUPMrDwJDwtOIk3vEMZqUMCpIwK/w36AEi72A2+QM3rp+l6VrpmUWnY1P+9gNAmKPZmLWPHLWbnzg7TCzAWjAouqtSiD7IwRS7zwNJyTU6zo2XXNW+CEv4cOOMCa2BEBySV5xW568FLg8x1g9PGWaNCxXMAzdg3VP5JFDTUX5+3wt8JWRdeENmPRH2FQsVHmbL6s3OLwG1uFuQWeGU2VEw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>
  • Delivery-date: Tue, 15 Nov 2022 16:12:31 +0000
  • Ironport-data: A9a23:9FifTqpzBh4Yk10BLTKOAqgOgiVeBmIrZBIvgKrLsJaIsI4StFCzt garIBnVOPaOZDbyetwjPoznpkJSvcKEmN9nQQdlpCgwFSsR9ZuZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpAFc+E0/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06W1wUmAWP6gR5gaHziRNVvrzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXABQhagCvutO0+7Llb+k9gNR7NfXqPLpK7xmMzRmBZRonabbqZvyQoPN9gnI3jM0IGuvCb c0EbzYpdA7HfxBEJlYQDtQ5gfusgX78NTZfrTp5p4JuuzSVkFM3jemraYWPEjCJbZw9ckKwv GXJ8n6/GhgHHNee1SCE4jSngeqncSbTCN5OSeDlqaMCbFu7m34tUwwbX0OBhvDkhEGGWu5gM 3Qk0397xUQ13AnxJjXnZDWorXjBshMCVt54F+wh9BrL2qfS+xyeBGUPUnhGctNOnO0cSCEu1 1SJt8j0HjEpu7qQIVqC8p+EoDX0PjIaRUciaCkeXE066t/siIgpi1TESdMLLUKuptj8GDW1z zXUqiE73u8XlZRSiP/9+k3biTWxoJSPVhQy+gjcQmOi6EV+eZKhYIurr1Pc6J6sMbqkc7VIh 1Bc8+D20QzEJcrlePClKAnVIIyU2g==
  • Ironport-hdrordr: A9a23:EAgq2KtJw4pRCzRyKInTTvcV7skCHIAji2hC6mlwRA09TyXGra 2TdaUgvyMc1gx7ZJhBo7+90We7MBbhHLpOkPEs1NaZLXDbUQ6TQL2KgrGD/9SNIVycygcZ79 YaT0EcMqyNMbEZt7ec3ODQKb9Jrri6GeKT9IHjJh9WPHxXgspbnmNE42igYy9LrF4sP+tCKH PQ3LsxmxOQPVAsKuirDHgMWObO4/XNiZLdeBYDQzI39QWUijusybjiVzyVxA0XXT9jyaortT GtqX2z2oyT99WAjjPM3W7a6Jpb3PPn19t4HcSJzuQFNzn2jQ6sRYJ5H5mPpio8ru2D4Esj1P PMvxAjFcJu7G65RBD8nTLdny3blBo+4X7rzlGVxVPlvMzCXTo/T+5Mn5hQfBf141cp+IgU6t MD40up875sST/QliX04NbFEzlsi0qPuHIn1coelWZWX4cyYKJY6aYf4ERWOpEdGz+S0vFQLM BeSOXnoNpGe1KTaH7U+kFp3dyXR3w2WiyLR0AT0/bloQR+rTRc9Q811cYflnAP+NYWUJ9f/d nJNaxuifVnUtIWRbgVPpZPfeKHTkj2BT7cOmObJlrqUIsdPWjWlpLx6LIpoMm3ZZ0zyocokp ipaiIViYcLQTOuNSSy5uwKzviUK1/NHggFi/suqqSRg4eMCoYCaka4ORITe8jJmYRtPiSUYY f3BHtsOY6TEYLfI/c34+TAYegtFZA/arxhhj9pYSP7nuv7bqvXi8f8TNH/YJLQLBdMYBKOPp JEZkm4GPl9
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Nov 15, 2022 at 12:35:39AM +0000, Andrew Cooper wrote:
> I was really hoping to avoid this, but its now too late in the 4.17 freeze and
> we still don't have working fixes.

The fix I proposed still has some comments that have been unanswered,
but at any rate thit is now far too late to try to get this fixed.

FWIW that same fix was also posted to the security list way before
hitting xen-devel.

> The in-Xen calculations for assistance capabilities are buggy.  For the
> avoidance of doubt, the original intention was to be able to control every
> aspect of a APIC acceleration so we could comprehensively test Xen's support,
> as it has proved to be buggy time and time again.
> 
> Even after a protracted discussion on what the new API ought to mean, attempts
> to apply it to the existing logic have been unsuccessful, proving that the
> API/ABI is too complicated for most people to reason about.

Are you referring to the VMX hardware interface to setup the related
APIC assistance flags, or the hypervisor interface to control those
features?

> This reverts most of:
>   2ce11ce249a3981bac50914c6a90f681ad7a4222
>   6b2b9b3405092c3ad38d7342988a584b8efa674c
> 
> leaving in place the non-APIC specific changes (minimal as they are).
> 
> This takes us back to the behaviour of Xen 4.16 where APIC acceleration is
> configured on a per system basis.
> 
> This work will be revisited in due course.

I certainly regret having been involved in attempting to fix this, and
I have to admit I still don't understand what is broken with the
current API/ABI.

Do we want a flag to control the setting of the APIC register
virtualization feature?

Is the naming for the flag that we expose incorrect?

Is the field where the flag gets set incorrect?

There isn't that much to the current interface.

In the previous reply to the fix however I got the (maybe incorrect)
impression that current bugs in the implementation are used as a way
to justify why the interface is broken, and that is not accurate.  The
interface and the implementation are two different things, and bugs
in the implementation shouldn't automatically invalidate the
interface without further reasoning.

Also, for better or worse, the current domctl interface where all this
is implemented is unstable, and hence we are allowed to make further
changes as we implement more related features.

> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

I'm not going to oppose to the revert, but as said above it is still
not clean to me what is broken in the current approach apart from
implementation bugs, hence it's unlikely for me to revisit this work,
at least not until such uncertainty is solved.

Regards, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.