[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] xen/arm: Introduce a command line parameter for SErrors/Aborts



commit be3a53a1cc1da732bbb1ec83157f1572d78e29f4
Author:     Wei Chen <Wei.Chen@xxxxxxx>
AuthorDate: Wed Apr 5 17:09:09 2017 +0800
Commit:     Stefano Stabellini <sstabellini@xxxxxxxxxx>
CommitDate: Wed Apr 5 12:12:20 2017 -0700

    xen/arm: Introduce a command line parameter for SErrors/Aborts
    
    In order to distinguish guest-generated SErrors from hypervisor-generated
    SErrors we have to place SError checking code in every EL1 <-> EL2 paths.
    That will cause overhead on entries and exits due to dsb/isb.
    
    However, not all platforms want to categorize SErrors. For example, a host
    that is running with trusted guests. The administrator can confirm that
    all guests that are running on the host will not trigger such SErrors. In
    this use-case, we should provide some options to administrators to avoid
    categorizing SErrors and then reduce the overhead of dsb/isb.
    
    We provided the following 3 options to administrators to determine how
    the hypervisors handle SErrors:
    
    * `diverse`:
      The hypervisor will distinguish guest SErrors from hypervisor SErrors.
      The guest generated SErrors will be forwarded to guests, the hypervisor
      generated SErrors will cause the whole system to crash.
      It requires:
      1. dsb/isb on all EL1 -> EL2 trap entries to categorize SErrors
         correctly.
      2. dsb/isb on EL2 -> EL1 return paths to prevent slipping hypervisor
         SErrors to guests.
      3. dsb/isb in context switch to isolate SErrors between 2 vCPUs.
    
    * `forward`:
      The hypervisor will not distinguish guest SErrors from hypervisor
      SErrors. All SErrors will be forwarded to guests, except the SErrors
      generated when  the idle vCPU is running. The idle domain doesn't have
      the ability to handle SErrors, so we have to crash the whole system when
      we get SErros with the idle vCPU. This option will avoid most overhead
      of the dsb/isb, except the dsb/isb in context switch which is used to
      isolate the SErrors between 2 vCPUs.
    
    * `panic`:
      The hypervisor will not distinguish guest SErrors from hypervisor SErrors.
      All SErrors will crash the whole system. This option will avoid all
      overhead of the dsb/isb pairs.
    
    Signed-off-by: Wei Chen <Wei.Chen@xxxxxxx>
    Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
 docs/misc/xen-command-line.markdown | 44 +++++++++++++++++++++++++++++++++++++
 xen/arch/arm/traps.c                | 19 ++++++++++++++++
 2 files changed, 63 insertions(+)

diff --git a/docs/misc/xen-command-line.markdown 
b/docs/misc/xen-command-line.markdown
index 9690512..5815d87 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1470,6 +1470,50 @@ enabling more sockets and cores to go into deeper sleep 
states.
 
 Set the serial transmit buffer size.
 
+### serrors (ARM)
+> `= diverse | forward | panic`
+
+> Default: `diverse`
+
+This parameter is provided to administrators to determine how the
+hypervisors handle SErrors.
+
+In order to distinguish guest-generated SErrors from hypervisor-generated
+SErrors we have to place SError checking code in every EL1 <-> EL2 paths.
+That will cause overhead on entries and exits due to dsb/isb. However, not all
+platforms need to categorize SErrors. For example, a host that is running with
+trusted guests. The administrator can confirm that all guests that are running
+on the host will not trigger such SErrors. In this case, the administrator can
+use this parameter to skip categorizing SErrors and reduce the overhead of
+dsb/isb.
+
+We provided the following 3 options to administrators to determine how the
+hypervisors handle SErrors:
+
+* `diverse`:
+  The hypervisor will distinguish guest SErrors from hypervisor SErrors.
+  The guest generated SErrors will be forwarded to guests, the hypervisor
+  generated SErrors will cause the whole system to crash.
+  It requires:
+  1. dsb/isb on all EL1 -> EL2 trap entries to categorize SErrors correctly.
+  2. dsb/isb on EL2 -> EL1 return paths to prevent slipping hypervisor
+     SErrors to guests.
+  3. dsb/isb in context switch to isolate SErrors between 2 vCPUs.
+
+* `forward`:
+  The hypervisor will not distinguish guest SErrors from hypervisor SErrors.
+  All SErrors will be forwarded to guests, except the SErrors generated when
+  the idle vCPU is running. The idle domain doesn't have the ability to handle
+  SErrors, so we have to crash the whole system when we get SErros with the
+  idle vCPU. This option will avoid most overhead of the dsb/isb, except the
+  dsb/isb in context switch which is used to isolate the SErrors between 2
+  vCPUs.
+
+* `panic`:
+  The hypervisor will not distinguish guest SErrors from hypervisor SErrors.
+  All SErrors will crash the whole system. This option will avoid all overhead
+  of the dsb/isb pairs.
+
 ### smap
 > `= <boolean> | hvm`
 
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index a24d986..41955af 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -143,6 +143,25 @@ register_t get_default_hcr_flags(void)
              HCR_TSC|HCR_TAC|HCR_SWIO|HCR_TIDCP|HCR_FB);
 }
 
+static enum {
+    SERRORS_DIVERSE,
+    SERRORS_FORWARD,
+    SERRORS_PANIC,
+} serrors_op;
+
+static void __init parse_serrors_behavior(const char *str)
+{
+    if ( !strcmp(str, "forward") )
+        serrors_op = SERRORS_FORWARD;
+    else if ( !strcmp(str, "panic") )
+        serrors_op = SERRORS_PANIC;
+    else
+        serrors_op = SERRORS_DIVERSE;
+
+    return;
+}
+custom_param("serrors", parse_serrors_behavior);
+
 void init_traps(void)
 {
     /* Setup Hyp vector base */
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.