Xen project Mailing List

Re: [Xen-devel] [PATCH v2 09/12] x86/altp2m: add remaining support routines.

To: "Lengyel, Tamas" <tlengyel@xxxxxxxxxxx>

From: Ed White <edmund.h.white@xxxxxxxxx>

Date: Thu, 25 Jun 2015 13:46:13 -0700

Cc: Ravi Sahita <ravi.sahita@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Thu, 25 Jun 2015 20:46:33 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/25/2015 11:23 AM, Lengyel, Tamas wrote: > On Thu, Jun 25, 2015 at 12:48 PM, Ed White <edmund.h.white@xxxxxxxxx> wrote: > >> On 06/25/2015 06:40 AM, Razvan Cojocaru wrote: >>> On 06/25/2015 03:44 PM, Lengyel, Tamas wrote: >>>> On Wed, Jun 24, 2015 at 2:06 PM, Ed White <edmund.h.white@xxxxxxxxx >>>> <mailto:edmund.h.white@xxxxxxxxx>> wrote: >>>> On 06/24/2015 09:15 AM, Lengyel, Tamas wrote: >>>> >> +bool_t p2m_set_altp2m_mem_access(struct domain *d, uint16_t idx, >>>> >> + unsigned long pfn, >> xenmem_access_t >>>> >> access) >>>> >> +{ >>>> >> >>>> > >>>> > This function IMHO should be merged with p2m_set_mem_access and >> should be >>>> > triggerable with the same memop (XENMEM_access_op) hypercall >> instead of >>>> > introducing a new hvmop one. >>>> >>>> I think we should vote on this. My view is that it makes >>>> XENMEM_access_op >>>> too complicated to use. >>>> >>>> The two functions are not very long and share enough code that it would >>>> justify merging. The only big change added is the copy from host->alt >>>> when the entry doesn't exists in alt, and that itself is pretty self >>>> contained. Let's see if we can get a third opinion on it.. >>> >>> At first sight (I admit I'm rather late in the game and haven't had a >>> chance to follow the series closely from the beginning), the two >>> functions do seem to be mergeable (or at least the common code factored >>> out in static helper functions). >>> >>> Also, if Ed's concern is that the libxc API would look unnatural if >>> xc_set_mem_access() is used for both purposes, as far as I can tell the >>> only difference could be a non-zero last altp2m parameter, so I agree >>> with you that the less functions doing almost the same thing the better >>> (I have been guilty of this in the past too, for example with my >>> xc_enable_introspection() function ;) ). >>> >>> So I'd say, yes, if possible merge them. >> >> So here are my reasons why I don't think we should merge the hypercalls, >> in more detail: >> >> Although the two hypercalls are similar, they are not identical. For one >> thing, the existing hypercall can only be used cross-domain whereas the >> altp2m one can be used cross-domain or intra-domain. > > > Fair point, the use of rcu_lock_live_remote_domain_by_id in the memaccess > memop handler precludes it working for the intra-domain case. However, now > that we have a valid use-case for it working when a domain applies > restrictions on itself, it would be fine to change that to > rcu_lock_domain_by_any_id. It has been just used as a sanity check. The > code you are using in hvm.c could be abstracted as p2m_altp2m_sanity_check: > "!is_hvm_domain(d) || !hvm_altp2m_supported() || !d->arch.altp2m_active" > and ran when the altp2m field is non-zero to catch buggy tools. Whether or not it's possible to merge the two isn't in dispute. The question is which path results in the easiest to understand and maintain outcome for users of the hypercalls and maintainers of the implementation. Having said that, I don't think your check catches an attempt to place an intra-domain restriction on the host p2m with altp2m active. > >> Also, the existing >> hypercall can be used to modify a range of pages and the new one can only >> modify a single page, and that is intentional. >> > > Please elaborate on this. In order to keep the p2m's coherent and respect the primacy of the host p2m, changes that occur in the host p2m can cause changes in altp2m's to be lost. At the moment there is not even any notification that has occurred, although that's something I'm working on. The minimum *guaranteed* granularity of that type of altp2m invalidation is an entire altp2m. The more pages you change in an altp2m, the more chance there is of a collision causing an invalidation, so for this version of altp2m we encourage as few changes as possible by requiring a separate hypercall for each page modification. Ed >> As I see it, the implementation in hvm.c would become a lot less clean, >> and every direct user of the existing hypercall would have to change for >> no good reason. >> > > For 4.6 I reworked the entire vm_event/mem_access system, so that is > already happening irrespective of altp2m. It's fine to add support for the > altp2m field before 4.6 freezes. > > >> Razvan's suggestion to merge the functions that implement the p2m changes >> I'm more ambivalent about. Personally, I prefer not to have code that >> contains lots of conditional logic, which would be the result, but I >> don't feel that strongly about it. >> >> Ed >> > > Thanks, > Tamas > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.