[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] xen+tools: Report Interrupt Controller Virtualization capabilities on x86

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • From: Jane Malalane <Jane.Malalane@xxxxxxxxxx>
  • Date: Tue, 15 Feb 2022 16:33:15 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LRjKM8olk6HBnkJWLXgrzrwMBSbHlR+uBcK19SFdVD4=; b=W140MHVrHpj31pv9iJCk62CwBuT0I74PzA/RHGexevwN2UEekmlDupKbSQ3dP+WsHZYH8rW7jlA+lT4e7iK73m28TOuB5ogLJ07KJtI87kIZyIKqV/gwKVjKSwPsNO65TKVdSmgcYMnRw8nLtjoHmbxfmCsYg8Pbwd0xoMAf5wrf/iQM6ni0aZWSQc3D8so5gEMkS63/UHk2NL7BkgoJOXOuXmobP+NgA+CJzr30g9P0ye2u3JWkXQIh4ISUrKX3sRddHvDlyesalWJP0NxCwHZJbCGGfRWrGez8lYjf2cW0jz+FyKjG+IsI1ytebV/hAQur64WjrCLtWcqG+g7e8A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Gj1ihSJ4ZUfXaQu6Gh2oSaSzCXQvzyt8RUnbc5tE9m0vybi4aorjvlyAf9+SC2vH6nLn8prYVgymjOaFHrMUTmsK0lJIlFyJ6WsnVwXOpqpJjjnVp8VxoYVeEGzeAyC5vM1daixYA04+2yD2kH5UkFiNynGcRE2g/gy4k0DEB1UA2P0sbaR3iTSI+Km6CTSssX5ioA3u3KyxXtCW0ofGmmfg6A+U6Iqa1tPeZa5JZIC+zsH7p1e79twqg6hJqlZseoenEVi1B+BiWjSFBO3J63VUzSun4C4DADrN/pmCgzFhPgeFoUEr++YrbXS7wgBOECNoAPJAa0Ww2XbL2QwpFA==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Anthony Perard" <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "George Dunlap" <George.Dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Delivery-date: Tue, 15 Feb 2022 16:33:28 +0000
  • Ironport-data: A9a23:KUl+AK3zfjfhwgG9+vbD5bh3kn2cJEfYwER7XKvMYLTBsI5bp2MPm 2cYWmCGPPvYYzCneNF+PY3i8kMHvpLUmN9kQFdspC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkS5PE3oHJ9RGQ74nRLlbHILOCanAZqTNMEn9700o5wrNh2eaEvPDia++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFMZH4rHomjLmOQf2VhNrXSq 9Avbl2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/TrS+NbPqsTbZIhhUlrZzqhrYwy6 /pLpIeJUSwGJqDtpM4nUF5gHHQrVUFG0OevzXmXtMWSywvNcmf2wuUoB0YzVWEa0r8pWycUr 6VecW1TKEDY7w616OvTpu1EpM0lIY/ONYcWvnhmwBnSDOo8QICFSKLPjTNd9Gls3J4XQ6aGD yYfQT43by7jQzFrAU4wA6Bjs+W513LFdyIN/Tp5ooJoujOOnWSdyoPFDt3RfdCbQNRPqWyRr GnG4mfRDwkTMZqUzj/t2mm3mubFkCf/WYQTPL617PhnhBuU3GN7IBcbT0ehqP+1zEu3QctCK lc88zAr66M18SSDTdTjXhv+vH+NuDYdXcZdF6sx7wTl4qjJ5UCfD2sNTD9EYfQnstM7QXoh0 Vrht8PkA3ljvaOYTVqZ96yItnWiNC4NN2gAaCQYCwwf7LHLoos+kxbORdZLC7Oug5v+HjSY6 y+OhDgzgfMUl8Fj/6em+VHKhRq8q56PSRQ6ji3VUXii9RhRf5O+asqj7l2z0BpbBN/HFB/b5 iFCwpXAqrBVZX2QqMCTaNdRX5KG4eeeCSX3rkZiPqULzTfqw3H2KOi8/wpCDEtuN88Ffxrgb 0nSpR5d6fdvAZe6UUNkS9nvUpp3lMAMAfygD6mJNYQWPvCdYSfapHkGWKKG44z6fKHAe4kbM IzTT8ujBG1y5U9PnGvvHLd1PVPGK0kDKYLvqXLTkk7PPVm2Pif9pVI53LymNL5R0U98iF+Jm +uzzuPTo/mlbMXwYzPM7akYJk0QIH4wCPje8pILKrHTclc7QDh6UZc9JI/NnKQ/wcxoehrgp CnhCie0NnKj7ZE4Fel6Qi86M+6+NXqOhXk6ITYtLT6VN4sLOu6SAFMkX8JvJ9EPrbU7pdYtF qVtU5jQU5xnF2WckxxAPMaVkWCXXEny7e54F3H+O2ZXkl8Jb1Ghx+IIiSO2r3dQV3Lu75Nhy 1BivyuCKac+q81ZJJ++QNqkzk+rvGhbn+R3XkDSJcJUdlmq+49vQxEdRNdtSy3VARmclDacy SiMBhIU+bvEr4MvqYGbjqGYtYa5VeB5GxMCTWXc6L+3Mwjc/3aintAcALrZI2iFWTOm4rima MVU0+r4bK8NkmFVvtcuCL1s168/uYfi/ucI0gR+EXzXRF23Ebc8cGKe1MxCu/QVlL9UsAe7Q GyV/dxeNenbMc/pCgdJdgEkcv6CxbcfnTyLtaY5J0Dz5SlW+rubUBoNY0nQ2XIFdLYsadEr2 +YsvsIS+jeTsBtyP4bUlD1Q+kSNMmcED/ctuKYFDdK5kQEs0FxDP8DRU3ek/JGVZtxQGUA2O TvI1rHajrFRy0eeIXo+EX/BgbhUiZgU4U0YyVYDIxKCm8bfh+9x1xpUqGxlQgNQxxRB8uRyJ mk0aBElefTQp29l1JpZQmShOwBdHxnIqEX+xmwAmHDdU0T1BHfGK3cwOLrV8U0Um46GkuO3I F1MJL7ZbAvX
  • Ironport-hdrordr: A9a23:C+JlraNZUqvc18BcT2T155DYdb4zR+YMi2TDiHoedfUFSKOlfp 6V8MjzjSWE9Ar4WBkb6LS90DHpewKcyXcH2/hvAV7EZninhILIFvAt0WKG+Vzd8kLFh5ZgPM tbAspD4ZjLfCVHZKXBkUqF+rQbsaK6GcmT7I+0pRoMPGJXguNbnn1E426gYxBLrWJ9dP0E/e +nl7N6Tk2bCBIqh6qAdxw4dtmGg+eOuIPtYBYACRJiwhKJlymU5LnzFAXd9gsCUhtUqI1Ss1 Ttokjc3OGOovu7whjT2yv49JJNgubszdNFGYilltUVEDPxkQylDb4RHoFq/QpF5N1H2mxa1u UkkC1QZvibLEmhJl1dlCGdnDUIFgxesEMKh2Xo20cL6vaJOg7SQ/Ax9L6xNCGpt3bI9esMoJ 5jziaXsYFaAgjHmzm479/UVwtynk7xunY6l/UP5kYvHLf2x4Uh2bD30XklW6voJhiKorzP0d Mee/309bJTaxeXfnrZtm5gzJilWWkyBA6PRgwHttaO2zZbkXhlxw9ArfZv0Uso5dY4Ud1J9u 7EOqNnmPVHSdIXd7t0AKMETdGsAmLATBrQOCaZIEjhFqsAJ3XRwqSHrIkd9aWvYtgF3ZEykJ POXBdRsnMzYVvnDYmU0JhC4nn2MS2AtPTWu4hjDrRCy8/BrYvQQFu+oQoV4ridSt0kc7jmZ8 o=
  • Ironport-sdr: sbeiUBLXvB3iQuXgs81ByylMzozm0IgrXeZa/jgVuVJb9d9v6rMWU4/UPUOUcOeu+SGPkw2ZyC QxNi4yew2O/izK9FmxrS/zMR2uo3YfClSDelXDRlFn1vp+3I5IAj65dLajsy9p7tFAScUCBYsk QCjORdHhBD2IBN6tMQBsdCaRz4BJhxHIseV4QMgpGXptOWA/xA6EB0pycvdI2faDy5oKy+qV3O pTuiaQOqFy7Ej1de++ufgU08vHYWsn0nhfLHfduEoTb1IzYnnnlYKfzi4Y0zYut1iljvXY6Bu4 9egW8JCbIZIQLm1gndZOYOhX
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYHE+TdJl64aH33EedeR0PZ4zblKyMkj6AgAGTLwCAABdDgIAABJKAgATOw4CAAAIAAIAAQJgAgADqygCAADOdAIAAAYiAgABRRgCAAALfgIAAFCIA
  • Thread-topic: [PATCH v2 1/2] xen+tools: Report Interrupt Controller Virtualization capabilities on x86
On 15/02/2022 15:21, Jan Beulich wrote:
> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments 
> unless you have verified the sender and know the content is safe.
> 
> On 15.02.2022 16:10, Jane Malalane wrote:
>> On 15/02/2022 10:19, Jan Beulich wrote:
>>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments 
>>> unless you have verified the sender and know the content is safe.
>>>
>>> On 15.02.2022 11:14, Jane Malalane wrote:
>>>> On 15/02/2022 07:09, Jan Beulich wrote:
>>>>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments 
>>>>> unless you have verified the sender and know the content is safe.
>>>>>
>>>>> On 14.02.2022 18:09, Jane Malalane wrote:
>>>>>> On 14/02/2022 13:18, Jan Beulich wrote:
>>>>>>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open 
>>>>>>> attachments unless you have verified the sender and know the content is 
>>>>>>> safe.
>>>>>>>
>>>>>>> On 14.02.2022 14:11, Jane Malalane wrote:
>>>>>>>> On 11/02/2022 11:46, Jan Beulich wrote:
>>>>>>>>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open 
>>>>>>>>> attachments unless you have verified the sender and know the content 
>>>>>>>>> is safe.
>>>>>>>>>
>>>>>>>>> On 11.02.2022 12:29, Roger Pau Monné wrote:
>>>>>>>>>> On Fri, Feb 11, 2022 at 10:06:48AM +0000, Jane Malalane wrote:
>>>>>>>>>>> On 10/02/2022 10:03, Roger Pau Monné wrote:
>>>>>>>>>>>> On Mon, Feb 07, 2022 at 06:21:00PM +0000, Jane Malalane wrote:
>>>>>>>>>>>>> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c 
>>>>>>>>>>>>> b/xen/arch/x86/hvm/vmx/vmcs.c
>>>>>>>>>>>>> index 7ab15e07a0..4060aef1bd 100644
>>>>>>>>>>>>> --- a/xen/arch/x86/hvm/vmx/vmcs.c
>>>>>>>>>>>>> +++ b/xen/arch/x86/hvm/vmx/vmcs.c
>>>>>>>>>>>>> @@ -343,6 +343,15 @@ static int vmx_init_vmcs_config(bool bsp)
>>>>>>>>>>>>>                    MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch);
>>>>>>>>>>>>>            }
>>>>>>>>>>>>>        
>>>>>>>>>>>>> +    /* Check whether hardware supports accelerated xapic and 
>>>>>>>>>>>>> x2apic. */
>>>>>>>>>>>>> +    if ( bsp )
>>>>>>>>>>>>> +    {
>>>>>>>>>>>>> +        assisted_xapic_available = 
>>>>>>>>>>>>> cpu_has_vmx_virtualize_apic_accesses;
>>>>>>>>>>>>> +        assisted_x2apic_available = (cpu_has_vmx_apic_reg_virt ||
>>>>>>>>>>>>> +                                     
>>>>>>>>>>>>> cpu_has_vmx_virtual_intr_delivery) &&
>>>>>>>>>>>>> +                                    
>>>>>>>>>>>>> cpu_has_vmx_virtualize_x2apic_mode;
>>>>>>>>>>>>
>>>>>>>>>>>> I've been think about this, and it seems kind of asymmetric that 
>>>>>>>>>>>> for
>>>>>>>>>>>> xAPIC mode we report hw assisted support only with
>>>>>>>>>>>> virtualize_apic_accesses available, while for x2APIC we require
>>>>>>>>>>>> virtualize_x2apic_mode plus either apic_reg_virt or
>>>>>>>>>>>> virtual_intr_delivery.
>>>>>>>>>>>>
>>>>>>>>>>>> I think we likely need to be more consistent here, and report hw
>>>>>>>>>>>> assisted x2APIC support as long as virtualize_x2apic_mode is
>>>>>>>>>>>> available.
>>>>>>>>>>>>
>>>>>>>>>>>> This will likely have some effect on patch 2 also, as you will 
>>>>>>>>>>>> have to
>>>>>>>>>>>> adjust vmx_vlapic_msr_changed.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks, Roger.
>>>>>>>>>>>
>>>>>>>>>>> Any other thoughts on this? As on one hand it is asymmetric but also
>>>>>>>>>>> there isn't much assistance with only virtualize_x2apic_mode set 
>>>>>>>>>>> as, in
>>>>>>>>>>> this case, a VM exit will be avoided only when trying to access the 
>>>>>>>>>>> TPR
>>>>>>>>>>> register.
>>>>>>>>>>
>>>>>>>>>> I've been thinking about this, and reporting hardware assisted
>>>>>>>>>> x{2}APIC virtualization with just
>>>>>>>>>> SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES or
>>>>>>>>>> SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE doesn't seem very helpful. 
>>>>>>>>>> While
>>>>>>>>>> those provide some assistance to the VMM in order to handle APIC
>>>>>>>>>> accesses, it will still require a trap into the hypervisor to handle
>>>>>>>>>> most of the accesses.
>>>>>>>>>>
>>>>>>>>>> So maybe we should only report hardware assisted support when the
>>>>>>>>>> mentioned features are present together with
>>>>>>>>>> SECONDARY_EXEC_APIC_REGISTER_VIRT?
>>>>>>>>>
>>>>>>>>> Not sure - "some assistance" seems still a little better than none at 
>>>>>>>>> all.
>>>>>>>>> Which route to go depends on what exactly we intend the bit to be 
>>>>>>>>> used for.
>>>>>>>>>
>>>>>>>> True. I intended this bit to be specifically for enabling
>>>>>>>> assisted_x{2}apic. So, would it be inconsistent to report hardware
>>>>>>>> assistance with just VIRTUALIZE_APIC_ACCESSES or VIRTUALIZE_X2APIC_MODE
>>>>>>>> but still claim that x{2}apic is virtualized if no MSR accesses are
>>>>>>>> intercepted with XEN_HVM_CPUID_X2APIC_VIRT (in traps.c) so that, as you
>>>>>>>> say, the guest gets at least "some assistance" instead of none but we
>>>>>>>> still claim x{2}apic virtualization when it is actually complete? Maybe
>>>>>>>> I could also add a comment alluding to this in the xl documentation.
>>>>>>>
>>>>>>> To rephrase my earlier point: Which kind of decisions are the 
>>>>>>> consumer(s)
>>>>>>> of us reporting hardware assistance going to take? In how far is there a
>>>>>>> risk that "some assistance" is overall going to lead to a loss of
>>>>>>> performance? I guess I'd need to see comment and actual code all in one
>>>>>>> place ...
>>>>>>>
>>>>>> So, I was thinking of adding something along the lines of:
>>>>>>
>>>>>> +=item B<assisted_xapic=BOOLEAN> B<(x86 only)>
>>>>>> +Enables or disables hardware assisted virtualization for xAPIC. This
>>>>>> +allows accessing APIC registers without a VM-exit. Notice enabling
>>>>>> +this does not guarantee full virtualization for xAPIC, as this can
>>>>>> +only be achieved if hardware supports “APIC-register virtualization”
>>>>>> +and “virtual-interrupt delivery”. The default is settable via
>>>>>> +L<xl.conf(5)>.
>>>>>
>>>>> But isn't this contradictory? Doesn't lack of APIC-register virtualization
>>>>> mean VM exits upon (most) accesses?
>>>>
>>>> Yes, it does mean. I guess the alternative wouuld be then to require
>>>> APIC-register virtualization for enabling xAPIC. But also, although this
>>>> doesn't provide much acceleration, even getting a VM exit is some
>>>> assistance if compared to instead getting an EPT fault and having to
>>>> decode the access.
>>>
>>> I agree here, albeit I'd like to mention that EPT faults are also VM
>>> exits. All my earlier comment was about is that this piece of doc
>>> wants to express reality, whichever way it is that things end up
>>> being implemented.
>>
>> Oh yes. Right, I see how this info could be misleading.
>>
>> How about this?...
> 
> Getting close. The thing I can't judge is whether this level of technical
> detail is suitable for this doc. Just one further remark:

Unsure too.

>> +=item B<assisted_xapic=BOOLEAN> B<(x86 only)>
>> +
>> +B<(x86 only)> Enables or disables hardware assisted virtualization for
>> +xAPIC. With this option enabled, a memory-mapped APIC access will be
>> +decoded by hardware and either issue a VM exit with an exit reason
>> +instead of an EPT fault or altogether avoid a VM exit. Notice
> 
> As said before, EPT faults also are VM exits and also provide an exit
> reason. Therefore maybe "... and either issue a VM exit with a more
> specific exit reason than an EPT fault would provide, or altogether
> avoid a VM exit" or "... and either issue a more specific VM exit than
> just an EPT fault, or altogether avoid a VM exit"?

Yes, that's better.

Thank you,

Jane.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.