[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC] Avoid dom0/HVM performance penalty from MSR access tightening

  • To: Alex Olson <this.is.a0lson@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 23 Feb 2022 17:27:11 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZHvaPd6DZRY/CUTgr7uDsFTCgjGjrQW4ENvwC/TxBmU=; b=PG/8IhbSVGI9uOkqnQiFGId97U/8Asrpvni+r44gTL1E3A1i9Rg4sHZmvtdRGq9au7Z7jcqkCZugTSXmtHAg2eX8f3I36p0XHMsiP06/X9zAwNsBvWSZFX7BS8otmEM5WvAdk5LXFmh9bN8FuiXkPS+TOKNVMIQ6u0TY3p2Es4O26vgPEsMCID0Rl0bQv+XvEKVEp6IU0Dr+/P0XeaLZ0oU4gsRtu0kJJStL9na/HYYnFsHAF9MtPIRqm9fc0GkbBTr/mjdEa+Swl/C6U16CQ6fu267k49jfYOB/QujumzL1KAzsVlGZPt5xCqCAbxr6eSHewiOQLzYTKsKkZ3K23w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+QHMRBBLJatEsNQCEJv8efy/r8y2l2i2a1RdWH45udgynlBYT1DwdhQ7hJ9+B9Iguk+uulwfVp5+2Uub0lgVBPQEtjXRcdr5Ulq++BhvWeZDyl4yyR3nQCd8MWmcRw81NK9qgzAddQqcnnWunsrqyD8vDHaCyNghRPsshMd3Pc7SyuznHfaLU2oyhyqqq02ut4ns8AVkzTBY+VP4DTrDqMf03rhiINIgh1iFOes+H/EbbVMTf/BZgL44TdF1nF3xHoyYte+gS6CTSn9D/5bGx6xizS019sjBV+SITd3olYlj7VHIAN3vwPBp6vkhfYFxfo0iL8ZQeEQ5Z2wNirTWw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 23 Feb 2022 16:27:24 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 23.02.2022 16:38, Alex Olson wrote:
> It seems to me there are a few findings useful to the Xen developers from
> venturing down this rabbithole:
> 
> 1) For conditions in which MSR registers are writeable from PV guests (such as
> dom0),  they should probably be readable well, looks like 
> MSR_IA32_THERM_CONTROL
> is currently one of a small number of "unreadable" but writeable
> MSRs.  Otherwise seemingly valid read-(check/modify)-write operations will
> behave incorrectly under Xen.

Hmm, this is indeed odd, just like for the adjacent MSR_IA32_ENERGY_PERF_BIAS.
But changing the behavior for such things requires (a) doing archaeology and
(b) being certain that no old Dom0 may be affected by an adjustment. Quite
likely this write-only behavior is a result from removing read access in the
general case. IOW I think we want to re-add read access for these two MSRs
(and any others fitting this pattern) for Dom0. Care to make a patch?

It's perhaps worth noting that (write) access to these two MSRs sits behind
is_hwdom_pinned_vcpu(). This is a mode we generally recommend against using
anyway. I'm not even sure we consider it (security) supported.

> 2) As Xen controls CPU frequency and c-states,  might there be benefit to it
> being extended to manage Clock Modulation / Throttling? (I wasn't expecting 
> dom0
> to be able to influence this!)

This had been the plan many, many years ago. Yet no-one ever came forward
with any code, afaik.

> 3) Perhaps PV domains (such as dom0) should not be allowed to modify such MSRs
> at all since it would result in unintended effects depending on how CPU pools
> and dom0 are managed?

Well, the general rule already is to limit what can be written. So wrong
cases now need to really be dealt with per individual MSR.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.