Xen project Mailing List

Re: [PATCH v2 1/2] xen+tools: Report Interrupt Controller Virtualization capabilities on x86

To: Jane Malalane <Jane.Malalane@xxxxxxxxxx>

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 9 Mar 2022 14:47:11 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XnTbjgBXoif7SBkZOFFifYDL3Y/a2m5voGNF2Uq7qwk=; b=c7hxYvyKikk7nTXFGTt3xbxbHhWec4QIPIqMQRriLAX5xaY0syYbwjo7Xpblb2krPkOJfNQiPmRz0vI/juLjAap/T2ot8D19k1WK7D223zz2PHAX1rRaHAuBFBiYFpHkI/Bj51wXHA7h2QS0VIkdeyCQkgeEvDYri75IfS8ytI4bmc1aPpyZvKVKzmDbCQuPq+wQzxOnOjrvd1yIDKEUTZITUNX3e3Iju6pNArKGs8r10fzXwQeiYtrwBpnJQxC05bxKzKpf3MgK+hpapMAjfGHTHU+k1tHq3eJ0MMGiCOT85j/13tDFU76f/eMfTbs4OrAtBHvEde9JACsjgD5p5w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JpXyfCFNv+b5J1zCwYtrbTBJ0DZyUGw7t8y5Xb6w0X/+0cmEE/r9RArqt7SDnB+nxBABVnxm1hzVqwoZramGV+QEsJ4vWrD4TCBkbW+mJeABnqewiOMRU55utFcKntsxoHhblauZAK282XShKzCHR8eKB/+6pFqYShqwVeqUeotGw2xs4JLva7OO6YKwaarZW49CpxSa3uvgikVy6cPwB9omQ6McMDzP/78SNrJE2YPHoof1Tq20rLi0MYH+cEageaVJZgjvzdPHnkmz+gq1w9ZcfMeqUaD2IBI1GtL3zt9DJGB9px0u/SIAcW9c/T528G85p8R8qR/M66JzOMyO9A==

Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Delivery-date: Wed, 09 Mar 2022 13:47:41 +0000

Ironport-data: A9a23:Oawd/6gfDuk6VyVtuYYUfuZQX1611RAKZh0ujC45NGQN5FlHY01je htvXTvSb/6CNzOgcooiaI23/E0F78DWzdE2Hlc9+Ho9H38b9cadCdqndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oDJ9CU6jefSLlbFILas1hpZHGeIcw98z0M78wIFqtQw24LhWFvc4 YmaT/D3YzdJ5RYlagr41IrbwP9flKyaVOQw5wFWiVhj5TcyplFNZH4tDfjZw0jQG+G4KtWSV efbpIxVy0uCl/sb5nFJpZ6gGqECaua60QFjERO6UYD66vRJjnRaPqrWqJPwwKqY4tmEt4kZ9 TlDiXC/YQcqHJPJodYYaT9BHzAlfvFr1obtHEHq5KR/z2WeG5ft6/BnDUVwNowE4OdnR2pJ8 JT0KhhUMErF3bjvhuvmFK883azPL+GyVG8bkmtnwjzDS+4vXLjIQrnQ5M8e1zA17ixLNaiDO JZGNGEyBPjGSyFmJXM8Bcw8pb6Pr3P8IxdjkQOfr6VitgA/yyQuieOwYbI5YOeie8JRmUqJo 3PcyE7wCBoaKd+3xCKM9zSngeqntTjgRIsYGbm89/hrqF6e3GoeDFsRT1TTifO0kFKkUtRTb Ukd4DMzrLMa/VauCNL6WnWQo3OavxhaR9tZFcU77h2Azuzf5APxLmoZSHhHYd8vts4zTBQr0 EOEm5XiAjkHmK2YTzeR+6mZqRu2ODMJNikSaCkcVwwH7tL/5oYpgXrnTNxuDaq0hd3dAizrz naBqy1Wr6oXpd4G0eO851+vqzCxopnESCYl6wORWXiqhit7a5SifJeA8kXA4LBLK4Pxc7Wal CFawY7EtrlIVMzT0nzWKAkQIF23z/aGEgPZuGxqJb84+yX2uCKOU7l63QgrcS+FLf04UTPuZ UbSvyZY65lSIGamYMdLXm6hNyg55fO+TIq4D5g4evILO8EsL1HfoEmCcGbNhziFraQ6rU0o1 X53m+6IBG1SN6loxSHeqww1ge5ynXBWKY8+qPnGI/WbPVi2OSb9pVQtagLmggUFAEWs+lu9H zF3bZfi9vmneLeiChQ7CKZKRbzwEVA1BIrtt+tcffOZLwxtFQkJUqGNn+x/J9Y1w/gJyI8kG 01RvGcCmDITYlWddW23ho1LMuuzDf6TU1pgVcDTAbpY8yd6Otv+hEvuX5A2YaMm5IReIQ1cF JE4lzG7Kq0XEFzvom1FBbGk9dAKXEn71GqmYnv+CBBiLsEIeuA80oK9FucZ3HJVVXTfWApXi +DI6z43trJYHlU8VpmKMKzzp75z1FBE8N9Ps4LzCoA7UG3n8ZRwKjy3ifkyIsoWLg7EyCfc3 AGTaSr0b8GUy2Pp2LElXZy5kro=

Ironport-hdrordr: A9a23:lzifUaut7jnNrsggQfp31MWx7skC74Mji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJhBo7G90KnpewK6yXdQ2/hqAV7EZniahILIFvAY0WKG+VPd8kLFh4xgPM tbAs1D4ZjLfCRHZKXBkXiF+rQbsaC6GcmT7I+0pRcdLj2CKZsQlzuRYjzrbHGeLzM2Y6bReq Dsgvau8FGbCAsqh4mAdzI4t6+pnay/qLvWJTo9QzI34giHij2lrJb8Dhijxx8bFxdC260r/2 TpmxHwovzLiYD39jbsk0voq7hGktrozdVOQOSKl8guMz3pziKlfp5oVbGutC085Muv9FEput /RpApIBbU411rhOkWO5Tf90Qjp1zgjr1fk1F+jmHPm5ff0QTorYvAx875xQ1/80Q4Nrdt82K VE0yayrJxMFy7Nmyz7+pzhSwxqvlDcmwttrccjy1hkFacOYr5YqoISuGlPFo0bIS784Ic7VM FzEcDn4upMe1/yVQGXgoBW+q3tYp0PJGbEfqBb0fblkQS+3UoJg3fw/fZv30vpr/kGOtx5D+ etCNUeqFgBdL5TUUtHPpZzfSKGMB28ffvyChPhHb3GLtBPB5ufke++3F0KjNvaDKDgiqFC36 j8bA==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Feb 15, 2022 at 04:33:15PM +0000, Jane Malalane wrote: > On 15/02/2022 15:21, Jan Beulich wrote: > > [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments > > unless you have verified the sender and know the content is safe. > > > > On 15.02.2022 16:10, Jane Malalane wrote: > >> On 15/02/2022 10:19, Jan Beulich wrote: > >>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments > >>> unless you have verified the sender and know the content is safe. > >>> > >>> On 15.02.2022 11:14, Jane Malalane wrote: > >>>> On 15/02/2022 07:09, Jan Beulich wrote: > >>>>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open > >>>>> attachments unless you have verified the sender and know the content is > >>>>> safe. > >>>>> > >>>>> On 14.02.2022 18:09, Jane Malalane wrote: > >>>>>> On 14/02/2022 13:18, Jan Beulich wrote: > >>>>>>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open > >>>>>>> attachments unless you have verified the sender and know the content > >>>>>>> is safe. > >>>>>>> > >>>>>>> On 14.02.2022 14:11, Jane Malalane wrote: > >>>>>>>> On 11/02/2022 11:46, Jan Beulich wrote: > >>>>>>>>> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open > >>>>>>>>> attachments unless you have verified the sender and know the > >>>>>>>>> content is safe. > >>>>>>>>> > >>>>>>>>> On 11.02.2022 12:29, Roger Pau Monné wrote: > >>>>>>>>>> On Fri, Feb 11, 2022 at 10:06:48AM +0000, Jane Malalane wrote: > >>>>>>>>>>> On 10/02/2022 10:03, Roger Pau Monné wrote: > >>>>>>>>>>>> On Mon, Feb 07, 2022 at 06:21:00PM +0000, Jane Malalane wrote: > >>>>>>>>>>>>> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c > >>>>>>>>>>>>> b/xen/arch/x86/hvm/vmx/vmcs.c > >>>>>>>>>>>>> index 7ab15e07a0..4060aef1bd 100644 > >>>>>>>>>>>>> --- a/xen/arch/x86/hvm/vmx/vmcs.c > >>>>>>>>>>>>> +++ b/xen/arch/x86/hvm/vmx/vmcs.c > >>>>>>>>>>>>> @@ -343,6 +343,15 @@ static int vmx_init_vmcs_config(bool bsp) > >>>>>>>>>>>>> MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); > >>>>>>>>>>>>> } > >>>>>>>>>>>>> > >>>>>>>>>>>>> + /* Check whether hardware supports accelerated xapic and > >>>>>>>>>>>>> x2apic. */ > >>>>>>>>>>>>> + if ( bsp ) > >>>>>>>>>>>>> + { > >>>>>>>>>>>>> + assisted_xapic_available = > >>>>>>>>>>>>> cpu_has_vmx_virtualize_apic_accesses; > >>>>>>>>>>>>> + assisted_x2apic_available = (cpu_has_vmx_apic_reg_virt > >>>>>>>>>>>>> || > >>>>>>>>>>>>> + > >>>>>>>>>>>>> cpu_has_vmx_virtual_intr_delivery) && > >>>>>>>>>>>>> + > >>>>>>>>>>>>> cpu_has_vmx_virtualize_x2apic_mode; > >>>>>>>>>>>> > >>>>>>>>>>>> I've been think about this, and it seems kind of asymmetric that > >>>>>>>>>>>> for > >>>>>>>>>>>> xAPIC mode we report hw assisted support only with > >>>>>>>>>>>> virtualize_apic_accesses available, while for x2APIC we require > >>>>>>>>>>>> virtualize_x2apic_mode plus either apic_reg_virt or > >>>>>>>>>>>> virtual_intr_delivery. > >>>>>>>>>>>> > >>>>>>>>>>>> I think we likely need to be more consistent here, and report hw > >>>>>>>>>>>> assisted x2APIC support as long as virtualize_x2apic_mode is > >>>>>>>>>>>> available. > >>>>>>>>>>>> > >>>>>>>>>>>> This will likely have some effect on patch 2 also, as you will > >>>>>>>>>>>> have to > >>>>>>>>>>>> adjust vmx_vlapic_msr_changed. > >>>>>>>>>>>> > >>>>>>>>>>>> Thanks, Roger. > >>>>>>>>>>> > >>>>>>>>>>> Any other thoughts on this? As on one hand it is asymmetric but > >>>>>>>>>>> also > >>>>>>>>>>> there isn't much assistance with only virtualize_x2apic_mode set > >>>>>>>>>>> as, in > >>>>>>>>>>> this case, a VM exit will be avoided only when trying to access > >>>>>>>>>>> the TPR > >>>>>>>>>>> register. > >>>>>>>>>> > >>>>>>>>>> I've been thinking about this, and reporting hardware assisted > >>>>>>>>>> x{2}APIC virtualization with just > >>>>>>>>>> SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES or > >>>>>>>>>> SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE doesn't seem very helpful. > >>>>>>>>>> While > >>>>>>>>>> those provide some assistance to the VMM in order to handle APIC > >>>>>>>>>> accesses, it will still require a trap into the hypervisor to > >>>>>>>>>> handle > >>>>>>>>>> most of the accesses. > >>>>>>>>>> > >>>>>>>>>> So maybe we should only report hardware assisted support when the > >>>>>>>>>> mentioned features are present together with > >>>>>>>>>> SECONDARY_EXEC_APIC_REGISTER_VIRT? > >>>>>>>>> > >>>>>>>>> Not sure - "some assistance" seems still a little better than none > >>>>>>>>> at all. > >>>>>>>>> Which route to go depends on what exactly we intend the bit to be > >>>>>>>>> used for. > >>>>>>>>> > >>>>>>>> True. I intended this bit to be specifically for enabling > >>>>>>>> assisted_x{2}apic. So, would it be inconsistent to report hardware > >>>>>>>> assistance with just VIRTUALIZE_APIC_ACCESSES or > >>>>>>>> VIRTUALIZE_X2APIC_MODE > >>>>>>>> but still claim that x{2}apic is virtualized if no MSR accesses are > >>>>>>>> intercepted with XEN_HVM_CPUID_X2APIC_VIRT (in traps.c) so that, as > >>>>>>>> you > >>>>>>>> say, the guest gets at least "some assistance" instead of none but we > >>>>>>>> still claim x{2}apic virtualization when it is actually complete? > >>>>>>>> Maybe > >>>>>>>> I could also add a comment alluding to this in the xl documentation. > >>>>>>> > >>>>>>> To rephrase my earlier point: Which kind of decisions are the > >>>>>>> consumer(s) > >>>>>>> of us reporting hardware assistance going to take? In how far is > >>>>>>> there a > >>>>>>> risk that "some assistance" is overall going to lead to a loss of > >>>>>>> performance? I guess I'd need to see comment and actual code all in > >>>>>>> one > >>>>>>> place ... > >>>>>>> > >>>>>> So, I was thinking of adding something along the lines of: > >>>>>> > >>>>>> +=item B<assisted_xapic=BOOLEAN> B<(x86 only)> > >>>>>> +Enables or disables hardware assisted virtualization for xAPIC. This > >>>>>> +allows accessing APIC registers without a VM-exit. Notice enabling > >>>>>> +this does not guarantee full virtualization for xAPIC, as this can > >>>>>> +only be achieved if hardware supports “APIC-register virtualization” > >>>>>> +and “virtual-interrupt delivery”. The default is settable via > >>>>>> +L<xl.conf(5)>. > >>>>> > >>>>> But isn't this contradictory? Doesn't lack of APIC-register > >>>>> virtualization > >>>>> mean VM exits upon (most) accesses? > >>>> > >>>> Yes, it does mean. I guess the alternative wouuld be then to require > >>>> APIC-register virtualization for enabling xAPIC. But also, although this > >>>> doesn't provide much acceleration, even getting a VM exit is some > >>>> assistance if compared to instead getting an EPT fault and having to > >>>> decode the access. > >>> > >>> I agree here, albeit I'd like to mention that EPT faults are also VM > >>> exits. All my earlier comment was about is that this piece of doc > >>> wants to express reality, whichever way it is that things end up > >>> being implemented. > >> > >> Oh yes. Right, I see how this info could be misleading. > >> > >> How about this?... > > > > Getting close. The thing I can't judge is whether this level of technical > > detail is suitable for this doc. Just one further remark: > > Unsure too. > > >> +=item B<assisted_xapic=BOOLEAN> B<(x86 only)> > >> + > >> +B<(x86 only)> Enables or disables hardware assisted virtualization for > >> +xAPIC. With this option enabled, a memory-mapped APIC access will be > >> +decoded by hardware and either issue a VM exit with an exit reason > >> +instead of an EPT fault or altogether avoid a VM exit. Notice > > > > As said before, EPT faults also are VM exits and also provide an exit > > reason. Therefore maybe "... and either issue a VM exit with a more > > specific exit reason than an EPT fault would provide, or altogether > > avoid a VM exit" or "... and either issue a more specific VM exit than > > just an EPT fault, or altogether avoid a VM exit"? > > Yes, that's better. I would avoid mentioning EPT, as that's an Intel specific technology. Could we instead use 'p2m fault'? Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.