Xen project Mailing List

Re: [PATCH] x86/ept: limit calls to memory_type_changed()

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Mon, 26 Sep 2022 09:33:10 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VWcXbLBlrUdJsiomgj1tfYqTibopzRmvio1yIqp9zkI=; b=BSQseq+F8waYyC5kB8RSUO7LQqea/4AhG9d3vncN6AHU/QyF8FG2scD8B9I5gTYOEY4efdBowyLmL0my66JDLboAVIlXF9hHK4JJ/MxSZeOq+WXwCQppS2Xgu1SVNDgnoN6HVS4Ca+L2HYhZGx+Mm8HftkPrX4zF2AcXQi4/g4785isUXT6Fl82ZEmdcXETbMJFo2op/VxBENyR78ZYHV+/sJEd2IMiFZuq8lGzTXG7GZ0tcr8JzVXFFh8lP8DWTgIRoWy8ecIXtH9wlhpkuDNvQ4aENHiXLPx413fnZhxVv0diYnl0SPljej81rssSBevXm+mj2rjHANEzuyLq/dA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X9h+Qlr1bPwoi9Xs/kYniLYCg1B++A1p4b7z/JNcFyaPyA5KLw0o3hq4DItK6zy/LAcWQOCLfuIWYx76wHnd5KCmOC8qMGIGol91WgV+/drBddnBrdb+f3CBoaDX+LSe5xtys/KYUdGOmS+2Z1BQ0ZDYewHWfnSpLz1oT+avdOCej/xGoCq2vHdV0KGBooh3p59SOe5yJulHPaWVTpbqzG4cA/M6gEIhLVU9Lcu5P47JQIdfx51l8EQVseGFcGfYr7y4PHQ5G2BHiyt9uHbkKihiaRchefg/2MWcGflbMave1eb1r0jnF/NvDqX8Rk+qaHLG2wxii4ZklE2soAS8+g==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 26 Sep 2022 07:33:16 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 23.09.2022 10:35, Roger Pau Monné wrote: > On Thu, Sep 22, 2022 at 09:21:59PM +0200, Jan Beulich wrote: >> On 22.09.2022 18:05, Roger Pau Monne wrote: >>> memory_type_changed() is currently only implemented for Intel EPT, and >>> results in the invalidation of EMT attributes on all the entries in >>> the EPT page tables. Such invalidation causes EPT_MISCONFIG vmexits >>> when the guest tries to access any gfns for the first time, which >>> results in the recalculation of the EMT for the accessed page. The >>> vmexit and the recalculations are expensive, and as such should be >>> avoided when possible. >>> >>> Remove the call to memory_type_changed() from >>> XEN_DOMCTL_memory_mapping: there are no modifications of the >>> iomem_caps ranges anymore that could alter the return of >>> cache_flush_permitted() from that domctl. >> >> I certainly agree - this was an oversight when the two aspects were >> split. One might argue this is a (performance) fix to the earlier >> commit, and hence might want to go on its own with a Fixes: tag. > > Was wondering myself, didn't add the 'Fixes:' tag because of the extra > content. > >>> Calls to memory_type_changed() resulting from changes to the domain >>> iomem_caps or ioport_caps ranges are only relevant for EMT >>> calculations if the IOMMU is not enabled, and the call has resulted in >>> a change to the return value of cache_flush_permitted(). >> >> I'm less certain here: These shouldn't be frequent operations, so >> their impact on the guest should be limited? > > Citrix has an use case for vGPU where IOMMU regions are added and > removed during guest runtime. Such functionality makes uses of both > XEN_DOMCTL_iomem_permission and XEN_DOMCTL_memory_mapping. I see. Maybe this would want saying in the description, to express that there's little expected benefit for upstream. > While the memory_type_changed() call in XEN_DOMCTL_memory_mapping > seems to be the most problematic performance wise, I though it was > nice to try to avoid memory_type_changed() as much as possible, as > those tax the guest quite heavily with EPT_MISCONFIG faults and the > recalculation logic. Trying to avoid this is certainly desirable, I agree. But we need to make sure that it's not "easy" to break things by touching one place but leaving others alone which really would need keeping in sync. Therefore I'd see such added logic as acceptable only if the risk towards future changes is sufficiently low. >> And if we were to restrict the calls, I think we need to clearly >> tie together the various places which need updating together in >> case e.g. the condition in epte_get_entry_emt() is changed. >> Minimally by way of comments, but maybe by way of a small helper >> function (for which I can't seem to be able to think of a good >> name) sitting next to epte_get_entry_emt(). > > Such helper function is also kind of problematic, as it would have to > live in p2m-ept.c but be used in domctl.c and x86/domctl.c? It would > have to go through the p2m_domain indirection structure. It would need abstraction at the arch level as well as for !HVM configs on x86. I'm not sure the indirection layer would actually be needed, as the contents of the function - despite wanting placing in p2m-ept.c - isn't really vendor dependent. (If AMD/SVM gained a need for a similar helper, things would nee re-evaluating.) > Do you have any suggestions about how the function should look like? > I'm afraid the fact it needs the previous cache_flush_permitted() > value makes it kind of weird to encapsulate. Indeed. > I've attempted to add comments to make it clear why the new checks are > added, but I would also need to add a comment to epte_get_entry_emt() > to notice changes in the condition need to be propagated to call sites > of memory_type_changed(). Right - it may suffice to have one more extensive comment, but _all_ involved parties will need to have at least a cross reference such that one can easily find all pieces of code needing to be kept in sync. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.