[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/2] x86/ept: limit calls to memory_type_changed()

  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 29 Sep 2022 12:13:00 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cJZngrMWEoKajva0wgPHwnrMgCW/c9vOJB5xxRh7SaE=; b=QUG9mrR6GnBfSaaBJClkAvOUAtwjeEw8xqEBlJ2O8043yPVfr2P2ZyrguZgioXBS7iaKF1mgAK0Os/RpWwKOB/2SoF+JDy1VnBl8TkdteiopQV4ETV0C5tn4h9lhLNCnDLGl/zSem+J7qApdiFaI7Q4V0nDQN+r5aX2vFDpjDEC83EIo1Bwj53OxWjwIkubRZmEh9nsKkYlIvSeQD7SKjTlcfl4FWHw9UozXK4LiL0evHphmDEd3MerWwIb3Hy+wVqVPE/mV8c4/Oeey4G9Px0b48dkqLIyksKrHhNCogEkv8zNnd960XPEhcZRD+1Seq3D0DiL+FbiOv8MXnlbk9A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SnpLKKgB7opppae7lPf1b3VhYqZKhWxG1tvB13HPVe7QUYBEP4tncH5PID4fRCP470N/O4hK1jqx7h86ZaQCkZ8Z9TQQk2ENX4r32RRelIa52XVAbq6CGBuKbgLXYjw75QOMpHsJloPjNclAEMRPimasr8GSq83vMC44B6Kxs6UVmRZzOvL7qB+SPzqfg3AOleJJ4iPgT03GV3M2UmJXVq9FrMTluj4VKOyHgTHl3bcVuoiXWMhmhmBzHVDIABqYRQA2oPsoguWPbJcLWD72SVRs9W3e2Htzrdm7G0DaxB6ACm7aJaDsCRK7D2+p8H+WRsUe71Z8oBXiAfOx6XyWAQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Bertrand Marquis <bertrand.marquis@xxxxxxx>
  • Delivery-date: Thu, 29 Sep 2022 10:13:22 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 28.09.2022 16:11, Roger Pau Monne wrote:
> memory_type_changed() is currently only implemented for Intel EPT, and
> results in the invalidation of EMT attributes on all the entries in
> the EPT page tables.  Such invalidation causes EPT_MISCONFIG vmexits
> when the guest tries to access any gfns for the first time, which
> results in the recalculation of the EMT for the accessed page.  The
> vmexit and the recalculations are expensive, and as such should be
> avoided when possible.
> 
> Remove the call to memory_type_changed() from
> XEN_DOMCTL_memory_mapping: there are no modifications of the
> iomem_caps ranges anymore that could alter the return of
> cache_flush_permitted() from that domctl.
> 
> Encapsulate calls to memory_type_changed() resulting from changes to
> the domain iomem_caps or ioport_caps ranges in the helpers themselves
> (io{ports,mem}_{permit,deny}_access()), and add a note in
> epte_get_entry_emt() to remind that changes to the logic there likely
> need to be propagaed to the IO capabilities helpers.
> 
> Note changes to the IO ports or memory ranges are not very common
> during guest runtime, but Citrix Hypervisor has an use case for them
> related to device passthrough.
> 
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
with one minor remark at the end, which can be taken care of while committing.

> ---
> Changes since v2:
>  - Split the Arm side changes into a pre-patch.

Despite this I'd prefer to have an Arm maintainer view on this as well. As
previously pointed out the resulting code is going to be sub-optimal there.

> --- a/xen/include/xen/iocap.h
> +++ b/xen/include/xen/iocap.h
> @@ -7,13 +7,43 @@
>  #ifndef __XEN_IOCAP_H__
>  #define __XEN_IOCAP_H__
>  
> +#include <xen/sched.h>
>  #include <xen/rangeset.h>
>  #include <asm/iocap.h>
> +#include <asm/p2m.h>
> +
> +static inline int iomem_permit_access(struct domain *d, unsigned long s,
> +                                      unsigned long e)
> +{
> +    bool flush = cache_flush_permitted(d);
> +    int ret = rangeset_add_range(d->iomem_caps, s, e);
> +
> +    if ( !ret && !is_iommu_enabled(d) && !flush )
> +        /*
> +         * Only flush if the range(s) are empty before this addition and
> +         * IOMMU is not enabled for the domain, otherwise it makes no
> +         * difference for effective cache attribute calculation purposes.
> +         */
> +        memory_type_changed(d);
> +
> +    return ret;
> +}
> +static inline int iomem_deny_access(struct domain *d, unsigned long s,

A blank line would be nice between these two (and similarly for the
x86-only pair). Omitting such blank lines is imo advisable only for
trivial inline functions.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.