[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: memory access atomicity during HVM insn emulation on x86

  • To: paul@xxxxxxx, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 2 Mar 2023 10:59:42 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CWibBdVERcoiqmX0dqCZspYSaORlgKJ2mhTeJMeP8H4=; b=Fi7LgDigauAb4Aw+jJxJIKGW/f5bhNfnMSdA+adCoU6H4hUH2WkCQbp3jt2vnOB1hB9btbmab36c9KC9gUrv18Cb0VLD15MAuI6DJHyjlISxhdS5lfRFVglOxJ8NxAO71xgtKxhsoiiGJFwkziIUErvNJT397vkrcnG/jkiZfol75kUN+DAS6z4YjFKpCxbYzfyEK9PQJEwPIY+pjdY1vOnL+Z8qjpeb1k1iWdGOsXnYZPmACdryyInA9z060FzFeAZ/OfdI67esvJJVFER9/yGmJLHNt53fHDQfsu5N0F5mv0HgQ1WtsWB8PQ80tj3/amgq0zE1YvJluXZl2ekgGA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PeSAZslC/VHDdDzTQr5cl1Fc772ewU5rvnizPhBSNjZELSjGEnOGuVgR3hU5NhlQYMt8yd62JnVw427Lkivm264l9iD1HguOWe1YhYVWi+PsuhMSvZtjV9ZN6eBXlShCZ4hv8ZAXb6vK0dD4eDxvcfUuXkA34g/Q8HQSLoAAuFYBIatdmiLU68X1QCOZiX1SnQBZiBnzdlFcc/N/P2dtMMjHElVJXuUtFcFZFZ8QrKmPid6Lm5KZrSpPqOCCAd8/H5wpzB5CibVfjxz4SUN9mSIxQDuZYOVEkwRRr3TZGanMkQcNNhwxGThK943g4OdCFEbGND48Cfy418r1QAUMQg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Thu, 02 Mar 2023 09:59:51 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02.03.2023 10:23, Paul Durrant wrote:
> On 02/03/2023 08:35, Jan Beulich wrote:
>> Hello,
>>
>> in (I think) Intel SDM version 076 a new guarantee of atomicity of certain
>> aligned 16-byte accesses appeared. While initially I thought this would be
>> another special case we need to invent a solution for (it still is, in
>> certain cases, as per further down), I had to realize that we don't even
>> guarantee atomicity of smaller accesses, including as simple ones as plain
>> 16-, 32-, or 64-bit moves. All read/write operations are handled by the
>> very generic __hvm_copy(), which invokes memcpy() / memset(), which in
>> turn do byte-wise copies unless the compiler decides to inline the
>> operations (which from all I can tell it won't normally do for the uses in
>> __hvm_copy()).
>>
>> The question here is whether to make __hvm_copy() handle the guaranteed-
>> aligned cases specially, or whether to avoid making use of that function
>> in those cases (i.e. deal with the cases in linear_{read,write}()). Both
>> options have their downsides (complicating a core function vs duplicating
>> a certain amount of code).
>>
>> As to 16-byte atomic accesses: The SDM doesn't restrict this to WB memory.
>> As a result, in order to implement this correctly, we cannot just utilize
>> the rmw() or blk() hooks, as these expect to operate on guest RAM (which
>> they can map and then access directly). Instead the path invoking the
>> device model will also need to cope. Yet the ioreq interface is limited
>> to 64 bits of data at a time (except for the data_is_ptr case, which imo
>> has to be considered inherently non-atomic). So it looks to me that as a
>> prereq to fully addressing the issue in the hypervisor we need an
>> extension to the ioreq interface.
>>
>> Thoughts anyone?
>>
> 
> Does the interface need modification? As long as 16-bytes are copied 
> to/from guest RAM in an atomic way then how that data is passed to/from 
> a device model shouldn't affect it, should it?

The question isn't the guest RAM access, but the guest accessing non-RAM
(which is why the device model is being engaged). Both a RAM and an MMIO
access can happen with a pretty limited set of insns only anyway. Among
those are none of the 16-byte accessing insns (they're all loads from or
stores to memory, with the other operand being an XMM register).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.