[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Call SetVirtualAddressMap() by default

  • To: George Dunlap <george.dunlap@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 15 Mar 2023 10:12:44 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QpsA/LeARYVPLGkv3RVN1hBvfrEtoMIo8vuvX6EqMG4=; b=VkKR8vSShoVhSML3rfXF8NmCX3M4zLe4FHctYf/e4vj4qxVNA02mncHq6uhCI1BqwcXhc8kY13P2/S/klAkFQADcHZoBjGzE0LrUGjzoTYPS/wkrawO/kH2EFD75mVnDFHt9or8DWFgO4ahmO+BvSSmokQ6XNFbB7ycqCcoZXhK2XDcOe0tZt/BQuEFqyIXHzpT6XXQn1IddygcWdue+XRp8fD0W3nxRIxjUh9D2SKam13FDZR7hDI+HVUS8jVI3Vo3ZhObGsVFcgq79HxUBmrBkMNT2DqJL6xB6sjbXBgBbQiO2cFdcl6RPeRKEtW9j2hsZYE5Ulq0/8jo1ucvQFA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JsP82frFvLzpJBkzbw3nI1yky3ia29kKRRcNq3jGEhlnDRWh5EFsMYLf9ygpIS9i8d7sB5j42Jp6LD34xkC/ZVHEXER74ucHvS3Hnim1KIsrHC5eYNLQsKL+1Pc54F92ydH8Z60ZkE71S9UhuPWI/D5YqAugFYPA6dBFBxO3hWEZH1P8jQGbOehoMwxgHlDYKGcgZm3gXvS3ra3Z2/L0tgrhRq5cuqnlSMvGgLAm+SjRi7ZLgzyGVUmhSXzoK/mgQHDQY3nqsChlHYBOl6nQNmJmWWTpQHZnCEcml0ETM6sChO1vtWZ/irSHt4a6Ol36diip0f7GYoKAsIT7V1nLEQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 15 Mar 2023 09:13:04 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 10.03.2023 17:05, George Dunlap wrote:
> On Fri, Feb 24, 2023 at 8:20 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>> On 23.02.2023 14:56, Marek Marczykowski-Górecki wrote:
>>> Yet, not calling SetVirtualAddressMap() leads to actual issues _right
>>> now_, not in some hypothetical undefined future.
>>
>> That's the way you, Andrew, and others like to put it. My view at this
>> is that it's not the lack of the call, but the improper implementation
>> of firmware which leads to an apparent need for this call. Like for all
>> other firmware bug workarounds, I'm happy to accept any proposals for
>> workarounds, as long as such workarounds either don't impact spec-
>> compliant systems, or as long as they're off by default.
> 
> 
> But it sounds (reading though this thread) like it doesn't impact any
> spec-compliant systems -- that is, not any *known* ones, but only
> hypothetical dom0's which are neither Linux (including kexec) nor NetBSD
> nor FreeBSD.

I can't say anything about the BSDs. Originally, when our EFI support was
first implemented, kexec would have been affected from all I know. The
way it works was changed meanwhile.

As to "known" affected systems: Elsewhere on this thread I pointed out
that I was happy that, at the time, I had an excuse not to worry about
getting our use of SetVirtualAddressMap() correct. Properly establishing
virtual addresses before making that call is still an open issue, for
which I do not yet see a good solution. Marek saying "It works just fine"
can only mean the limited set of systems that were tested. With more of
physical address space populated, said problem would arise. Can I point
at a particular system? No. But I do know that systems with "odd" memory
maps exist (that's what e.g. our PDX abstraction was introduced for),
and I anticipate problems there.

An intermediate approach might be to call SetVirtualAddressMap() on
systems where we can establish a complete virtual address map early
enough. (Saying that without looking at the code, so this may not be
viable in practice.) But I'm unsure this would improve the overall
situation: We'd then test one thing on typical systems and would end up
even less certain whether Xen also works on atypical ones.

> If we were Microsoft, we could afford to say "we don't support this
> hardware", and that would be enough to get the manufacturers to change
> their tune; but we're not.  Making it difficult for our users will not
> fundamentally make vendors write better code.

We can certainly agree on the goal of not making it more difficult than
necessary for users. Provided reasonable command line option documentation,
it shouldn't be overly difficult to establish which workarounds need
enabling for a given platform. For known problematic ones we could even
enable workarounds by default (just like we do in various cases when EFI
does not come into play; most of that was inherited from Linux and hence
is rather dated now, though).

> Particularly as my guess is that it's probably mainly a matter of testing:
> They only do testing on Windows (or maybe Linux if they're particularly
> keen), both of which seem to call SetVirtualAddressMap(); and so bits of
> the code accidentally come to rely on it being called.  Sure, in a perfect
> world, developers would read the spec, automatically follow it, and test on
> all possible hardware; but given how software actually works, it seems
> inevitable that we're going to have a never-ending stream of bugs because
> we're behaving differently.
> 
> So literally the only benefit of your policy is to accommodate hypothetical
> operating systems, who may need the functionality for unknown reasons.  And
> the cost is to have vanilla Xen not work on loads of real systems.  I don't
> think this is the right decision; and it seems like the sort of general
> higher-level principle that it would make sense to have a project-wide vote
> on if discussion failed to reach consensus.

Certainly. I'm pretty sure I would end up in a minority in such an event.
Yet if we started to enable random firmware workarounds by default which
can have an impact on spec-conforming systems, I guess I would have to
seriously consider to step down as the maintainer of our EFI code. But
maybe that's what's wanted by others anyway ...

> (Obviously if there are other technical issues, those would need to be
> addressed first.)
> 
> Supposing such a hypothetical operating system appears, is there any reason
> we can't figure out how to provide it what it needs at that time?

Well - about everything can be done in software. The question is how much
of the necessary road we've ended up closing by going the "account for
quirks by default" route, and hence how complicated things would end up
being.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.