Xen project Mailing List

Re: [PATCH v2 4/7] x86: Make the maximum number of altp2m views configurable

Date: Tue, 30 Apr 2024 18:00:13 +0200

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 30 Apr 2024 16:00:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Apr 30, 2024 at 4:27 PM Jan Beulich <jbeulich@xxxxxxxx> wrote: > > > --- a/xen/arch/x86/domain.c > > +++ b/xen/arch/x86/domain.c > > @@ -685,6 +685,12 @@ int arch_sanitise_domain_config(struct > > xen_domctl_createdomain *config) > > return -EINVAL; > > } > > > > + if ( config->max_altp2m > MAX_EPTP ) > > + { > > + dprintk(XENLOG_INFO, "max_altp2m must be <= %u\n", MAX_EPTP); > > + return -EINVAL; > > + } > > ... using MAX_EPTP here feels like a layering violation to me. Imo there want > to be separate constants, tied together with a suitably placed BUILD_BUG_ON(). > > Furthermore comparisons like this (there are further ones elsewhere) suggest > there is a (continued) naming issue: A max_ or MAX_ prefix ought to name a > "maximum valid value", not "number of permitted values". This is not a > request to alter MAX_EPTP, but one to make sure the new struct fields really > have matching names and purposes. Do you have any proposals? I was considering nr_altp2m. Another question is what it should be named in xl.cfg - also nr_altp2m? I was too hesitant to name it like that, since there aren't any nr_* fields currently. > > --- a/xen/arch/x86/include/asm/domain.h > > +++ b/xen/arch/x86/include/asm/domain.h > > @@ -258,11 +258,10 @@ struct paging_vcpu { > > struct shadow_vcpu shadow; > > }; > > > > +#define INVALID_ALTP2M 0xffff > > +#define MAX_EPTP ((unsigned int)(PAGE_SIZE / sizeof(uint64_t))) > > Aiui you add this cast because of the various min() uses. However, besides > wanting to avoid such casts (or in fact any, whenever possible), I don't > see why you need to retain all those min(): You bound d->max_altp2m against > MAX_EPTP during domain creation anyway. Fair. I considered removing the min()s altogether. I left them in place because I was too paranoid. > > > @@ -28,8 +34,13 @@ altp2m_vcpu_initialise(struct vcpu *v) > > void > > altp2m_vcpu_destroy(struct vcpu *v) > > { > > + struct domain *d = v->domain; > > struct p2m_domain *p2m; > > > > + /* Skip destruction if no altp2m was used. */ > > + if ( d->max_altp2m == 0 ) > > + return; > > ... this one doesn't look quite right: Even if altp2m-s were initialized, > none may have been used (yet). Fair. Bad choice of words. > > > --- a/xen/include/xen/sched.h > > +++ b/xen/include/xen/sched.h > > @@ -602,6 +602,8 @@ struct domain > > unsigned int guest_request_sync : 1; > > } monitor; > > > > + unsigned int max_altp2m; /* Maximum number of altp2m tables */ > > + > > unsigned int vmtrace_size; /* Buffer size in bytes, or 0 to disable. */ > > ... this suggest you're confident other architectures will also want > to support altp2m. Yet nothing like that is said in the description. > In the absence of that common code should not require touching (much). Depends on the definition of "want". altp2m patches for arm/aarch64 were sent to Xen some 6 years ago but were unfortunately rejected. I would very much welcome them. I have added the field to domain instead of arch_domain simply because it is not an arch-bound feature - similarly to vmtrace below, which also doesn't have an equivalent implementation on other archs than x86 (yet). As far as other comments/nits go - understood. P.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.