[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] VMX: use a single, global APIC access page

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 11 Feb 2021 12:16:29 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3tW8yrBgPPNcCOp7Oxg8mDF0D1A6IN1cdlEKzp2AIv0=; b=C/t9hnV3Ravgtu55iwVxPP133NzkCiOE4kXnvgshsnp4sR9Nx63p9HBQgSWM+f9EhqYf+MX/HHPHTLDNxzOiJ8/3XexGLF+YoPtkIhIi8Czo9KwFezrkuQsj/DeaEBSGBLScWWLQ7Fmbo0+ThxCQnTpMCFN116+CLMeY7zt9gUjnvSdLHBTWpnk6bNJ0IuSZo0kqeVeiQJNi33fTTaa+PafNwZDgtbf+WGGSLAmhYZ9c4LJDeVZs/Q1XQqYxlsXRCPgSkOlmQrJ/vprX0khfOiNpkz8zp7WBUa3kHFcBv8Js8E+iBBPmUswYb7ntrvc9yx+8y/6ajOyRUvUb8V0S2Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ka0JUrxY9VPC0qjTWalL9FWewvVAI+noiDNmVP0PugNXiW5eR58l2SHc3GtEkMbBKNzm5j+WwNbry+dQmIhw2wI1H7X1+bATnGQ/sQJoNdw+wLGhjPpIBtFmKoYCs2zCMbXoTaFsIuwql7ISXiWN2m+KhSc3qzpWk1aGNwsqz7whwZn8gh/74J6Hzal7Oow/72e4LWyE18ftKe9dZoEC5d95FORjuU+Ny5+3MkzhaT3gtrFG6ReA9mM1OwCxawwsZ3VsFXPfcU3J3hnFhwWL6bW4uRz0V0dqXuhZMLVc25AVTxpYko60G2Y0xPdIkR40scWl+ZJy6v9FmvmGo2UbgA==
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Kevin Tian" <kevin.tian@xxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 11 Feb 2021 11:16:52 +0000
  • Ironport-sdr: VLeeqBu2yZQC9vSHLMVfn3QSXhyb7EkZADI7TJ+IrP17SUOT4rt/fBzj/erD6S7mupmajIyKNr XovETQ32KM4x7YTuNTss/oCyvTwt6SUxmCB35TDejpv0V1YsgLYOcj7jGuwHhyBLkQa+yOHaYP VO9Ekm9bNlnvKwx/wVI9opiK8RAsV2vi09bBK8F7Ne+8Xv/yi1SWbgEWtGDLFWiqYyy0oH37RE 6fxx4COvFfw/uFZENlGRzrlhJNLk83iZsFFJ3tHDWd2aIxn38p/HnWDlkpU2EbnafTy0R5UsvT //s=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Feb 11, 2021 at 11:36:59AM +0100, Jan Beulich wrote:
> On 11.02.2021 09:45, Roger Pau Monné wrote:
> > On Wed, Feb 10, 2021 at 05:48:26PM +0100, Jan Beulich wrote:
> >> I did further consider not allocating any real page at all, but just
> >> using the address of some unpopulated space (which would require
> >> announcing this page as reserved to Dom0, so it wouldn't put any PCI
> >> MMIO BARs there). But I thought this would be too controversial, because
> >> of the possible risks associated with this.
> > 
> > No, Xen is not capable of allocating a suitable unpopulated page IMO,
> > so let's not go down that route. Wasting one RAM page seems perfectly
> > fine to me.
> Why would Xen not be able to, in principle? It may be difficult,
> but there may also be pages we could declare we know we can use
> for this purpose.

I was under the impression that there could always be bits in ACPI
dynamic tables that could report MMIO ranges that Xen wasn't aware of,
but those should already be marked as reserved in the memory map
anyway for good behaved systems.

> >>          return;
> >>  
> >>      ASSERT(cpu_has_vmx_virtualize_apic_accesses);
> >>  
> >>      virt_page_ma = page_to_maddr(vcpu_vlapic(v)->regs_page);
> >> -    apic_page_ma = mfn_to_maddr(v->domain->arch.hvm.vmx.apic_access_mfn);
> >> +    apic_page_ma = mfn_to_maddr(apic_access_mfn);
> >>  
> >>      vmx_vmcs_enter(v);
> >>      __vmwrite(VIRTUAL_APIC_PAGE_ADDR, virt_page_ma);
> > 
> > I would consider setting up the vmcs and adding the page to the p2m in
> > the same function, and likely call it from vlapic_init. We could have
> > a domain_setup_apic in hvm_function_table that takes care of all this.
> Well, I'd prefer to do this just once per domain without needing
> to special case this on e.g. vCPU 0.

I seems more natural to me to do this setup together with the rest of
the vlapic initialization, but I'm not going to insist, I also
understand your point about calling the function only once.

> >> --- a/xen/include/asm-x86/p2m.h
> >> +++ b/xen/include/asm-x86/p2m.h
> >> @@ -935,6 +935,9 @@ static inline unsigned int p2m_get_iommu
> >>          flags = IOMMUF_readable;
> >>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) )
> >>              flags |= IOMMUF_writable;
> >> +        /* VMX'es APIC access page is global and hence has no owner. */
> >> +        if ( mfn_valid(mfn) && !page_get_owner(mfn_to_page(mfn)) )
> >> +            flags = 0;
> > 
> > Is it fine to have this page accessible to devices if the page tables
> > are shared between the CPU and the IOMMU?
> No, it's not, but what do you do? As said elsewhere, devices
> gaining more access than is helpful is the price we pay for
> being able to share page tables. But ...

I'm concerned about allowing devices to write to this shared page, as
could be used as an unintended way to exchange information between

> > Is it possible for devices to write to it?
> ... thinking about it - they would be able to access it only
> when interrupt remapping is off. Otherwise the entire range
> 0xFEExxxxx gets treated differently altogether by the IOMMU,

Now that I think of it, the range 0xFEExxxxx must always be special
handled for device accesses, regardless of whether interrupt remapping
is enabled or not, or else they won't be capable of delivering MSI

So I assume that whatever gets mapped in the IOMMU pages tables at
0xFEExxxxx simply gets ignored?

Or else mapping the lapic access page when using shared page tables
would have prevented CPU#0 from receiving MSI messages.

Thanks, Roger.



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.