[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] VMX: use a single, global APIC access page

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 11 Feb 2021 13:53:14 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XXT57OOjhb13TbZlcLP8QSaorO0xgSrsszjAEqbEdhw=; b=GchIMOZwFMwiYDUQR4vlQuq4cFwNi7a3nu6oS69nEQmTQSdIJ8LuCOnaH783R9hG1uNepvpy9UO8RuDdBK7M+ZaGXQu7YyBdRsbimu+0J5PK+QitltFG0EMq6bKALMEBplWONc4IaW2WwUyMVsJ5BNr4O9hr/5RAzM9TY6euvvi71XeaDwQj8eIDB17G2Wui7+y9femVxkejNSzJNKI/ufHxo6eR5kWksKXUbbgEe2TfPjaJEh49ItWvmcNSUyU5ioOaiWX1kmkMbHoPNSQQa9FXciujXAguh5q7CJa1vE3URvTmyJ/X7JryX9gD90xbf51ifj7ZdKpj1HpCcxFfCg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WLyeUXm50GWv+UPYl1e7i8W+oBojY9PHONiqkDCy5TzAJHiZuFW8NgZclMWcLXWqlbfRG6DEIShvSqLEyQzURgHCBTcix5mKjqZlRbdgUwfE9QYniR6/4iZsgCXKuy123kBlfFNKK0tMiRw5qkX3A5Wf5JBEenPpRWxXxMlXEQXmGHCUMZI/GKpak0Gmlfq7M0l9WGqHvON4iYR4i+C66HnqWzcjG63jKiAVBCnJboLFoMhuwk6NJvOaz+o30ohPT3q5vEdUfmBrqUZ9KxZiN65XBXCF088Cn0Vv8Ykk9+UQjAXAXoQmvS1VDLoCdUh1lCmJ1+ru8aoCdAOJaMvbmw==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 11 Feb 2021 13:53:28 +0000
  • Ironport-sdr: LL3fwKBwcKukpEWeKp6haoCfmojw6EZlwQxPgaMy48flSA/Lw7clocUTZeDuj9UyZVPy03uiFy ghWWUXw+LXqBYMFMXlfK0yaiC9yQkQC/zvD2KuA5pYFgthwSWP7otFYIA72XzvXk874kc3sc/0 2JeTXw7S9r8MnLY4tAufFOD+kOqngLpBQcx80TzHjfAt9Eg6kIGK711eF8lN7RbnI0Q/yEPRdg /CQrHGsx71NpI9U/1a5j0zQOAiHjsxk1ODx0VNjdoFMXbiuSEcPTq2cO6bX3/FeElnxNl6VyEy T5M=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 11/02/2021 10:36, Jan Beulich wrote:
> On 11.02.2021 09:45, Roger Pau Monné wrote:
>> On Wed, Feb 10, 2021 at 05:48:26PM +0100, Jan Beulich wrote:
>>> I did further consider not allocating any real page at all, but just
>>> using the address of some unpopulated space (which would require
>>> announcing this page as reserved to Dom0, so it wouldn't put any PCI
>>> MMIO BARs there). But I thought this would be too controversial, because
>>> of the possible risks associated with this.
>> No, Xen is not capable of allocating a suitable unpopulated page IMO,
>> so let's not go down that route. Wasting one RAM page seems perfectly
>> fine to me.
> Why would Xen not be able to, in principle? It may be difficult,
> but there may also be pages we could declare we know we can use
> for this purpose.

There are frames we could use for this purpose, but their locations are
platform specific (holes around TSEG).

I'm also not sure about the implications of their use as a DMA target.

>>>  static void vmx_install_vlapic_mapping(struct vcpu *v)
>>>  {
>>>      paddr_t virt_page_ma, apic_page_ma;
>>> -    if ( mfn_eq(v->domain->arch.hvm.vmx.apic_access_mfn, _mfn(0)) )
>>> +    if ( mfn_eq(apic_access_mfn, _mfn(0)) )
>> You should check if the domain has a vlapic I think, since now
>> apic_access_mfn is global and will be set regardless of whether the
>> domain has vlapic enabled or not.
>> Previously apic_access_mfn was only allocated if the domain had vlapic
>> enabled.
> Oh, indeed - thanks for spotting. And also in domain_creation_finished().

Honestly - PVH without LAPIC was a short sighted move.

Its a prohibited combination at the moment from XSA-256 and I don't see
any value in lifting the restriction, considering that TPR acceleration
has been around since practically the first generation of HVM support.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.