[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.16 v4] gnttab: allow setting max version per-domain

  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 29 Oct 2021 17:39:52 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=df0oU8hNu0PcbliEm4rCoT+n11xcH77I9QpMr5SaEJM=; b=jjn73YpG93yu5uonumHJtkQJMPGeER/8ERzO0rxrFZseAzufqYIpfF1dKqVaVjP5CHlgUOAol2KsQsA27uQoebHFCZjW2riwv3n9EqIX3X5ufi/q30epwglCo0v3qXW4shE/tZQ9xNcOU8EdE430Rgv7xmN+6JEYGP0BvtrgwMjth/eRjKfNOzgsmfcS7B9BqHDOoI2o/TxXS80cNKAPrHqsbZXmcTNjOkKN6QgnWXkc/TJ4tn7OMfqgaEEizhLPk+f2nuozHmwFeEShq6OzvLRJNxXwnnz44l6AgrKq9/AL9Edz7j2l5AF8LNnc+xTk/dlROrnehsE58OxHm/lmRw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ISosBwDDbg9W2Ptu7oBucqKfxD3gjOc59OW5ra0WdpG4DCPKO9B60DI78wh5HTG57PmHwd6ukbvsH4YZiCgExBgcnxvacbfHW/yEK0hyXVIqQ5AKzJiYy8gF2HBvp6p1eN2X+RbwgwpQoyS8HCCg1vZYMfVIx/H7wiBwdyLFu0VEriCQYW19AmnNQKneuVzua4Goj+Ige2epvA8x5yEEx/fsYuOmVAZ1ifccg1pZmb/JeVdAwRTBgJyz6gnKRU4uw9XQgmhD/6vPW6ujmFOc6h8yG76bav83zMVIO3xjoK1Triw+BCNVPdNGgQY+81/2/vMeTXQ4DsKogBXarqgQGA==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>
  • Delivery-date: Fri, 29 Oct 2021 16:40:36 +0000
  • Ironport-data: A9a23:IG4hlKKtv4Lah16BFE+RipMlxSXFcZb7ZxGr2PjKsXjdYENS1jRWn GYZUDrUPKzeYDf1KdByb9/j8U8Av8DUytFgSQVlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fjgqoHUVaiUZUideSc+EH140Eo5yrZj6mJVqYPR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyB94KYkDbOwNxPFrrx8RYZWc QphIIaRpQs19z91Yj+sfy2SnkciGtY+NiDW4pZatjTLbrGvaUXe345iXMfwZ3u7hB2bs8lAw dNni6exWBdqHpDzqdoha0BxRnQW0a1uoNcrIFC6uM2XiUbHb2Ht07NlC0Re0Y8wo7gtRzsUr LpBdW5LPkvra+GemdpXTsFFgMg5IdatF4QYonx6lhnSDOo8QICFSKLPjTNd9Gpu2JEWQaeOD yYfQSUzPFORUQxfBk0WCM5jtaSmnlP1LzIN/Tp5ooJoujOOnWSdyoPFMtDYZ9iLTsV9hVuDq yTN+GGRKhMHMN2SzxKV/3TqgfXA9QvrVYRXGLCm+/pChFyI2ndVGBAQTUG8o/Sylgi5Qd03A 1MQ0jojq+417kPDZsLmQxSyrXqAvxgdc9ldCes37EeK0KW8yzieAm8IXztQcusMvcU9RSEp/ lKRltavDjtq2JWUVnC15rqStSm1OyUeMSkFfyBsZQkK+d74u6kokwnCCN1kFcadgtTrFBnqz juNrSx4gK8c5fPnzI3iowqB2Wj14MGUEEhlvW07Q15J8CtrSJeUboqC12Pa/OYDDLumf2e9h CEtzp32AP81MbmBkymEQeMoFb6v5uqYPDC0vWODD6XN5Bz2pCb9JdE4DCVWYR4zaJ5dKGCBj Fr74FsJvPdu0G2Wgbibim5bI/8hyrT8DpzbX/TQY8smjnNZJVLfon8GiaJ92QnQfKkQfUMXZ cjznSWEVy9y5UFbINyeHbp1PVgDnXlW+I8rbcqnpylLKJLHDJJvdZ8LMUGVcscy576erQPe/ r53bpXRlkkDDrCjMnCPq+b/yGzmy1BhWPgaTOQML4a+zvdOQjl9W5c9P5t4I+SJYJi5Zs+Xp yrgCye0OXL0hGHdKBXiV5yQQOiHYHqLllpiZXZEFQ/xgxALON/zhI9CJ8pfVeR2r4RLkK8rJ 8Tpju3dW5yjvBycoG9DBXQ8xaQ/HCmWafWmZHv7MWdmJc4wG2QkOLbMJ2PSycXHNQLu3eMWq Ly8zALLB50FQgVpFsHNb/yziVi2uBAgdChaBiMk+/FfJxfh9pZEMSv0gqNlKs0AM0yblDCby xyXEVETouyU+90599zAhKalqYa1ErQhQhoGTjeDtbvmZzPH+meDwJNbVLradz7qS26pqr6pY v9Yzq+gPaRfzkpKqYd1D51i0bk6u4n0v7Zfwwk9RCfLYl2nB6lOOH6D2cUT5KRByqUA4Vm9W 16V+8kcMrKMYZu3HFkULQsjT+KCyfBLxWWCsaVreB33vXYl8qCGXENeOwi3pBZcdLYlYpk4x eoBudIN71DtgBQdLdvb3Dtf8H6BLyJcXvx/5I0aGoLiliEi1kpGPc7HEibz7ZyCN4dMP00tL mPGjabOne0BlE/Lcn51HnnRx+tNw58JvUkSnlMFIl2InPvDh+M2g0INoWhmEFwNw0UVyf93N 0hqK1ZxdPeH8DpfjcReW3yhRlNaDxqD902tk1YEmQU1laVzurAh+IHlBduwwQ==
  • Ironport-hdrordr: A9a23:E5dfjqvSN9me4YucuBFRKV6r7skC5oMji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJhBo7G90KnpewK4yXcH2/hvAV7EZnibhILIFvAe0WKG+VPd8kLFh5ZgPM tbAs9D4ZjLfCJHZKXBkXmF+rQbsaC6GcmT7I+0pRcdLnAYV0gj1XYcNu/yKDwGeOAsP+teKH Pz3Lskm9PtQwVtUiztbUN1IdQr6ue72a7OUFojPVoK+QOOhTSn5PrTFAWZ5A4XV3dqza05+W bIvgTl7uH72svLhSP05iv21dB7idHhwtxMCIiljdUUECzljkKNaJ56U7OPkTgpqKWE6Uoskv PLvxA8Vv4Dp0/5TyWQm1/AygPg2DEh5zvLzkKZu2LqpYjDSDczG6N69MpkWyqcz3BlkMB30a pN0W7cnYFQFwn8kCP04MWNfw12l2KvyEBS0dI7vjh6a88zebVRpYsQ8Ad+C5EbBh/374ghDa 1HENzc3vBLalmXBkqp/1WH+ObcHEjbIy32B3Tr4qeuonxrdTFCvgUlLfUk7zQ9HMlXcegC2w zGWp4Y3Y2mAPVmK56VP91xNPdfPFa9Ny4kAFjiU2gPK5t3T04li6SHq4ndt9vaMqDh8vMJ6e P8uRVjxDcPR34=
  • Ironport-sdr: 44hmHNUUMxEnEFr/lEFBYX4Iohi0LQXsyunxuP/SB75N8pVPkS3rIH+Q2GF2vHgcDFRRAT/Dv8 ykFIY+rRN4T04pRz0puhmttdxDj9BFBsYUpGPA8ngqon17jMGaiKXM8HXatr2euG/eqTJTH23N v8C8oIesIACa9z65PIByXq195Bmmm2+f/ffiQWCWjxRXQljhfbgdqiisCxkWnT0oxbM06vKxda ezNBPoEFxio7UIqrMPDbhZTCqKlBwJFTnwQDZzwS1i7EpWgaws3bmjMTvy33GPcUJn0lVvjVgt nRJWGSr7LklirRuwDQtVLgm6
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 29/10/2021 08:59, Roger Pau Monne wrote:
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index 0167731ab0..faeb3eba76 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -2967,6 +2967,7 @@ void __init create_domUs(void)
>              .max_evtchn_port = -1,
>              .max_grant_frames = -1,
>              .max_maptrack_frames = -1,
> +            .grant_opts = XEN_DOMCTL_GRANT_version_default,

These three will need to be opt_gnttab_max_version which will need
exporting.

See final comment for why "default" mustn't exist.

> diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
> index e510395d08..f94f0f272c 100644
> --- a/xen/common/grant_table.c
> +++ b/xen/common/grant_table.c
> @@ -1917,11 +1918,33 @@ active_alloc_failed:
>  }
>  
>  int grant_table_init(struct domain *d, int max_grant_frames,
> -                     int max_maptrack_frames)
> +                     int max_maptrack_frames, unsigned int options)
>  {
>      struct grant_table *gt;
> +    unsigned int max_grant_version = options & XEN_DOMCTL_GRANT_version_mask;
>      int ret = -ENOMEM;
>  
> +    if ( max_grant_version == XEN_DOMCTL_GRANT_version_default )
> +        max_grant_version = opt_gnttab_max_version;
> +    if ( !max_grant_version )
> +    {
> +        dprintk(XENLOG_INFO, "%pd: invalid grant table version 0 
> requested\n",
> +                d);
> +        return -EINVAL;
> +    }
> +    if ( max_grant_version > opt_gnttab_max_version )
> +    {
> +        dprintk(XENLOG_INFO,
> +                "%pd: requested grant version (%u) greater than supported 
> (%u)\n",
> +                d, max_grant_version, opt_gnttab_max_version);
> +        return -EINVAL;
> +    }

I think this wants to live in sanitise_domain_config() along with all
the other auditing of flags and settings.  Also, it can be simplified:

if ( max_grant_version < 1 ||
    max_grant_version > opt_gnttab_max_version )
{
    dprintk(XENLOG_INFO, "Requested gnttab max version %u outside of
supported range [%u, %u]\n", ...);
}



> +    if ( unlikely(max_page >= PFN_DOWN(TB(16))) && is_pv_domain(d) &&
> +         max_grant_version < 2 )
> +        dprintk(XENLOG_INFO,
> +                "%pd: host memory above 16Tb and grant table v2 disabled\n",
> +                d);

This is rather more complicated.

For PV, this going wrong in the first place is conditional on CONFIG_BIGMEM.
For HVM, it the guest address size, not the host.
For ARM, I don't even know, because I've lost track of which bits of the
ABI are directmap in an otherwise translated domain.

I think it is probably useful to do something about it, but probably not
in this patch.

Perhaps modify domain_set_alloc_bitsize() to impose an upper limit for
the "host memory size matters" cases?

For the guest address size cases, this possibly wants to feed in to the
max policy calculations in the same way that shadow kinda does.

> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
> index 51017b47bc..0ec57614bd 100644
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -89,14 +89,20 @@ struct xen_domctl_createdomain {
>      /*
>       * Various domain limits, which impact the quantity of resources
>       * (global mapping space, xenheap, etc) a guest may consume.  For
> -     * max_grant_frames and max_maptrack_frames, < 0 means "use the
> -     * default maximum value in the hypervisor".
> +     * max_grant_frames, max_maptrack_frames and max_gnttab_version < 0
> +     * means "use the default maximum value in the hypervisor".
>       */
>      uint32_t max_vcpus;
>      uint32_t max_evtchn_port;
>      int32_t max_grant_frames;
>      int32_t max_maptrack_frames;
>  
> +/* Grant version, use low 4 bits. */
> +#define XEN_DOMCTL_GRANT_version_mask    0xf
> +#define XEN_DOMCTL_GRANT_version_default 0xf

This needs to be a toolstack decision, not something in Xen.  This
doesn't fix the case where VMs can't cope with change underfoot.

It is fine for the user say "use the default", but this must be turned
into an explicit 1 or 2 by the toolstack, so that the version(s) visible
to the guest remains invariant while it is booted.

Given the timescales, I'll put together a prereq patch exposing
gnttab-v1/2 in virt_caps for the toolstack to reason over.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.