Re: [PATCH RFC v2 3/3] x86/altp2m: p2m_altp2m_propagate_change() should honor present page order

[Tamas K Lengyel <tamas@xxxxxxxxxxxxx>]

On Thu, Jan 6, 2022 at 8:50 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
> On 05.01.2022 17:25, Tamas K Lengyel wrote:
> > On Wed, Jan 5, 2022 at 3:59 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
> >>
> >> On 04.01.2022 18:48, Tamas K Lengyel wrote:
> >>>> I may be entirely wrong and hence that part of the change may also be
> >>>> wrong, but I'm having trouble seeing why the original
> >>>> "!mfn_eq(m, INVALID_MFN)" wasn't "mfn_eq(m, INVALID_MFN)". Isn't the
> >>>> goal there to pre-fill entries that were previously invalid, instead of
> >>>> undoing prior intentional divergence from the host P2M? (I have
> >>>> intentionally not reflected this aspect in the description yet; I can't
> >>>> really write a description of this without understanding what's going on
> >>>> in case the original code was correct.)
> >>>
> >>> This function only gets called from p2m-ept when the hostp2m gets an
> >>> update. In that case this check goes through all altp2m's to see if
> >>> any of them has an entry for what just got changed in the host, and
> >>> overwrites the altp2m with that from the host. If there is no entry in
> >>> the altp2m it doesn't pre-populate. That should only happen if the
> >>> altp2m actually needs it and runs into a pagefault. So it is correct
> >>> as-is, albeit being a subtle (and undocumented) behavior of the
> >>> hostp2m and its effect on the altp2m's. But that's why we never
> >>> actually make any changes on the hostp2m, we always create an altp2m
> >>> and apply changes (mem_access/remapping) there.
> >>
> >> Thanks for the explanation. Effectively this means that the call to
> >> get_gfn_type_access() can simply be get_gfn_query(). For the patch
> >> this means that I shouldn't check its return value and also continue
> >> to pass the new order rather than the minimum of the two (as was the
> >> case before), as all we're after is the locking of the GFN. It would
> >> be nice if you could confirm this before I submit a non-RFC v3.
> >
> > I'm a little lost here.
>
> Let me start with simpler questions then:
>
> What's the purpose of calling get_gfn_type_access()?

Only locking the gfn AFAICT.

> Independent of the answer to the previous question, why isn't it
> get_gfn_query() that is called?

The author of the code probably didn't see any difference between the
two. Or just didn't know there is another function.

> What's the purpose of the "a" local variable? (While "t" also is
> otherwise unused, it can't be eliminated as even get_gfn_query()
> requires its address to be taken.)

The a/t variables are ununsed.

>
> Why is p2m_set_entry() called only when the original entry didn't
> resolve to INVALID_MFN?

AFAICT there was never a clear design decision for why that's in
place. The only utility for it is fast propagation of settings across
all altp2m's that already have an entry in place. As per the other
part of the discussion it could be removed so existing entries in
altp2m's don't get overwritten. But we should most definitely NOT
pre-populate entries here for altp2ms.

Tamas