Xen project Mailing List

Re: [RFC PATCH 0/4] Physical address hypercall ABI ("HVMv2")

To: "Julien Grall" <julien@xxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>

From: "Teddy Astie" <teddy.astie@xxxxxxxxxx>

Date: Fri, 02 May 2025 12:02:06 +0000

Cc: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Anthony PERARD" <anthony.perard@xxxxxxxxxx>, "Michal Orzel" <michal.orzel@xxxxxxx>, "Roger Pau Monné" <roger.pau@xxxxxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, "Juergen Gross" <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Fri, 02 May 2025 12:02:19 +0000

Feedback-id: 30504962:30504962.20250502:md

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Le 01/05/2025 à 13:14, Julien Grall a écrit : > Hi, > > On 22/04/2025 08:45, Jan Beulich wrote: >> On 18.04.2025 16:18, Teddy Astie wrote: >>> In current HVM mode, when a hypercall references a structure in guest >>> memory, >>> it is passed to the hypervisor as its "linear address" (e.g virtual >>> address for >>> the x86 long mode). >>> One of the caveats is that this linear address (GVA) is generally not >>> directly >>> usable by the Xen and needs to be translated from GVA to GPA then >>> HPA. This >>> implies a complex and potentially expensive lookup of the pagetables >>> inside the >>> guest. This can be significant, especially if the P2M cannot use >>> efficiently >>> superpages (or with e.g XSA-304). >>> >>> This proposal introduce a new mode where all addresses used for >>> hypercalls are >>> GPADDR instead of GVADDR, therefore, looking up the HPA related to >>> this GPA >>> only needs a P2M lookup and not looking through the inside-guest >>> pagetables. >>> >>> This mode is opt-in and must be enabled explicitely by the toolstack. >> >> Which I view as a severe downside (leaving aside the PVH Dom0 aspect): >> This way >> a guest needs to be converted all in one go. While doable, it'll be >> increasingly >> risky with the size of the guest kernel code base. > > +1. It is not only the guest kernel, but also the firmware (UEFI, U-boot). > > Furthermore, I don't think this can be easily adopted in public cloud > where the admin for Xen and the guest will be different. So any > indication of the ABI would have to come from the guest itself rather > than the configuration. > Makes sense, I am experimenting with a alternative design which requires setting the 30th bit (31th is already used for viridian) of the eax register to indicate the use of this new ABI. Also keeping a CPUID to indicate that the feature is supported by the hypervisor (thus no need to enable it in advance for a guest). > Cheers, > Teddy Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.