From: Andrea Arcangeli <aarcange@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>,
Marcel Apfelbaum <marcel@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Default for phys-addr-bits? (was Re: [PATCH 4/5] x86: Allow physical address bits to be set)
Date: Wed, 22 Jun 2016 17:02:00 +0200 [thread overview]
Message-ID: <20160622150200.GM30202@redhat.com> (raw)
In-Reply-To: <21a5ea2e-e83b-a874-8992-9e5bde710840@redhat.com>
On Wed, Jun 22, 2016 at 04:48:50PM +0200, Paolo Bonzini wrote:
> KVM encodes other information in the sPTE when it sets the reserved bit
> (a generation count). Instead of using all bits up to 51, KVM could
> well use bit MAXPHYADDR+1 as a marker and add bits MAXPHYADDR+2...51 to
> the generation count.
It could but it doesn't, doesn't it?
> You cannot really rely on what the guest does, no matter how crazy it seems.
I agree, but then to support such guest with full safety, we should
disable live migration if host phys bits change, which we clearly
aren't doing (at least by default), nor planning to do as it's way too
restrictive and it'd be a nuisance for a purely theoretical issue.
Considering the unfixable issues there are in live migration if a
guest uses the phys bits to calculate the first must be zero bit in
the pagetables, I don't think any OS will start to do that, nor
KVM in nested virt.
host phys bits < "soft" guest phys bits is more material issue the
guest cannot prevent in software, it already broke the mtrr in fact
(which thankfully can be fixed in the emulation layer with David's
patch).
This is why I think a "soft" guest phys bits would provide a peace of
mind for a 100% reliable live migration in the future.
Starting with the production solution (plus the mtrr fix that as
expected only matters for live migration) sounds fine to me, how far
we go with the "soft" guest phys bits, then depends on the complexity
of calculating the highest possible physical address with pci/memory
hotplug.
The only thing I'm not in full agreement with, is that the concern of
"soft" guest phys bits < host phys bits should be considered a
material concern, that to me sounds purely theoretical and in any case
it's fixable by changing the guest source code to provide full
reliability if "soft" guest phys bits < host phys.
With "soft" guest phys bits > host phys bits there's nothing the guest
software can do to avoid running into troubles instead.
If we introduce later a "soft" guest phys bits set to the lowest
possible value that can fit the highest possible physical address of
the guest, we should still then have a -cpu=force_host_phys_bits flag
to handle the extreme case of proprietary OS which would depend on the
must zero bits pagetable violations, but I don't think anybody would
ever need to use such flag.
Thanks,
Andrea
next prev parent reply other threads:[~2016-06-22 15:02 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-16 17:12 [Qemu-devel] [PATCH 0/5] x86: Physical address limit patches Dr. David Alan Gilbert (git)
2016-06-16 17:12 ` [Qemu-devel] [PATCH 1/5] BIT_RANGE convenience macro Dr. David Alan Gilbert (git)
2016-06-16 17:23 ` Paolo Bonzini
2016-06-16 17:24 ` Dr. David Alan Gilbert
2016-06-16 18:01 ` Peter Maydell
2016-06-16 18:05 ` Paolo Bonzini
2016-06-20 14:11 ` Dr. David Alan Gilbert
2016-06-20 14:17 ` Peter Maydell
2016-06-16 17:12 ` [Qemu-devel] [PATCH 2/5] x86: Mask mtrr mask based on CPU physical address limits Dr. David Alan Gilbert (git)
2016-06-16 19:59 ` Eduardo Habkost
2016-06-17 8:23 ` Dr. David Alan Gilbert
2016-06-17 12:13 ` Paolo Bonzini
2016-06-16 17:12 ` [Qemu-devel] [PATCH 3/5] x86: fill high bits of mtrr mask Dr. David Alan Gilbert (git)
2016-06-16 20:14 ` Eduardo Habkost
2016-06-17 7:47 ` Paolo Bonzini
2016-06-17 12:46 ` Eduardo Habkost
2016-06-17 13:01 ` Paolo Bonzini
2016-06-17 13:41 ` Eduardo Habkost
2016-06-17 14:25 ` Paolo Bonzini
2016-06-17 15:27 ` Eduardo Habkost
2016-06-17 15:29 ` Paolo Bonzini
2016-06-17 15:35 ` Eduardo Habkost
2016-06-17 13:51 ` Dr. David Alan Gilbert
2016-06-17 14:19 ` Paolo Bonzini
2016-06-17 8:53 ` Dr. David Alan Gilbert
2016-06-16 17:12 ` [Qemu-devel] [PATCH 4/5] x86: Allow physical address bits to be set Dr. David Alan Gilbert (git)
2016-06-16 17:26 ` Paolo Bonzini
2016-06-16 18:09 ` Eduardo Habkost
2016-06-16 20:24 ` Eduardo Habkost
2016-06-17 8:15 ` Dr. David Alan Gilbert
2016-06-17 8:43 ` Paolo Bonzini
2016-06-17 9:17 ` Gerd Hoffmann
2016-06-17 9:52 ` Igor Mammedov
2016-06-17 11:20 ` Gerd Hoffmann
2016-06-17 16:20 ` Laszlo Ersek
2016-06-17 16:07 ` Laszlo Ersek
2016-06-19 16:13 ` Marcel Apfelbaum
2016-06-20 10:42 ` Igor Mammedov
2016-06-20 11:13 ` Marcel Apfelbaum
2016-06-17 9:37 ` Dr. David Alan Gilbert
2016-06-17 9:54 ` Paolo Bonzini
2016-06-17 13:18 ` Eduardo Habkost
2016-06-17 13:38 ` Paolo Bonzini
2016-06-17 15:19 ` Eduardo Habkost
2016-06-17 15:28 ` Paolo Bonzini
2016-06-17 15:49 ` Eduardo Habkost
2016-06-21 19:44 ` [Qemu-devel] Default for phys-addr-bits? (was Re: [PATCH 4/5] x86: Allow physical address bits to be set) Eduardo Habkost
2016-06-22 12:41 ` Paolo Bonzini
2016-06-22 14:24 ` Andrea Arcangeli
2016-06-22 14:33 ` Paolo Bonzini
2016-06-22 14:44 ` Andrea Arcangeli
2016-06-22 14:48 ` Paolo Bonzini
2016-06-22 15:02 ` Andrea Arcangeli [this message]
2016-06-22 22:44 ` Michael S. Tsirkin
2016-06-22 23:23 ` Andrea Arcangeli
2016-06-22 23:45 ` Michael S. Tsirkin
2016-06-23 8:40 ` Gerd Hoffmann
2016-06-23 16:38 ` Michael S. Tsirkin
2016-06-24 5:55 ` Gerd Hoffmann
2016-06-24 23:12 ` Michael S. Tsirkin
2016-06-29 16:42 ` Dr. David Alan Gilbert
2016-06-30 6:10 ` Gerd Hoffmann
2016-06-30 10:59 ` Dr. David Alan Gilbert
2016-06-30 16:14 ` Gerd Hoffmann
2016-06-30 17:12 ` Dr. David Alan Gilbert
2016-07-01 19:03 ` Dr. David Alan Gilbert
2016-06-22 22:40 ` Michael S. Tsirkin
2016-06-22 23:15 ` Andrea Arcangeli
2016-06-19 3:36 ` [Qemu-devel] [PATCH 4/5] x86: Allow physical address bits to be set Michael S. Tsirkin
2016-06-20 7:04 ` Paolo Bonzini
2016-06-17 14:24 ` Marcel Apfelbaum
2016-06-16 17:12 ` [Qemu-devel] [PATCH 5/5] x86: Set physical address bits based on host Dr. David Alan Gilbert (git)
2016-06-17 7:25 ` Igor Mammedov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160622150200.GM30202@redhat.com \
--to=aarcange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=marcel@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.