From: "Li, Liang Z" <liang.z.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"kirill.shutemov@linux.intel.com"
<kirill.shutemov@linux.intel.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"guangrong.xiao@linux.intel.com" <guangrong.xiao@linux.intel.com>,
"rkrcmar@redhat.com" <rkrcmar@redhat.com>,
"Neiger, Gil" <gil.neiger@intel.com>,
"Lai, Paul C" <paul.c.lai@intel.com>
Subject: RE: [PATCH RFC 0/4] 5-level EPT
Date: Tue, 17 Jan 2017 02:18:36 +0000 [thread overview]
Message-ID: <F2CBF3009FA73547804AE4C663CAB28E3C35386E@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <9ddf602b-6c8b-8c1e-ab46-07ed12366593@redhat.com>
> On 29/12/2016 10:25, Liang Li wrote:
> > x86-64 is currently limited physical address width to 46 bits, which
> > can support 64 TiB of memory. Some vendors require to support more for
> > some use case. Intel plans to extend the physical address width to
> > 52 bits in some of the future products.
> >
> > The current EPT implementation only supports 4 level page table, which
> > can support maximum 48 bits physical address width, so it's needed to
> > extend the EPT to 5 level to support 52 bits physical address width.
> >
> > This patchset has been tested in the SIMICS environment for 5 level
> > paging guest, which was patched with Kirill's patchset for enabling
> > 5 level page table, with both the EPT and shadow page support. I just
> > covered the booting process, the guest can boot successfully.
> >
> > Some parts of this patchset can be improved. Any comments on the
> > design or the patches would be appreciated.
>
> I will review the patches. They seem fairly straightforward.
>
> However, I am worried about the design of the 5-level page table feature
> with respect to migration.
>
> Processors that support the new LA57 mode can write 57-canonical/48-
> noncanonical linear addresses to some registers even when LA57 mode is
> inactive. This is true even of unprivileged instructions, in particular
> WRFSBASE/WRGSBASE.
>
> This is fairly bad because, if a guest performs such a write (because of a bug
> or because of malice), it will not be possible to migrate the virtual machine to
> a machine that lacks LA57 mode.
>
> Ordinarily, hypervisors trap CPUID to hide features that are only present in
> some processors of a heterogeneous cluster, and the hypervisor also traps
> for example CR4 writes to prevent enabling features that were masked away.
> In this case, however, the only way for the hypervisor to prevent the write
> would be to run the guest with
> CR4.FSGSBASE=0 and trap all executions of WRFSBASE/WRGSBASE. This
> might have negative effects on performance for workloads that use the
> instructions.
>
> Of course, this is a problem even without your patches. However, I think it
> should be addressed first. I am seriously thinking of blacklisting FSGSBASE
> completely on LA57 machines until the above is fixed in hardware.
>
> Paolo
The issue has already been forwarded to the hardware guys, still waiting for the feedback.
Thanks!
Liang
next prev parent reply other threads:[~2017-01-17 2:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-29 9:25 [PATCH RFC 0/4] 5-level EPT Liang Li
2016-12-29 9:26 ` [PATCH RFC 1/4] x86: Add the new CPUID and CR4 bits for 5 level page table Liang Li
2016-12-29 9:26 ` [PATCH RFC 2/4] KVM: MMU: Rename PT64_ROOT_LEVEL to PT64_ROOT_4LEVEL Liang Li
2017-03-09 14:39 ` Paolo Bonzini
2016-12-29 9:26 ` [PATCH RFC 3/4] KVM: MMU: Add 5 level EPT & Shadow page table support Liang Li
2017-03-09 15:12 ` Paolo Bonzini
2016-12-29 9:26 ` [PATCH RFC 4/4] VMX: Expose the LA57 feature to VM Liang Li
2017-03-09 15:16 ` Paolo Bonzini
2016-12-29 20:38 ` [PATCH RFC 0/4] 5-level EPT Valdis.Kletnieks
2016-12-30 1:26 ` Li, Liang Z
2017-01-02 10:18 ` Paolo Bonzini
2017-01-17 2:18 ` Li, Liang Z [this message]
2017-03-09 14:16 ` Paolo Bonzini
2017-03-10 8:00 ` Yu Zhang
2017-01-05 13:26 ` Kirill A. Shutemov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F2CBF3009FA73547804AE4C663CAB28E3C35386E@shsmsx102.ccr.corp.intel.com \
--to=liang.z.li@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=gil.neiger@intel.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=paul.c.lai@intel.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).