From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B438BC433B4 for ; Thu, 22 Apr 2021 15:05:35 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 474076141C for ; Thu, 22 Apr 2021 15:05:35 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 474076141C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xen.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.115596.220575 (Exim 4.92) (envelope-from ) id 1lZatJ-0007qy-6i; Thu, 22 Apr 2021 15:05:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 115596.220575; Thu, 22 Apr 2021 15:05:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lZatJ-0007qr-20; Thu, 22 Apr 2021 15:05:17 +0000 Received: by outflank-mailman (input) for mailman id 115596; Thu, 22 Apr 2021 15:05:15 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lZatH-0007qm-5H for xen-devel@lists.xenproject.org; Thu, 22 Apr 2021 15:05:15 +0000 Received: from deinos.phlegethon.org (unknown [2001:41d0:8:b1d7::1]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 5fcaf03d-0caf-4e67-bdfe-fe0f52915640; Thu, 22 Apr 2021 15:05:13 +0000 (UTC) Received: from tjd by deinos.phlegethon.org with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1lZatB-0000HF-66; Thu, 22 Apr 2021 15:05:09 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5fcaf03d-0caf-4e67-bdfe-fe0f52915640 Date: Thu, 22 Apr 2021 16:05:09 +0100 From: Tim Deegan To: Jan Beulich Cc: "xen-devel@lists.xenproject.org" , Andrew Cooper , Wei Liu , Roger Pau =?iso-8859-1?Q?Monn=E9?= , George Dunlap , Kevin Tian , Jun Nakajima Subject: Re: [PATCH v4] VMX: use a single, global APIC access page Message-ID: References: <4731a3a3-906a-98ac-11ba-6a0723903391@suse.com> <1c489e77-6e65-6121-6c28-3c4bd377223c@suse.com> <9a00493c-319f-58c6-853c-382dd7a95561@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <9a00493c-319f-58c6-853c-382dd7a95561@suse.com> X-SA-Known-Good: Yes X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tim@xen.org X-SA-Exim-Scanned: No (on deinos.phlegethon.org); SAEximRunCond expanded to false At 11:38 +0200 on 22 Apr (1619091522), Jan Beulich wrote: > On 22.04.2021 09:42, Tim Deegan wrote: > > At 13:25 +0200 on 19 Apr (1618838726), Jan Beulich wrote: > >> On 17.04.2021 21:24, Tim Deegan wrote: > >>> At 12:40 +0200 on 12 Apr (1618231248), Jan Beulich wrote: > >>>> --- a/xen/arch/x86/mm/shadow/set.c > >>>> +++ b/xen/arch/x86/mm/shadow/set.c > >>>> @@ -94,6 +94,22 @@ shadow_get_page_from_l1e(shadow_l1e_t sl > >>>> ASSERT(!sh_l1e_is_magic(sl1e)); > >>>> ASSERT(shadow_mode_refcounts(d)); > >>>> > >>>> + /* > >>>> + * VMX'es APIC access MFN is just a surrogate page. It doesn't actually > >>>> + * get accessed, and hence there's no need to refcount it (and refcounting > >>>> + * would fail, due to the page having no owner). > >>>> + */ > >>>> + if ( mfn_valid(mfn = shadow_l1e_get_mfn(sl1e)) ) > >>> > >>> Would it be better to check specifically for mfn == apic_access_mfn > >>> (and apic_access_mfn != 0, I guess)? > >> > >> Roger did ask about the same - I neither want to expose apic_access_mfn > >> outside its CU, nor do I want to introduce an accessor function. Both > >> feel like layering violations to me. > > > > I think that this is even more of a layering violation: what we > > actually want is to allow un-refcounted mappings of the > > apic_access_mfn, but to do it we're relying on an internal > > implementation detail (that it happens to be un-owned and PGC_extra) > > rather than giving ourselves an API. > > > > And so we're tangled up talking about how to write comments to warn > > our future selves about the possible side-effects. > > > >>> If we want this behaviour for > >>> for all un-owned PGC_extra MFNs it would be good to explain that in the > >>> comments. > >> > >> This is hard to tell without knowing which (or even if) further such > >> PGC_extra pages will appear. Hence any comment to that effect would be > >> guesswork at best. Of course I can add e.g. "Other pages with the same > >> properties would be treated the same", if that's what you're after? > > > > If you want to go this way there should be a comment here saying that > > we're allowing this for all PGC_extra pages because we need it for > > apic_access_mfn, and a comment at PGC_extra saying that it has this > > effect. > > So (along with a comment to this effect) how about I make > page_suppress_refcounting() and page_refcounting_suppressed() helpers? > The former would set PGC_extra on the page and assert the page has no > owner, while the latter would subsume the checks done here. That sounds good to me. > The only > question then is what to do with the ASSERT(type == p2m_mmio_direct): > That's still a property of the APIC access MFN which may or may not > hold for future such pages. (It can't be part of the new helper anyway > as "put" doesn't have the type available.) I think we might drop that assertion, since the new mehanism would be more general. Cheers, Tim.