From: Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
To: Jan Kiszka <jan.kiszka-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: High vm-exit latencies during kvm boot-up/shutdown
Date: Tue, 23 Oct 2007 17:26:08 +0200 [thread overview]
Message-ID: <471E1290.2000208@qumranet.com> (raw)
In-Reply-To: <471E0818.6060405-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
Jan Kiszka wrote:
> Avi Kivity wrote:
>
>> Jan Kiszka wrote:
>>
>>> Avi,
>>>
>>> [somehow your mails do not get through to my private account, so I'm
>>> switching]
>>>
>>> Avi Kivity wrote:
>>>
>>>
>>>> Jan Kiszka wrote:
>>>>
>>>>
>>>>> Clarification: I can't precisely tell what code is executed in VM mode,
>>>>> as I don't have qemu or that guest instrumented. I just see the kernel
>>>>> entering VM mode and leaving it again more than 300 us later. So I
>>>>> wonder why this is allowed while some external IRQ is pending.
>>>>>
>>>>>
>>>>>
>>>>>
>>>> How do you know an external interrupt is pending?
>>>>
>>>>
>>> It's the host timer IRQ, programmed to fire in certain intervals (100 us
>>> here). Test case is some latency measurement tool like tglx's cyclictest
>>> or similar programs we use in Xenomai.
>>>
>>>
>>>
>>>> kvm programs the hardware to exit when an external interrupt arrives.
>>>>
>>>>
>>>>
>>> Here is a latency trace I just managed to capture over 2.6.23.1-rt1 with
>>> latest kvm from git hacked into (kvm generally seems to work fine this way):
>>>
>>> ...
>>> qemu-sys-7543 0...1 13897us : vmcs_write16+0xb/0x20 (vmx_save_host_state+0x1a7/0x1c0)
>>> qemu-sys-7543 0...1 13897us : vmcs_writel+0xb/0x30 (vmcs_write16+0x1e/0x20)
>>> qemu-sys-7543 0...1 13898us : segment_base+0xc/0x70 (vmx_save_host_state+0xa0/0x1c0)
>>> qemu-sys-7543 0...1 13898us : vmcs_writel+0xb/0x30 (vmx_save_host_state+0xb0/0x1c0)
>>> qemu-sys-7543 0...1 13898us : segment_base+0xc/0x70 (vmx_save_host_state+0xbf/0x1c0)
>>> qemu-sys-7543 0...1 13898us : vmcs_writel+0xb/0x30 (vmx_save_host_state+0xcf/0x1c0)
>>> qemu-sys-7543 0...1 13898us : load_msrs+0xb/0x40 (vmx_save_host_state+0xe7/0x1c0)
>>> qemu-sys-7543 0...1 13898us : kvm_load_guest_fpu+0x8/0x40 (kvm_vcpu_ioctl_run+0xbf/0x570)
>>> qemu-sys-7543 0D..1 13899us : vmx_vcpu_run+0xc/0x110 (kvm_vcpu_ioctl_run+0x120/0x570)
>>> qemu-sys-7543 0D..1 13899us!: vmcs_writel+0xb/0x30 (vmx_vcpu_run+0x22/0x110)
>>> qemu-sys-7543 0D..1 14344us : vmcs_read32+0xb/0x20 (vmx_vcpu_run+0xc7/0x110)
>>> qemu-sys-7543 0D..1 14345us : vmcs_readl+0x8/0x10 (vmcs_read32+0x16/0x20)
>>> qemu-sys-7543 0D..1 14345us : vmcs_read32+0xb/0x20 (vmx_vcpu_run+0xf4/0x110)
>>> qemu-sys-7543 0D..1 14345us+: vmcs_readl+0x8/0x10 (vmcs_read32+0x16/0x20)
>>> qemu-sys-7543 0D..1 14349us : irq_enter+0xb/0x30 (do_IRQ+0x45/0xc0)
>>> qemu-sys-7543 0D.h1 14350us : do_IRQ+0x73/0xc0 (f8caae24 0 0)
>>> qemu-sys-7543 0D.h1 14351us : handle_level_irq+0xe/0x120 (do_IRQ+0x7d/0xc0)
>>> qemu-sys-7543 0D.h1 14351us : __spin_lock+0xc/0x30 (handle_level_irq+0x24/0x120)
>>> qemu-sys-7543 0D.h2 14352us : mask_and_ack_8259A+0x14/0x120 (handle_level_irq+0x37/0x120)
>>> qemu-sys-7543 0D.h2 14352us+: __spin_lock_irqsave+0x11/0x60 (mask_and_ack_8259A+0x2a/0x120)
>>> qemu-sys-7543 0D.h3 14357us : __spin_unlock_irqrestore+0xc/0x60 (mask_and_ack_8259A+0x7a/0x120)
>>> qemu-sys-7543 0D.h2 14358us : redirect_hardirq+0x8/0x70 (handle_level_irq+0x72/0x120)
>>> qemu-sys-7543 0D.h2 14358us : __spin_unlock+0xb/0x40 (handle_level_irq+0x8e/0x120)
>>> qemu-sys-7543 0D.h1 14358us : handle_IRQ_event+0xe/0x110 (handle_level_irq+0x9a/0x120)
>>> qemu-sys-7543 0D.h1 14359us : timer_interrupt+0xb/0x60 (handle_IRQ_event+0x67/0x110)
>>> qemu-sys-7543 0D.h1 14359us : hrtimer_interrupt+0xe/0x1f0 (timer_interrupt+0x20/0x60)
>>> ...
>>>
>>> One can see 345 us latency between vm-enter and vm-exit in vmx_vcpu_run -
>>> and this while cyclictest runs at a period of 100 us!
>>>
>>> I got the same results over Adeos/I-pipe & Xenomai with the function
>>> tracer there, also pointing to the period while the CPU is in VM mode.
>>>
>>> Anyone any ideas? Greg, I put you on CC as you said you once saw "decent
>>> latencies" with your patches. Are there still magic bits missing in
>>> official kvm?
>>>
>>>
>> No bits missing as far as I know. It should just work.
>>
>> Can you explain some more about the latenct tracer? How does it work?
>>
>
> Ah, sorry: The latency tracers in both -rt and I-pipe use gcc's -pg to
> put a call to a function called mcount at the beginning of each compiled
> function. mcount is provided by the tracers and stores the caller
> address, its parent, the current time, and more in a log. An API is
> provided to start and stop the trace, e.g. after someone (kernel or user
> space) detected large wakeup latencies.
>
>
Ok. So it is not interrupt driven, and that's how you get traces in
functions that run with interrupts disabled.
>> Seeing vmx_vcpu_run() in there confuses me, as it always runs with
>> interrupts disabled (it does dispatch NMIs, so we could be seeing an NMI).
>>
>
> The point is that the cyclictest does not find large latencies when kvm
> is not happening to start or stop right now. And if you are thinking
> about NMIs triggered by the kvm code on vm-exit: I also instrumented
> that code path, and it is not taken in case of the long delay.
>
>
Right. With your explanation it all makes sense, and indeed it looks
like the guest is not exiting.
>> Please post a disassembly of your vmx_vcpu_run so we can interpret the
>> offsets.
>>
>
> Here it comes:
>
> 00002df0 <vmx_vcpu_run>:
> 2df0: 55 push %ebp
> 2df1: 89 e5 mov %esp,%ebp
> 2df3: 53 push %ebx
> 2df4: 83 ec 08 sub $0x8,%esp
> 2df7: e8 fc ff ff ff call 2df8 <vmx_vcpu_run+0x8>
> 2dfc: 8b 5d 08 mov 0x8(%ebp),%ebx
> 2dff: 0f 20 c0 mov %cr0,%eax
> 2e02: 89 44 24 04 mov %eax,0x4(%esp)
> 2e06: c7 04 24 00 6c 00 00 movl $0x6c00,(%esp)
> 2e0d: e8 be d8 ff ff call 6d0 <vmcs_writel>
>
first trace
> 2e12: 8b 83 80 0d 00 00 mov 0xd80(%ebx),%eax
> 2e18: ba 14 6c 00 00 mov $0x6c14,%edx
> 2e1d: 89 d9 mov %ebx,%ecx
> 2e1f: 60 pusha
> 2e20: 51 push %ecx
> 2e21: 0f 79 d4 vmwrite %esp,%edx
> 2e24: 83 f8 00 cmp $0x0,%eax
> 2e27: 8b 81 78 01 00 00 mov 0x178(%ecx),%eax
> 2e2d: 0f 22 d0 mov %eax,%cr2
> 2e30: 8b 81 50 01 00 00 mov 0x150(%ecx),%eax
> 2e36: 8b 99 5c 01 00 00 mov 0x15c(%ecx),%ebx
> 2e3c: 8b 91 58 01 00 00 mov 0x158(%ecx),%edx
> 2e42: 8b b1 68 01 00 00 mov 0x168(%ecx),%esi
> 2e48: 8b b9 6c 01 00 00 mov 0x16c(%ecx),%edi
> 2e4e: 8b a9 64 01 00 00 mov 0x164(%ecx),%ebp
> 2e54: 8b 89 54 01 00 00 mov 0x154(%ecx),%ecx
> 2e5a: 75 05 jne 2e61 <vmx_vcpu_run+0x71>
> 2e5c: 0f 01 c2 vmlaunch
> 2e5f: eb 03 jmp 2e64 <vmx_vcpu_run+0x74>
> 2e61: 0f 01 c3 vmresume
> 2e64: 87 0c 24 xchg %ecx,(%esp)
> 2e67: 89 81 50 01 00 00 mov %eax,0x150(%ecx)
> 2e6d: 89 99 5c 01 00 00 mov %ebx,0x15c(%ecx)
> 2e73: ff 34 24 pushl (%esp)
> 2e76: 8f 81 54 01 00 00 popl 0x154(%ecx)
> 2e7c: 89 91 58 01 00 00 mov %edx,0x158(%ecx)
> 2e82: 89 b1 68 01 00 00 mov %esi,0x168(%ecx)
> 2e88: 89 b9 6c 01 00 00 mov %edi,0x16c(%ecx)
> 2e8e: 89 a9 64 01 00 00 mov %ebp,0x164(%ecx)
> 2e94: 0f 20 d0 mov %cr2,%eax
> 2e97: 89 81 78 01 00 00 mov %eax,0x178(%ecx)
> 2e9d: 8b 0c 24 mov (%esp),%ecx
> 2ea0: 59 pop %ecx
> 2ea1: 61 popa
> 2ea2: 0f 96 c0 setbe %al
> 2ea5: 88 83 84 0d 00 00 mov %al,0xd84(%ebx)
> 2eab: c7 04 24 24 48 00 00 movl $0x4824,(%esp)
> 2eb2: e8 49 d2 ff ff call 100 <vmcs_read32>
>
second trace
> 2eb7: a8 03 test $0x3,%al
> 2eb9: 0f 94 c0 sete %al
> 2ebc: 0f b6 c0 movzbl %al,%eax
> 2ebf: 89 83 28 01 00 00 mov %eax,0x128(%ebx)
> 2ec5: b8 7b 00 00 00 mov $0x7b,%eax
> 2eca: 8e d8 mov %eax,%ds
> 2ecc: 8e c0 mov %eax,%es
> 2ece: c7 83 80 0d 00 00 01 movl $0x1,0xd80(%ebx)
> 2ed5: 00 00 00
> 2ed8: c7 04 24 04 44 00 00 movl $0x4404,(%esp)
> 2edf: e8 1c d2 ff ff call 100 <vmcs_read32>
> 2ee4: 25 00 07 00 00 and $0x700,%eax
> 2ee9: 3d 00 02 00 00 cmp $0x200,%eax
> 2eee: 75 02 jne 2ef2 <vmx_vcpu_run+0x102>
> 2ef0: cd 02 int $0x2
> 2ef2: 83 c4 08 add $0x8,%esp
> 2ef5: 5b pop %ebx
> 2ef6: 5d pop %ebp
> 2ef7: c3 ret
> 2ef8: 90 nop
> 2ef9: 8d b4 26 00 00 00 00 lea 0x0(%esi),%esi
>
> Note that the first, unresolved call here goes to mcount().
>
>
(the -r option to objdump is handy)
Exiting on a pending interrupt is controlled by the vmcs word
PIN_BASED_EXEC_CONTROL, bit PIN_BASED_EXT_INTR_MASK. Can you check (via
vmcs_read32()) that the bit is indeed set?
[if not, a guest can just enter a busy loop and kill a processor]
--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
next prev parent reply other threads:[~2007-10-23 15:26 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-22 23:09 High vm-exit latencies during kvm boot-up/shutdown Jan Kiszka
[not found] ` <471D2D8C.1080202-S0/GAf8tV78@public.gmane.org>
2007-10-23 1:05 ` Dong, Eddie
[not found] ` <10EA09EFD8728347A513008B6B0DA77A02441127-wq7ZOvIWXbNpB2pF5aRoyrfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2007-10-23 6:38 ` Jan Kiszka
[not found] ` <471D96DC.7070809-S0/GAf8tV78@public.gmane.org>
2007-10-23 7:46 ` Dong, Eddie
[not found] ` <10EA09EFD8728347A513008B6B0DA77A024414D9-wq7ZOvIWXbNpB2pF5aRoyrfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2007-10-23 9:08 ` Jan Kiszka
[not found] ` <471DBA1A.2080108-S0/GAf8tV78@public.gmane.org>
2007-10-23 9:46 ` Avi Kivity
[not found] ` <471DC311.2050003-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-23 13:30 ` Jan Kiszka
[not found] ` <471DF76B.7040001-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-23 14:19 ` Avi Kivity
[not found] ` <471E02F7.6080408-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-23 14:41 ` Jan Kiszka
[not found] ` <471E0818.6060405-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-23 14:44 ` Jan Kiszka
2007-10-23 15:26 ` Avi Kivity [this message]
[not found] ` <471E1290.2000208-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-23 15:59 ` Jan Kiszka
[not found] ` <471E1A77.90808-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-23 16:14 ` Avi Kivity
[not found] ` <471E1DCD.5040301-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-23 16:31 ` Jan Kiszka
[not found] ` <471E21D7.3000309-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-23 16:38 ` Avi Kivity
[not found] ` <471E238E.6040005-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-23 16:56 ` Jan Kiszka
[not found] ` <471E27B0.1090001-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-23 17:05 ` Avi Kivity
[not found] ` <471E29C5.1060807-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-24 8:37 ` Jan Kiszka
[not found] ` <471F0464.4000704-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-24 8:52 ` Avi Kivity
[not found] ` <471F07C0.8040104-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-24 9:16 ` Jan Kiszka
[not found] ` <471F0D57.3020209-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-24 9:33 ` Avi Kivity
[not found] ` <471F116D.9080903-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-24 16:22 ` Jan Kiszka
[not found] ` <471F7143.8040406-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-24 16:52 ` Avi Kivity
[not found] ` <471F7865.7070506-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-25 17:50 ` Jan Kiszka
[not found] ` <4720D76D.7070300-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-25 18:02 ` Avi Kivity
[not found] ` <4720DA42.6090300-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-26 1:41 ` Dong, Eddie
[not found] ` <10EA09EFD8728347A513008B6B0DA77A02482827-wq7ZOvIWXbNpB2pF5aRoyrfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2007-10-26 8:20 ` Avi Kivity
[not found] ` <4721A350.7030409-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-26 8:32 ` Dong, Eddie
[not found] ` <10EA09EFD8728347A513008B6B0DA77A02482B96-wq7ZOvIWXbNpB2pF5aRoyrfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2007-10-26 9:03 ` Jan Kiszka
[not found] ` <4721AD49.7010405-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
2007-10-26 9:18 ` Dong, Eddie
[not found] ` <10EA09EFD8728347A513008B6B0DA77A02482BE4-wq7ZOvIWXbNpB2pF5aRoyrfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2007-10-26 9:37 ` Dor Laor
2007-10-26 12:21 ` Avi Kivity
[not found] ` <4721DBE4.6040801-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-29 8:32 ` Dong, Eddie
2007-10-26 9:25 ` Avi Kivity
2007-10-26 9:18 ` Avi Kivity
[not found] ` <4721B0FD.9020006-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-10-26 9:36 ` Dong, Eddie
[not found] ` <10EA09EFD8728347A513008B6B0DA77A02482BFE-wq7ZOvIWXbNpB2pF5aRoyrfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2007-10-26 9:58 ` Avi Kivity
2007-10-23 14:43 ` Gregory Haskins
[not found] ` <1193150619.8343.21.camel-5CR4LY5GPkvLDviKLk5550HKjMygAv58XqFh9Ls21Oc@public.gmane.org>
2007-10-23 14:50 ` Jan Kiszka
2007-10-23 8:16 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=471E1290.2000208@qumranet.com \
--to=avi-atkuwr5tajbwk0htik3j/w@public.gmane.org \
--cc=jan.kiszka-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org \
--cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox