From: Avi Kivity <avi@redhat.com>
To: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>, kvm@vger.kernel.org
Subject: Re: cr3 OOS optimisation breaks 32-bit GNU/kFreeBSD guest
Date: Mon, 23 Feb 2009 17:16:12 +0200 [thread overview]
Message-ID: <49A2BDBC.7070804@redhat.com> (raw)
In-Reply-To: <20090223150638.GA5798@amt.cnet>
Marcelo Tosatti wrote:
> On Mon, Feb 23, 2009 at 04:59:37PM +0200, Avi Kivity wrote:
>
>> Marcelo Tosatti wrote:
>>
>>>> Thanks for your fast answer and for your help for debugging.
>>>>
>>>>
>>> If you confirm that FreeBSD is indeed relying on cr3 to sync global
>>> pages, it might be better to disable the optimization. Lets hope that is
>>> not the case.
>>>
>>>
>> cr3 writes explicitly do not flush global pages; otherwise what would be
>> the point of global pages at all?
>>
>
> From the Intel TLB doc:
>
> The processor is always free to invalidate additional entries in the TLBs
> and paging-structure caches. The following are some examples:
>
> • MOV to CR3 may invalidate TLB entries for global pages.
>
> The reasoning was if an optimization breaks an important guest which
> contains a bug that happens to not trigger on real HW due to positioning
> of the stars, it is reasonable to disable that optimization.
>
This means the OS may not rely on the TLB retaining its contents. For
example, you can't do
1. set pte to global+present
2. access through pte to load tlb entry
3. clear pte
4. switch cr3
5. access through same pte again, relying on tlb entry to service the
access
So the processor may choose to ignore the global bit on some or all tlb
entries, but software cannot assume that it does. Typically it will
honor the global bit since otherwise it's useless.
I don't think this is what is happening with FreeBSD. It may be that
spte population on invlpg is confusing the guest (though that is allowed
as a speculative read?). For example, the sequence:
1. invlpg
2. set pte to A (present+accessed)
3. set pte to B (present+accessed)
kvm behaves as if a speculative read always happens between 2 and 3,
which would be very rare on real hardware.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2009-02-23 15:16 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-23 0:33 cr3 OOS optimisation breaks 32-bit GNU/kFreeBSD guest Aurelien Jarno
2009-02-23 1:47 ` Marcelo Tosatti
2009-02-23 14:01 ` Aurelien Jarno
2009-02-23 14:52 ` Marcelo Tosatti
2009-02-23 14:59 ` Avi Kivity
2009-02-23 15:06 ` Marcelo Tosatti
2009-02-23 15:16 ` Avi Kivity [this message]
2009-03-20 23:14 ` Marcelo Tosatti
2009-03-21 8:51 ` Aurelien Jarno
2009-03-22 9:35 ` Avi Kivity
2009-03-23 17:27 ` Marcelo Tosatti
2009-03-24 9:47 ` Avi Kivity
2009-03-24 11:49 ` Marcelo Tosatti
2009-04-03 21:45 ` Marcelo Tosatti
2009-04-04 10:37 ` Avi Kivity
2009-04-04 17:01 ` Marcelo Tosatti
2009-04-05 8:41 ` Avi Kivity
2009-04-05 11:29 ` Marcelo Tosatti
2009-04-05 11:41 ` Avi Kivity
2009-04-04 23:23 ` Aurelien Jarno
2009-03-24 10:39 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49A2BDBC.7070804@redhat.com \
--to=avi@redhat.com \
--cc=aurelien@aurel32.net \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox