From: Sean Christopherson <seanjc@google.com>
To: Robert Hoo <robert.hu@linux.intel.com>
Cc: pbonzini@redhat.com, vkuznets@redhat.com, wanpengli@tencent.com,
jmattson@google.com, joro@8bytes.org, kvm@vger.kernel.org,
yu.c.zhang@linux.intel.com
Subject: Re: [PATCH v1 3/5] KVM: x86: nVMX: VMCS12 field's read/write respects field existence bitmap
Date: Wed, 18 Aug 2021 23:10:55 +0000 [thread overview]
Message-ID: <YR2Tf9WPNEzrE7Xg@google.com> (raw)
In-Reply-To: <b2bf00a6a8f3f88555bebf65b35579968ea45e2a.camel@linux.intel.com>
On Wed, Aug 18, 2021, Robert Hoo wrote:
> > Limiting this to VMREAD/VMWRITE means we shouldn't need a bitmap and
> > can use a more static lookup, e.g. a switch statement.
> Emm, hard for me to choose:
>
> Your approach sounds more efficient for CPU: Once VMX MSR's updated, no
> bother to update the bitmap. Each field's existence check will directly
> consult related VMX MSR. Well, the switch statement will be long...
How long? Honest question, off the top of my head I don't have a feel for how
many fields conditionally exist.
> My this implementation: once VMX MSR's updated, the update needs to be
> passed to bitmap, this is 1 extra step comparing to aforementioned
> above. But, later, when query field existence, especially the those
> consulting vm{entry,exit}_ctrl, they usually would have to consult both
> MSRs if otherwise no bitmap, and we cannot guarantee if in the future
> there's no more complicated dependencies. If using bitmap, this consult
> is just 1-bit reading. If no bitmap, several MSR's read and compare
> happen.
Yes, but the bitmap is per-VM and likely may or may not be cache-hot for back-to-back
VMREAD/VMWRITE to different fields, whereas the shadow controls are much more likely
to reside somewhere in the caches.
> And, VMX MSR --> bitmap, usually happens only once when vCPU model is
> settled. But VMRead/VMWrite might happen frequently, depends on guest
> itself. I'd rather leave complicated comparison in former than in
> later.
I'm not terribly concerned about the runtime performance, it's the extra per-VM
allocation for something that's not thaaat interesting that I don't like.
And for performance, most of the frequently accessed VMCS fields will be shadowed
anyways, i.e. won't VM-Exit in the first place.
And that brings up another wrinkle. The shadow VMCS bitmaps are global across
all VMs, e.g. if the preemption timer is supported in hardware but hidden from
L1, then a misbehaving L1 can VMREAD/VMWRITE the field even with this patch.
If it was just the preemption timer we could consider disabling shadow VMCS for
the VM ifthe timer exists but is hidden from L1, but GUEST_PML_INDEX and
GUEST_INTR_STATUS are also conditional :-(
Maybe there's a middle ground, e.g. let userspace tell KVM which fields it plans
on exposing to L1, use that to build the bitmaps, and disable shadow VMCS if
userspace creates VMs that don't match the specified configuration. Burning
three more pages per VM isn't very enticing...
This is quite the complicated mess for something I'm guessing no one actually
cares about. At what point do we chalk this up as a virtualization hole and
sweep it under the rug?
next prev parent reply other threads:[~2021-08-18 23:11 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-17 9:31 [PATCH v1 0/5] KVM/x86/nVMX: Add field existence support in VMCS12 Robert Hoo
2021-08-17 9:31 ` [PATCH v1 1/5] KVM: x86: nVMX: Add vmcs12 field existence bitmap in nested_vmx Robert Hoo
2021-10-20 15:10 ` Paolo Bonzini
2021-10-21 12:41 ` Robert Hoo
2021-08-17 9:31 ` [PATCH v1 2/5] KVM: x86: nVMX: Update VMCS12 fields existence when nVMX MSRs are set Robert Hoo
2021-10-20 15:11 ` Paolo Bonzini
2021-10-21 13:08 ` Robert Hoo
2021-08-17 9:31 ` [PATCH v1 3/5] KVM: x86: nVMX: VMCS12 field's read/write respects field existence bitmap Robert Hoo
2021-08-17 15:54 ` Sean Christopherson
2021-08-18 5:50 ` Robert Hoo
2021-08-18 23:10 ` Sean Christopherson [this message]
2021-08-18 23:45 ` Jim Mattson
2021-08-18 23:49 ` Sean Christopherson
2021-08-19 9:58 ` Robert Hoo
2021-09-01 20:42 ` Sean Christopherson
2021-09-03 8:51 ` Robert Hoo
2021-09-03 15:11 ` Sean Christopherson
2021-09-28 10:05 ` Robert Hoo
2021-10-05 16:15 ` Sean Christopherson
2021-10-05 17:32 ` Jim Mattson
2021-10-05 17:59 ` Sean Christopherson
2021-10-05 20:42 ` Jim Mattson
2021-10-05 20:50 ` Sean Christopherson
2021-10-05 22:40 ` Jim Mattson
2021-10-05 23:22 ` Sean Christopherson
2021-10-08 8:23 ` Yu Zhang
2021-10-08 15:09 ` Robert Hoo
2021-10-08 23:49 ` Jim Mattson
2021-10-09 0:05 ` Robert Hoo
2021-10-29 19:53 ` Jim Mattson
2021-11-03 1:31 ` Robert Hoo
2021-11-09 22:33 ` Sean Christopherson
2021-11-10 5:35 ` Yu Zhang
2021-11-18 1:19 ` Sean Christopherson
2021-11-19 7:32 ` Robert Hoo
2021-08-17 9:31 ` [PATCH v1 4/5] KVM: x86: nVMX: Respect vmcs12 field existence when calc vmx_vmcs_enum_msr Robert Hoo
2021-08-17 9:31 ` [PATCH v1 5/5] KVM: x86: nVMX: Ignore user space set value to MSR_IA32_VMX_VMCS_ENUM Robert Hoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YR2Tf9WPNEzrE7Xg@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=robert.hu@linux.intel.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=yu.c.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).