From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xen.org
Cc: andre.przywara@arm.com, Julien Grall <julien.grall@arm.com>,
sstabellini@kernel.org, punit.agrawal@arm.com
Subject: [PATCH 3/3] xen/arm: p2m: Perform local TLB invalidation on vCPU migration
Date: Wed, 8 Mar 2017 18:06:02 +0000 [thread overview]
Message-ID: <20170308180602.24430-4-julien.grall@arm.com> (raw)
In-Reply-To: <20170308180602.24430-1-julien.grall@arm.com>
The ARM architecture allows an OS to have per-CPU page tables, as it
guarantees that TLBs never migrate from one CPU to another.
This works fine until this is done in a guest. Consider the following
scenario:
- vcpu-0 maps P to V
- vpcu-1 maps P' to V
If run on the same physical CPU, vcpu-1 can hit in TLBs generated by
vcpu-0 accesses, and access the wrong physical page.
The solution to this is to keep a per-p2m map of which vCPU ran the last
on each given pCPU and invalidate local TLBs if two vPCUs from the same
VM run on the same CPU.
Unfortunately it is not possible to allocate per-cpu variable on the
fly. So for now the size of the array is NR_CPUS, this is fine because
we still have space in the structure domain. We may want to add an
helper to allocate per-cpu variable in the future.
Signed-off-by: Julien Grall <julien.grall@arm.com>
---
This patch is a candidate for backport to Xen 4.8, 4.7 and 4.6.
---
xen/arch/arm/p2m.c | 24 ++++++++++++++++++++++++
xen/include/asm-arm/p2m.h | 3 +++
2 files changed, 27 insertions(+)
diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
index 1fc6ca3bb2..626376090d 100644
--- a/xen/arch/arm/p2m.c
+++ b/xen/arch/arm/p2m.c
@@ -130,6 +130,7 @@ void p2m_restore_state(struct vcpu *n)
{
register_t hcr;
struct p2m_domain *p2m = &n->domain->arch.p2m;
+ uint8_t *last_vcpu_ran;
if ( is_idle_vcpu(n) )
return;
@@ -149,6 +150,17 @@ void p2m_restore_state(struct vcpu *n)
WRITE_SYSREG(hcr, HCR_EL2);
isb();
+
+ last_vcpu_ran = &p2m->last_vcpu_ran[smp_processor_id()];
+
+ /*
+ * Flush local TLB for the domain to prevent wrong TLB translation
+ * when running multiple vCPU of the same domain on a single pCPU.
+ */
+ if ( *last_vcpu_ran != INVALID_VCPU_ID && *last_vcpu_ran != n->vcpu_id )
+ flush_tlb_local();
+
+ *last_vcpu_ran = n->vcpu_id;
}
static void p2m_flush_tlb(struct p2m_domain *p2m)
@@ -1247,6 +1259,7 @@ int p2m_init(struct domain *d)
{
struct p2m_domain *p2m = &d->arch.p2m;
int rc = 0;
+ unsigned int cpu;
rwlock_init(&p2m->lock);
INIT_PAGE_LIST_HEAD(&p2m->pages);
@@ -1275,6 +1288,17 @@ int p2m_init(struct domain *d)
rc = p2m_alloc_table(d);
+ /*
+ * Make sure that the type chosen to is able to store the an vCPU ID
+ * between 0 and the maximum of virtual CPUS supported as long as
+ * the INVALID_VCPU_ID.
+ */
+ BUILD_BUG_ON((1 << (sizeof(p2m->last_vcpu_ran[0]) * 8)) < MAX_VIRT_CPUS);
+ BUILD_BUG_ON((1 << (sizeof(p2m->last_vcpu_ran[0])* 8)) < INVALID_VCPU_ID);
+
+ for_each_possible_cpu(cpu)
+ p2m->last_vcpu_ran[cpu] = INVALID_VCPU_ID;
+
return rc;
}
diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h
index 0899523084..18c57f936e 100644
--- a/xen/include/asm-arm/p2m.h
+++ b/xen/include/asm-arm/p2m.h
@@ -96,6 +96,9 @@ struct p2m_domain {
/* back pointer to domain */
struct domain *domain;
+
+ /* Keeping track on which CPU this p2m was used and for which vCPU */
+ uint8_t last_vcpu_ran[NR_CPUS];
};
/*
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-03-08 18:06 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-08 18:05 [PATCH 0/3] xen/arm: p2m: Perform local invalidation on vCPU migration Julien Grall
2017-03-08 18:06 ` [PATCH 1/3] xen/arm: hvm_domain does not need to be cacheline aligned Julien Grall
2017-03-08 18:30 ` Stefano Stabellini
2017-03-08 18:06 ` [PATCH 2/3] xen/arm: Introduce INVALID_VCPU_ID Julien Grall
2017-03-08 18:31 ` Stefano Stabellini
2017-03-08 18:06 ` Julien Grall [this message]
2017-03-08 18:58 ` [PATCH 3/3] xen/arm: p2m: Perform local TLB invalidation on vCPU migration Stefano Stabellini
2017-03-08 19:27 ` Julien Grall
2017-03-08 19:48 ` Stefano Stabellini
2017-03-08 21:37 ` Julien Grall
2017-03-14 22:39 ` Stefano Stabellini
2017-03-14 23:23 ` Julien Grall
2017-03-14 23:29 ` Stefano Stabellini
2017-03-08 21:37 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170308180602.24430-4-julien.grall@arm.com \
--to=julien.grall@arm.com \
--cc=andre.przywara@arm.com \
--cc=punit.agrawal@arm.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).