From: Julien Grall <julien.grall@arm.com>
To: Sergej Proskurin <proskurin@sec.in.tum.de>,
xen-devel@lists.xenproject.org
Cc: Stefano Stabellini <sstabellini@kernel.org>
Subject: Re: [PATCH v2 19/25] arm/altp2m: Add altp2m_propagate_change.
Date: Thu, 4 Aug 2016 15:50:31 +0100 [thread overview]
Message-ID: <d3d7a4e1-cc85-a67b-51fb-0f7dbbbf3a2a@arm.com> (raw)
In-Reply-To: <20160801171028.11615-20-proskurin@sec.in.tum.de>
Hello Sergej,
On 01/08/16 18:10, Sergej Proskurin wrote:
> This commit introduces the function "altp2m_propagate_change" that is
> responsible to propagate changes applied to the host's p2m to a specific
> or even all altp2m views. In this way, Xen can in-/decrease the guest's
> physmem at run-time without leaving the altp2m views with
> stalled/invalid entries.
>
> Signed-off-by: Sergej Proskurin <proskurin@sec.in.tum.de>
> ---
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> Cc: Julien Grall <julien.grall@arm.com>
> ---
> xen/arch/arm/altp2m.c | 75 ++++++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/p2m.c | 14 +++++++++
> xen/include/asm-arm/altp2m.h | 9 ++++++
> xen/include/asm-arm/p2m.h | 5 +++
> 4 files changed, 103 insertions(+)
>
> diff --git a/xen/arch/arm/altp2m.c b/xen/arch/arm/altp2m.c
> index f98fd73..f3c1cff 100644
> --- a/xen/arch/arm/altp2m.c
> +++ b/xen/arch/arm/altp2m.c
> @@ -133,6 +133,81 @@ out:
> return rc;
> }
>
> +static inline void altp2m_reset(struct p2m_domain *p2m)
> +{
> + read_lock(&p2m->lock);
Again read_lock does not protect you against concurrent access. Only
against someone else update the page table.
This should be p2m_write_lock.
> +
> + p2m_flush_table(p2m);
> + p2m_flush_tlb(p2m);
altp2m_reset may be called on a p2m used by a running vCPU. What this
code does is:
1) clearing root page table
2) free intermediate page table
3) invalidate the TLB
Until step 3, the other TLBs may contain entries pointing the
intermediate page table. But they were freed and could therefore be
re-used for another purpose. So step 2 and 3 should be inverted.
I will re-iterate same message as in the previous series. Please have a
think about the locking and memory ordering of all this series. I found
a lot of race condition and I may have miss someone. If you have a doubt
don't hesitate to ask.
> +
> + p2m->lowest_mapped_gfn = INVALID_GFN;
> + p2m->max_mapped_gfn = _gfn(0);
> +
> + read_unlock(&p2m->lock);
> +}
> +
> +void altp2m_propagate_change(struct domain *d,
> + gfn_t sgfn,
> + unsigned long nr,
> + mfn_t smfn,
> + uint32_t mask,
> + p2m_type_t p2mt,
> + p2m_access_t p2ma)
> +{
> + struct p2m_domain *p2m;
> + mfn_t m;
> + unsigned int i;
> + unsigned int reset_count = 0;
> + unsigned int last_reset_idx = ~0;
> +
> + if ( !altp2m_active(d) )
This is not safe. d->arch.altp2m_active maybe be turn off just after you
read. Maybe you want to protect it with altp2m_lock.
> + return;
> +
> + altp2m_lock(d);
> +
> + for ( i = 0; i < MAX_ALTP2M; i++ )
> + {
> + if ( d->arch.altp2m_vttbr[i] == INVALID_VTTBR )
> + continue;
> +
> + p2m = d->arch.altp2m_p2m[i];
> +
> + m = p2m_lookup_attr(p2m, sgfn, NULL, NULL, NULL, NULL);
What is the benefits to check if it already exists in the altp2m?
> +
> + /* Check for a dropped page that may impact this altp2m. */
> + if ( (mfn_eq(smfn, INVALID_MFN) || p2mt == p2m_invalid) &&
Why the check to p2mt against p2m_invalid?
> + gfn_x(sgfn) >= gfn_x(p2m->lowest_mapped_gfn) &&
> + gfn_x(sgfn) <= gfn_x(p2m->max_mapped_gfn) )
> + {
> + if ( !reset_count++ )
> + {
> + altp2m_reset(p2m);
> + last_reset_idx = i;
> + }
> + else
> + {
> + /* At least 2 altp2m's impacted, so reset everything. */
So if you remove a 4KB page in more than 2 altp2m, you will flush all
the p2m. This sounds really more time consuming (you have to free all
the intermediate page table) than removing a single 4KB page.
> + for ( i = 0; i < MAX_ALTP2M; i++ )
> + {
> + if ( i == last_reset_idx ||
> + d->arch.altp2m_vttbr[i] == INVALID_VTTBR )
> + continue;
> +
> + p2m = d->arch.altp2m_p2m[i];
> + altp2m_reset(p2m);
> + }
> + goto out;
> + }
> + }
> + else if ( !mfn_eq(m, INVALID_MFN) )
> + modify_altp2m_range(d, p2m, sgfn, nr, smfn,
> + mask, p2mt, p2ma);
I am a bit concerned about this function. We decided to limit the size
of the mapping to avoid long running memory operations (see XSA-158).
With this function you multiply up to 10 times the duration of the
operation.
Also, what is modify_altp2m_range has failed?
> + }
> +
> +out:
> + altp2m_unlock(d);
> +}
> +
> static void altp2m_vcpu_reset(struct vcpu *v)
> {
> struct altp2mvcpu *av = &vcpu_altp2m(v);
> diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
> index e0a7f38..31810e6 100644
> --- a/xen/arch/arm/p2m.c
> +++ b/xen/arch/arm/p2m.c
> @@ -992,6 +992,7 @@ static int apply_p2m_changes(struct domain *d,
> const bool_t preempt = !is_idle_vcpu(current);
> bool_t flush = false;
> bool_t flush_pt;
> + bool_t entry_written = false;
> PAGE_LIST_HEAD(free_pages);
> struct page_info *pg;
>
> @@ -1112,6 +1113,7 @@ static int apply_p2m_changes(struct domain *d,
> &addr, &maddr, &flush,
> t, a);
> if ( ret < 0 ) { rc = ret ; goto out; }
> + if ( ret ) entry_written = 1;
Please don't mix false and 1. This should be true here.
> count += ret;
>
> if ( ret != P2M_ONE_PROGRESS_NOP )
> @@ -1208,6 +1210,9 @@ out:
>
> p2m_write_unlock(p2m);
>
> + if ( rc >= 0 && entry_written && p2m_is_hostp2m(p2m) )
> + altp2m_propagate_change(d, sgfn, nr, smfn, mask, t, a);
There are operation which does not require propagation (for instance
RELINQUISH and CACHEFLUSH).
> +
> if ( rc < 0 && ( op == INSERT ) &&
> addr != start_gpaddr )
> {
> @@ -1331,6 +1336,15 @@ int modify_altp2m_entry(struct domain *d, struct p2m_domain *ap2m,
> return apply_p2m_changes(d, ap2m, INSERT, gfn, nr, mfn, 0, t, a);
> }
>
> +int modify_altp2m_range(struct domain *d, struct p2m_domain *ap2m,
> + gfn_t sgfn, unsigned long nr, mfn_t smfn,
> + uint32_t m, p2m_type_t t, p2m_access_t a)
> +{
> + ASSERT(p2m_is_altp2m(ap2m));
> +
> + return apply_p2m_changes(d, ap2m, INSERT, sgfn, nr, smfn, m, t, a);
> +}
> +
> int p2m_alloc_table(struct p2m_domain *p2m)
> {
> unsigned int i;
> diff --git a/xen/include/asm-arm/altp2m.h b/xen/include/asm-arm/altp2m.h
> index dc41f93..9aeb7d6 100644
> --- a/xen/include/asm-arm/altp2m.h
> +++ b/xen/include/asm-arm/altp2m.h
> @@ -81,4 +81,13 @@ int altp2m_set_mem_access(struct domain *d,
> p2m_access_t a,
> gfn_t gfn);
>
> +/* Propagates changes made to hostp2m to affected altp2m views. */
> +void altp2m_propagate_change(struct domain *d,
> + gfn_t sgfn,
> + unsigned long nr,
> + mfn_t smfn,
> + uint32_t mask,
> + p2m_type_t p2mt,
> + p2m_access_t p2ma);
> +
> #endif /* __ASM_ARM_ALTP2M_H */
> diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h
> index 9859ad1..59186c9 100644
> --- a/xen/include/asm-arm/p2m.h
> +++ b/xen/include/asm-arm/p2m.h
> @@ -191,6 +191,11 @@ int modify_altp2m_entry(struct domain *d, struct p2m_domain *p2m,
> paddr_t gpa, paddr_t maddr, unsigned int level,
> p2m_type_t t, p2m_access_t a);
>
> +/* Modify an altp2m view's range of entries or their attributes. */
> +int modify_altp2m_range(struct domain *d, struct p2m_domain *p2m,
> + gfn_t sgfn, unsigned long nr, mfn_t smfn,
> + uint32_t mask, p2m_type_t t, p2m_access_t a);
> +
> /* Clean & invalidate caches corresponding to a region of guest address space */
> int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr);
>
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-08-04 14:50 UTC|newest]
Thread overview: 159+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-01 17:10 [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 01/25] arm/altp2m: Add first altp2m HVMOP stubs Sergej Proskurin
2016-08-03 16:54 ` Julien Grall
2016-08-04 16:01 ` Sergej Proskurin
2016-08-04 16:04 ` Julien Grall
2016-08-04 16:22 ` Sergej Proskurin
2016-08-04 16:51 ` Julien Grall
2016-08-05 6:55 ` Sergej Proskurin
2016-08-09 19:16 ` Tamas K Lengyel
2016-08-10 9:52 ` Julien Grall
2016-08-10 14:49 ` Tamas K Lengyel
2016-08-11 8:17 ` Julien Grall
2016-08-11 14:41 ` Tamas K Lengyel
2016-08-12 8:10 ` Julien Grall
2016-08-01 17:10 ` [PATCH v2 02/25] arm/altp2m: Add HVMOP_altp2m_get_domain_state Sergej Proskurin
2016-08-01 17:21 ` Andrew Cooper
2016-08-01 17:34 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 03/25] arm/altp2m: Add struct vttbr Sergej Proskurin
2016-08-03 17:04 ` Julien Grall
2016-08-03 17:05 ` Julien Grall
2016-08-04 16:11 ` Sergej Proskurin
2016-08-04 16:15 ` Julien Grall
2016-08-06 8:54 ` Sergej Proskurin
2016-08-06 13:20 ` Julien Grall
2016-08-06 13:48 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 04/25] arm/altp2m: Move hostp2m init/teardown to individual functions Sergej Proskurin
2016-08-03 17:40 ` Julien Grall
2016-08-05 7:26 ` Sergej Proskurin
2016-08-05 9:16 ` Julien Grall
2016-08-06 8:43 ` Sergej Proskurin
2016-08-06 13:26 ` Julien Grall
2016-08-06 13:50 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 05/25] arm/altp2m: Rename and extend p2m_alloc_table Sergej Proskurin
2016-08-03 17:57 ` Julien Grall
2016-08-06 8:57 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 06/25] arm/altp2m: Cosmetic fixes - function prototypes Sergej Proskurin
2016-08-03 18:02 ` Julien Grall
2016-08-06 9:00 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 07/25] arm/altp2m: Add altp2m init/teardown routines Sergej Proskurin
2016-08-03 18:12 ` Julien Grall
2016-08-05 6:53 ` Sergej Proskurin
2016-08-05 9:20 ` Julien Grall
2016-08-06 8:30 ` Sergej Proskurin
2016-08-09 9:44 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 08/25] arm/altp2m: Add HVMOP_altp2m_set_domain_state Sergej Proskurin
2016-08-03 18:41 ` Julien Grall
2016-08-06 9:03 ` Sergej Proskurin
2016-08-06 9:36 ` Sergej Proskurin
2016-08-06 14:18 ` Julien Grall
2016-08-06 14:21 ` Julien Grall
2016-08-11 9:08 ` Julien Grall
2016-08-01 17:10 ` [PATCH v2 09/25] arm/altp2m: Add altp2m table flushing routine Sergej Proskurin
2016-08-03 18:44 ` Julien Grall
2016-08-06 9:45 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 10/25] arm/altp2m: Add HVMOP_altp2m_create_p2m Sergej Proskurin
2016-08-03 18:48 ` Julien Grall
2016-08-06 9:46 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 11/25] arm/altp2m: Add HVMOP_altp2m_destroy_p2m Sergej Proskurin
2016-08-04 11:46 ` Julien Grall
2016-08-06 9:54 ` Sergej Proskurin
2016-08-06 13:36 ` Julien Grall
2016-08-06 13:51 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 12/25] arm/altp2m: Add HVMOP_altp2m_switch_p2m Sergej Proskurin
2016-08-04 11:51 ` Julien Grall
2016-08-06 10:13 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 13/25] arm/altp2m: Make p2m_restore_state ready for altp2m Sergej Proskurin
2016-08-04 11:55 ` Julien Grall
2016-08-06 10:20 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 14/25] arm/altp2m: Make get_page_from_gva " Sergej Proskurin
2016-08-04 11:59 ` Julien Grall
2016-08-06 10:38 ` Sergej Proskurin
2016-08-06 13:45 ` Julien Grall
2016-08-06 16:58 ` Sergej Proskurin
2016-08-11 8:33 ` Julien Grall
2016-08-01 17:10 ` [PATCH v2 15/25] arm/altp2m: Extend __p2m_lookup Sergej Proskurin
2016-08-04 12:04 ` Julien Grall
2016-08-06 10:44 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 16/25] arm/altp2m: Make p2m_mem_access_check ready for altp2m Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 17/25] arm/altp2m: Cosmetic fixes - function prototypes Sergej Proskurin
2016-08-04 12:06 ` Julien Grall
2016-08-06 10:46 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 18/25] arm/altp2m: Add HVMOP_altp2m_set_mem_access Sergej Proskurin
2016-08-04 14:19 ` Julien Grall
2016-08-06 11:03 ` Sergej Proskurin
2016-08-06 14:26 ` Julien Grall
2016-08-01 17:10 ` [PATCH v2 19/25] arm/altp2m: Add altp2m_propagate_change Sergej Proskurin
2016-08-04 14:50 ` Julien Grall [this message]
2016-08-06 11:26 ` Sergej Proskurin
2016-08-06 13:52 ` Julien Grall
2016-08-06 17:06 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 20/25] arm/altp2m: Add altp2m paging mechanism Sergej Proskurin
2016-08-04 13:50 ` Julien Grall
2016-08-06 12:51 ` Sergej Proskurin
2016-08-06 14:14 ` Julien Grall
2016-08-06 17:28 ` Sergej Proskurin
2016-08-04 16:59 ` Julien Grall
2016-08-06 12:57 ` Sergej Proskurin
2016-08-06 14:21 ` Julien Grall
2016-08-06 17:35 ` Sergej Proskurin
2016-08-10 9:32 ` Sergej Proskurin
2016-08-11 8:47 ` Julien Grall
2016-08-11 17:13 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 21/25] arm/altp2m: Add HVMOP_altp2m_change_gfn Sergej Proskurin
2016-08-04 14:04 ` Julien Grall
2016-08-06 13:45 ` Sergej Proskurin
2016-08-06 14:34 ` Julien Grall
2016-08-06 17:42 ` Sergej Proskurin
2016-08-11 9:21 ` Julien Grall
2016-08-01 17:10 ` [PATCH v2 22/25] arm/altp2m: Adjust debug information to altp2m Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 23/25] arm/altp2m: Extend libxl to activate altp2m on ARM Sergej Proskurin
2016-08-02 11:59 ` Wei Liu
2016-08-02 14:07 ` Sergej Proskurin
2016-08-11 16:00 ` Wei Liu
2016-08-15 16:07 ` Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 24/25] arm/altp2m: Extend xen-access for " Sergej Proskurin
2016-08-01 17:10 ` [PATCH v2 25/25] arm/altp2m: Add test of xc_altp2m_change_gfn Sergej Proskurin
2016-08-02 9:14 ` Razvan Cojocaru
2016-08-02 9:50 ` Sergej Proskurin
2016-08-01 18:15 ` [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM Julien Grall
2016-08-01 19:20 ` Tamas K Lengyel
2016-08-01 19:55 ` Julien Grall
2016-08-01 20:35 ` Sergej Proskurin
2016-08-01 20:41 ` Tamas K Lengyel
2016-08-02 7:38 ` Julien Grall
2016-08-02 11:17 ` George Dunlap
2016-08-02 15:48 ` Tamas K Lengyel
2016-08-02 16:05 ` George Dunlap
2016-08-02 16:09 ` Tamas K Lengyel
2016-08-02 16:40 ` Julien Grall
2016-08-02 17:01 ` Tamas K Lengyel
2016-08-02 17:22 ` Tamas K Lengyel
2016-08-02 16:00 ` Tamas K Lengyel
2016-08-02 16:11 ` Julien Grall
2016-08-02 16:22 ` Tamas K Lengyel
2016-08-01 23:14 ` Andrew Cooper
2016-08-02 7:34 ` Julien Grall
2016-08-02 16:08 ` Andrew Cooper
2016-08-02 16:30 ` Tamas K Lengyel
2016-08-03 11:53 ` Julien Grall
2016-08-03 12:00 ` Andrew Cooper
2016-08-03 12:13 ` Julien Grall
2016-08-03 12:18 ` Andrew Cooper
2016-08-03 12:45 ` Sergej Proskurin
2016-08-03 14:08 ` Julien Grall
2016-08-03 14:17 ` Sergej Proskurin
2016-08-03 16:01 ` Tamas K Lengyel
2016-08-03 16:24 ` Julien Grall
2016-08-03 16:42 ` Tamas K Lengyel
2016-08-03 16:51 ` Julien Grall
2016-08-03 17:30 ` Andrew Cooper
2016-08-03 17:43 ` Tamas K Lengyel
2016-08-03 17:45 ` Julien Grall
2016-08-03 17:51 ` Tamas K Lengyel
2016-08-03 17:56 ` Julien Grall
2016-08-03 18:11 ` Tamas K Lengyel
2016-08-03 18:16 ` Julien Grall
2016-08-03 18:21 ` Tamas K Lengyel
2016-08-04 11:13 ` George Dunlap
2016-08-08 4:44 ` Tamas K Lengyel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d3d7a4e1-cc85-a67b-51fb-0f7dbbbf3a2a@arm.com \
--to=julien.grall@arm.com \
--cc=proskurin@sec.in.tum.de \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).