[4/8] x86/paging: move and conditionalize flush_tlb() hook

Message ID	584a986e-08ea-d064-9447-ed23c6e39721@suse.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Message-ID: <584a986e-08ea-d064-9447-ed23c6e39721@suse.com> Date: Wed, 21 Dec 2022 14:26:34 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: [PATCH 4/8] x86/paging: move and conditionalize flush_tlb() hook Content-Language: en-US From: Jan Beulich <jbeulich@suse.com> To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org> Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>, =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>, George Dunlap <george.dunlap@citrix.com>, Tim Deegan <tim@xen.org> References: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com> In-Reply-To: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit MIME-Version: 1.0
Series	x86/mm: address aspects noticed during XSA-410 work \| expand [0/8] x86/mm: address aspects noticed during XSA-410 work [1/8] x86/paging: fold HAP and shadow memory alloc related fields [2/8] x86/paging: fold most HAP and shadow final teardown [3/8] x86/paging: move update_paging_modes() hook [4/8] x86/paging: move and conditionalize flush_tlb() hook [5/8] x86/PV: drop dead paging_update_paging_modes() call during Dom0 construction [6/8] x86/shadow: adjust and move sh_type_to_size[] [7/8] x86/shadow: don't open-code copy_domain_page() [8/8] x86/shadow: drop zero initialization from shadow_domain_init()

Message ID

584a986e-08ea-d064-9447-ed23c6e39721@suse.com (mailing list archive)

State

Superseded

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Message-ID: <584a986e-08ea-d064-9447-ed23c6e39721@suse.com>
Date: Wed, 21 Dec 2022 14:26:34 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.6.0
Subject: [PATCH 4/8] x86/paging: move and conditionalize flush_tlb() hook
Content-Language: en-US
From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>,
	=?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>,
 George Dunlap <george.dunlap@citrix.com>, Tim Deegan <tim@xen.org>
References: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com>
In-Reply-To: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?gMlY6O/GV2R+dYtkxwNgUo+D/CoK?=
	=?utf-8?q?/89hps3/fcAihg7fOstLs43SvkP6z9ocFzxrd2WLwgpNH5XZRDMcPN1LToz/X75yG?=
	=?utf-8?q?XqnnSbDQptX/skythTdn84rQ6iD6gTZ3XT2jccX2PjqL8ywNDGkogF9RKuVF0pMxr?=
	=?utf-8?q?0gj+ZkF0zBSxyqQorD9eh8rgLL6ITmnYFMq/fVvFZpYjmgVDwWBZiENoh2qSRtb+E?=
	=?utf-8?q?c52s09yttng1ocfOQMjZ+YmShEGX2seto5Mp8537P9gQua6+lC5DhM/W9K/CTja9n?=
	=?utf-8?q?uuIAeRN8aEAjeAddt3zA3TQgObG/6RbHd6G99hMkgRoc+nf19Q4oKLArh5O7PJfGJ?=
	=?utf-8?q?e7FIEsN/HCmf4ffDC3w+/efPCr8ve+J5Hd3cx+7scqFBxfxKAR6IpfC9OxgDgQVGA?=
	=?utf-8?q?xrFTpkm/rBHMkw3HnSuYwkyh9nAcSfJ/XAyZfK0YIzvIp+G/3g606pa8pQnW8uaXa?=
	=?utf-8?q?vvRWku+fcIMCfqv/7ERg3drlEK0vJ1kafH/hcw9uk0T+YRXPPkViXZhfxu16AX5Y0?=
	=?utf-8?q?shpYIXA26g6snDwoPOi5htAH+zregJ/WJ0pzta5glf/boR3hQEYR9Gf2wFqxbn9ec?=
	=?utf-8?q?OqDdcHxzGN9vS8sk4IAHH7FJU4zzsBgQ9saE+VbfZoSuRXblasx/ClGjMeGRFpIUH?=
	=?utf-8?q?7gUJWSoRByRasVxs5uMaVhThBAq26XBfrIlPxe+zVsu2m7EFpjQ04EHCUFF6e5LY8?=
	=?utf-8?q?vpNZn3bSrtm2HKBjiroLCsL5+F3sRp+l3BGygK54Wc9iwpkWQp1uQKt7cqw6zfCTV?=
	=?utf-8?q?1FBZWgf2X+zsGMK9GGD/9v8eSpESK3f3wZNWePcp3iSm9inQeAwK60TE1DNiV4j33?=
	=?utf-8?q?mP7gnwKwil060HLBtweKjuF9WX/kS037op47iXSwnmQCa0LePytkx8FlvYqJly7o8?=
	=?utf-8?q?oPDW9R0WZo2YZiA+UOa8iSqKI8xPiqvcxCmfvG43eVi1qo0vZq2fZUucfe+KfWbeL?=
	=?utf-8?q?aPAq3FPXVjt+G3ikr0U4n4r+IBL1g79IkHxv8fFelBvxRg3QSjZGkqH1hIXCepYiT?=
	=?utf-8?q?W+RjZKFMWR8NRa0di6UzcZQf8uKvbphyy1rc2gj9AHfpJ9ifZUA4yye3vj4hRius+?=
	=?utf-8?q?W1nl0mvinrmkFfOMSJDF4icEqt0+tOIeryBHXB0vv4F1m9JYjTJh3FbkgSFbXDrSC?=
	=?utf-8?q?3sODPA6k8RvkTXk02pZIyuDxBBLDF35hKfpvDXZAzxshgx5bDl0aTEze4JCoBR5rW?=
	=?utf-8?q?m0ni3ULyqqFv398iqi0EMdnhxp6zxk6f1wU70HcmfdO+1K8rBjFpaGHHdIIfLuVZP?=
	=?utf-8?q?jfM1xgL0aG1zuGSG0q+HyhzRe+I1Du6jPxuprCmVHpZDfv0ToGsQalG+pKGFNHuq8?=
	=?utf-8?q?pQHg9G28C4fYYWI/6hQWtLbSVNYUrVWWtD3wKOyw0TqNgPGatkR5n8ANXSPyVFfCo?=
	=?utf-8?q?XFtEZz1cgzQku3wixcxM8G5HWnPDd+IHvyavgM2IodZiJShKkiR6UvQ4Sk5yCEgtq?=
	=?utf-8?q?4kFmJWzEq/zJL7PqYeXVRF+33hGedA31BOzlQ6Lr/ZkFu1YY89ML3j4MuTxNetE1A?=
	=?utf-8?q?vTJXPCVwMCx8?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f49f167a-0c38-4e81-9cd2-08dae356fbbe
X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 13:26:35.7393
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 /ssBx8hmaHvfkmcAHSUOFJZ+9jZGGTDA5Z9tLxG866td7caX28oDoWlmv1WC7bAGKHSwzGioBSVGMeJRs4qnIg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR04MB8582

Series

x86/mm: address aspects noticed during XSA-410 work | expand

Commit Message

Jan Beulich Dec. 21, 2022, 1:26 p.m. UTC

The hook isn't mode dependent, hence it's misplaced in struct
paging_mode. (Or alternatively I see no reason why the alloc_page() and
free_page() hooks don't also live there.) Move it to struct
paging_domain.

The hook also is used for HVM guests only, so make respective pieces
conditional upon CONFIG_HVM.

While there also add __must_check to the hook declaration, as it's
imperative that callers deal with getting back "false".

While moving the shadow implementation, introduce a "curr" local
variable.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

Comments

Andrew Cooper Dec. 21, 2022, 6:43 p.m. UTC | #1

On 21/12/2022 1:26 pm, Jan Beulich wrote:
> The hook isn't mode dependent, hence it's misplaced in struct
> paging_mode. (Or alternatively I see no reason why the alloc_page() and
> free_page() hooks don't also live there.) Move it to struct
> paging_domain.

How you flush the TLBs has absolutely nothing to do with what mode the
guest is in.

But this hook too confuses p2m flushes with vcpu flushes.

> The hook also is used for HVM guests only, so make respective pieces
> conditional upon CONFIG_HVM.
>
> While there also add __must_check to the hook declaration, as it's
> imperative that callers deal with getting back "false".
>
> While moving the shadow implementation, introduce a "curr" local
> variable.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>, with two
observations.

> --- a/xen/arch/x86/include/asm/paging.h
> +++ b/xen/arch/x86/include/asm/paging.h
> @@ -300,6 +299,12 @@ static inline unsigned long paging_ga_to
>          page_order);
>  }
>  
> +/* Flush selected vCPUs TLBs.  NULL for all. */
> +static inline bool paging_flush_tlb(const unsigned long *vcpu_bitmap)
> +{
> +    return current->domain->arch.paging.flush_tlb(vcpu_bitmap);

Not for this patch, but for cases like this, we should probably drop the
function pointer.

There are only two options, and they're invariant for the context, so

if ( hap )
    hap_flush_tlb(...);
else
    shadow_flush_tlb(...);

will almost certainly be faster on any CPU that Xen is liable to run
on.  Especially as HAP is probably ~100% common case.

> --- a/xen/arch/x86/mm/shadow/hvm.c
> +++ b/xen/arch/x86/mm/shadow/hvm.c
> @@ -688,6 +688,66 @@ static void sh_emulate_unmap_dest(struct
>      atomic_inc(&v->domain->arch.paging.shadow.gtable_dirty_version);
>  }
>  
> +static bool flush_vcpu(const struct vcpu *v, const unsigned long *vcpu_bitmap)
> +{
> +    return !vcpu_bitmap || test_bit(v->vcpu_id, vcpu_bitmap);
> +}
> +
> +/* Flush TLB of selected vCPUs.  NULL for all. */
> +bool cf_check shadow_flush_tlb(const unsigned long *vcpu_bitmap)
> +{
> +    static DEFINE_PER_CPU(cpumask_t, flush_cpumask);

The hap and shadow variants both have a static percpu mask like this.

However, this is an irqs-on region with no nested locking, so I suspect
this path can share one of the scheduler percpu variables too.

~Andrew

--- a/xen/arch/x86/include/asm/domain.h
+++ b/xen/arch/x86/include/asm/domain.h
@@ -237,6 +237,11 @@  struct paging_domain {
     void (*free_page)(struct domain *d, struct page_info *pg);
 
     void (*update_paging_mode)(struct vcpu *v);
+
+#ifdef CONFIG_HVM
+    /* Flush selected vCPUs TLBs.  NULL for all. */
+    bool __must_check (*flush_tlb)(const unsigned long *vcpu_bitmap);
+#endif
 };
 
 struct paging_vcpu {
--- a/xen/arch/x86/include/asm/paging.h
+++ b/xen/arch/x86/include/asm/paging.h
@@ -140,7 +140,6 @@  struct paging_mode {
 #endif
     void          (*update_cr3            )(struct vcpu *v, int do_locking,
                                             bool noflush);
-    bool          (*flush_tlb             )(const unsigned long *vcpu_bitmap);
 
     unsigned int guest_levels;
 
@@ -300,6 +299,12 @@  static inline unsigned long paging_ga_to
         page_order);
 }
 
+/* Flush selected vCPUs TLBs.  NULL for all. */
+static inline bool paging_flush_tlb(const unsigned long *vcpu_bitmap)
+{
+    return current->domain->arch.paging.flush_tlb(vcpu_bitmap);
+}
+
 #endif /* CONFIG_HVM */
 
 /* Update all the things that are derived from the guest's CR3.
@@ -408,12 +413,6 @@  static always_inline unsigned int paging
     return bits;
 }
 
-/* Flush selected vCPUs TLBs.  NULL for all. */
-static inline bool paging_flush_tlb(const unsigned long *vcpu_bitmap)
-{
-    return paging_get_hostmode(current)->flush_tlb(vcpu_bitmap);
-}
-
 #endif /* XEN_PAGING_H */
 
 /*
--- a/xen/arch/x86/mm/hap/hap.c
+++ b/xen/arch/x86/mm/hap/hap.c
@@ -445,6 +445,7 @@  static void hap_destroy_monitor_table(st
 /************************************************/
 
 static void cf_check hap_update_paging_mode(struct vcpu *v);
+static bool cf_check flush_tlb(const unsigned long *vcpu_bitmap);
 
 void hap_domain_init(struct domain *d)
 {
@@ -458,6 +459,7 @@  void hap_domain_init(struct domain *d)
     paging_log_dirty_init(d, &hap_ops);
 
     d->arch.paging.update_paging_mode = hap_update_paging_mode;
+    d->arch.paging.flush_tlb          = flush_tlb;
 }
 
 /* return 0 for success, -errno for failure */
@@ -847,7 +849,6 @@  static const struct paging_mode hap_pagi
     .gva_to_gfn             = hap_gva_to_gfn_real_mode,
     .p2m_ga_to_gfn          = hap_p2m_ga_to_gfn_real_mode,
     .update_cr3             = hap_update_cr3,
-    .flush_tlb              = flush_tlb,
     .guest_levels           = 1
 };
 
@@ -857,7 +858,6 @@  static const struct paging_mode hap_pagi
     .gva_to_gfn             = hap_gva_to_gfn_2_levels,
     .p2m_ga_to_gfn          = hap_p2m_ga_to_gfn_2_levels,
     .update_cr3             = hap_update_cr3,
-    .flush_tlb              = flush_tlb,
     .guest_levels           = 2
 };
 
@@ -867,7 +867,6 @@  static const struct paging_mode hap_pagi
     .gva_to_gfn             = hap_gva_to_gfn_3_levels,
     .p2m_ga_to_gfn          = hap_p2m_ga_to_gfn_3_levels,
     .update_cr3             = hap_update_cr3,
-    .flush_tlb              = flush_tlb,
     .guest_levels           = 3
 };
 
@@ -877,7 +876,6 @@  static const struct paging_mode hap_pagi
     .gva_to_gfn             = hap_gva_to_gfn_4_levels,
     .p2m_ga_to_gfn          = hap_p2m_ga_to_gfn_4_levels,
     .update_cr3             = hap_update_cr3,
-    .flush_tlb              = flush_tlb,
     .guest_levels           = 4
 };
 
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -68,6 +68,7 @@  int shadow_domain_init(struct domain *d)
     d->arch.paging.shadow.oos_active = 0;
 #endif
 #ifdef CONFIG_HVM
+    d->arch.paging.flush_tlb = shadow_flush_tlb;
     d->arch.paging.shadow.pagetable_dying_op = 0;
 #endif
 
@@ -3134,66 +3135,6 @@  static void cf_check sh_clean_dirty_bitm
     paging_unlock(d);
 }
 
-
-static bool flush_vcpu(const struct vcpu *v, const unsigned long *vcpu_bitmap)
-{
-    return !vcpu_bitmap || test_bit(v->vcpu_id, vcpu_bitmap);
-}
-
-/* Flush TLB of selected vCPUs.  NULL for all. */
-bool cf_check shadow_flush_tlb(const unsigned long *vcpu_bitmap)
-{
-    static DEFINE_PER_CPU(cpumask_t, flush_cpumask);
-    cpumask_t *mask = &this_cpu(flush_cpumask);
-    struct domain *d = current->domain;
-    struct vcpu *v;
-
-    /* Avoid deadlock if more than one vcpu tries this at the same time. */
-    if ( !spin_trylock(&d->hypercall_deadlock_mutex) )
-        return false;
-
-    /* Pause all other vcpus. */
-    for_each_vcpu ( d, v )
-        if ( v != current && flush_vcpu(v, vcpu_bitmap) )
-            vcpu_pause_nosync(v);
-
-    /* Now that all VCPUs are signalled to deschedule, we wait... */
-    for_each_vcpu ( d, v )
-        if ( v != current && flush_vcpu(v, vcpu_bitmap) )
-            while ( !vcpu_runnable(v) && v->is_running )
-                cpu_relax();
-
-    /* All other vcpus are paused, safe to unlock now. */
-    spin_unlock(&d->hypercall_deadlock_mutex);
-
-    cpumask_clear(mask);
-
-    /* Flush paging-mode soft state (e.g., va->gfn cache; PAE PDPE cache). */
-    for_each_vcpu ( d, v )
-    {
-        unsigned int cpu;
-
-        if ( !flush_vcpu(v, vcpu_bitmap) )
-            continue;
-
-        paging_update_cr3(v, false);
-
-        cpu = read_atomic(&v->dirty_cpu);
-        if ( is_vcpu_dirty_cpu(cpu) )
-            __cpumask_set_cpu(cpu, mask);
-    }
-
-    /* Flush TLBs on all CPUs with dirty vcpu state. */
-    guest_flush_tlb_mask(d, mask);
-
-    /* Done. */
-    for_each_vcpu ( d, v )
-        if ( v != current && flush_vcpu(v, vcpu_bitmap) )
-            vcpu_unpause(v);
-
-    return true;
-}
-
 /**************************************************************************/
 /* Shadow-control XEN_DOMCTL dispatcher */
 
--- a/xen/arch/x86/mm/shadow/hvm.c
+++ b/xen/arch/x86/mm/shadow/hvm.c
@@ -688,6 +688,66 @@  static void sh_emulate_unmap_dest(struct
     atomic_inc(&v->domain->arch.paging.shadow.gtable_dirty_version);
 }
 
+static bool flush_vcpu(const struct vcpu *v, const unsigned long *vcpu_bitmap)
+{
+    return !vcpu_bitmap || test_bit(v->vcpu_id, vcpu_bitmap);
+}
+
+/* Flush TLB of selected vCPUs.  NULL for all. */
+bool cf_check shadow_flush_tlb(const unsigned long *vcpu_bitmap)
+{
+    static DEFINE_PER_CPU(cpumask_t, flush_cpumask);
+    cpumask_t *mask = &this_cpu(flush_cpumask);
+    const struct vcpu *curr = current;
+    struct domain *d = curr->domain;
+    struct vcpu *v;
+
+    /* Avoid deadlock if more than one vcpu tries this at the same time. */
+    if ( !spin_trylock(&d->hypercall_deadlock_mutex) )
+        return false;
+
+    /* Pause all other vcpus. */
+    for_each_vcpu ( d, v )
+        if ( v != curr && flush_vcpu(v, vcpu_bitmap) )
+            vcpu_pause_nosync(v);
+
+    /* Now that all VCPUs are signalled to deschedule, we wait... */
+    for_each_vcpu ( d, v )
+        if ( v != curr && flush_vcpu(v, vcpu_bitmap) )
+            while ( !vcpu_runnable(v) && v->is_running )
+                cpu_relax();
+
+    /* All other vcpus are paused, safe to unlock now. */
+    spin_unlock(&d->hypercall_deadlock_mutex);
+
+    cpumask_clear(mask);
+
+    /* Flush paging-mode soft state (e.g., va->gfn cache; PAE PDPE cache). */
+    for_each_vcpu ( d, v )
+    {
+        unsigned int cpu;
+
+        if ( !flush_vcpu(v, vcpu_bitmap) )
+            continue;
+
+        paging_update_cr3(v, false);
+
+        cpu = read_atomic(&v->dirty_cpu);
+        if ( is_vcpu_dirty_cpu(cpu) )
+            __cpumask_set_cpu(cpu, mask);
+    }
+
+    /* Flush TLBs on all CPUs with dirty vcpu state. */
+    guest_flush_tlb_mask(d, mask);
+
+    /* Done. */
+    for_each_vcpu ( d, v )
+        if ( v != curr && flush_vcpu(v, vcpu_bitmap) )
+            vcpu_unpause(v);
+
+    return true;
+}
+
 mfn_t sh_make_monitor_table(const struct vcpu *v, unsigned int shadow_levels)
 {
     struct domain *d = v->domain;
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -4198,7 +4198,6 @@  const struct paging_mode sh_paging_mode
     .gva_to_gfn                    = sh_gva_to_gfn,
 #endif
     .update_cr3                    = sh_update_cr3,
-    .flush_tlb                     = shadow_flush_tlb,
     .guest_levels                  = GUEST_PAGING_LEVELS,
     .shadow.detach_old_tables      = sh_detach_old_tables,
 #ifdef CONFIG_PV

[4/8] x86/paging: move and conditionalize flush_tlb() hook

Commit Message

Comments

Patch