2023-01-16 06:31:59

by Srivatsa S. Bhat

[permalink] [raw]
Subject: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state

From: "Srivatsa S. Bhat (VMware)" <[email protected]>

Under hypervisors that support mwait passthrough, a vCPU in mwait
CPU-idle state remains in guest context (instead of yielding to the
hypervisor via VMEXIT), which helps speed up wakeups from idle.

However, this runs into problems with CPU hotplug, because the Linux
CPU offline path prefers to put the vCPU-to-be-offlined in mwait
state, whenever mwait is available. As a result, since a vCPU in mwait
remains in guest context and does not yield to the hypervisor, an
offline vCPU *appears* to be 100% busy as viewed from the host, which
prevents the hypervisor from running other vCPUs or workloads on the
corresponding pCPU. [ Note that such a vCPU is not actually busy
spinning though; it remains in mwait idle state in the guest ].

Fix this by preventing the use of mwait idle state in the vCPU offline
play_dead() path for any hypervisor, even if mwait support is
available.

Suggested-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Srivatsa S. Bhat (VMware) <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: "H. Peter Anvin" <[email protected]>
Cc: "Rafael J. Wysocki" <[email protected]>
Cc: "Paul E. McKenney" <[email protected]>
Cc: Wyes Karny <[email protected]>
Cc: Lewis Caroll <[email protected]>
Cc: Tom Lendacky <[email protected]>
Cc: Alexey Makhalov <[email protected]>
Cc: Juergen Gross <[email protected]>
Cc: [email protected]
Cc: VMware PV-Drivers Reviewers <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
---

v1: https://lore.kernel.org/lkml/[email protected]/

arch/x86/kernel/smpboot.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 55cad72715d9..125a5d4bfded 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -1763,6 +1763,15 @@ static inline void mwait_play_dead(void)
return;
if (!this_cpu_has(X86_FEATURE_CLFLUSH))
return;
+
+ /*
+ * Do not use mwait in CPU offline play_dead if running under
+ * any hypervisor, to make sure that the offline vCPU actually
+ * yields to the hypervisor (which may not happen otherwise if
+ * the hypervisor supports mwait passthrough).
+ */
+ if (this_cpu_has(X86_FEATURE_HYPERVISOR))
+ return;
if (__this_cpu_read(cpu_info.cpuid_level) < CPUID_MWAIT_LEAF)
return;

--
2.25.1


2023-01-16 09:30:51

by Jürgen Groß

[permalink] [raw]
Subject: Re: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state

On 16.01.23 07:01, Srivatsa S. Bhat wrote:
> From: "Srivatsa S. Bhat (VMware)" <[email protected]>
>
> Under hypervisors that support mwait passthrough, a vCPU in mwait
> CPU-idle state remains in guest context (instead of yielding to the
> hypervisor via VMEXIT), which helps speed up wakeups from idle.
>
> However, this runs into problems with CPU hotplug, because the Linux
> CPU offline path prefers to put the vCPU-to-be-offlined in mwait
> state, whenever mwait is available. As a result, since a vCPU in mwait
> remains in guest context and does not yield to the hypervisor, an
> offline vCPU *appears* to be 100% busy as viewed from the host, which
> prevents the hypervisor from running other vCPUs or workloads on the
> corresponding pCPU. [ Note that such a vCPU is not actually busy
> spinning though; it remains in mwait idle state in the guest ].
>
> Fix this by preventing the use of mwait idle state in the vCPU offline
> play_dead() path for any hypervisor, even if mwait support is
> available.
>
> Suggested-by: Peter Zijlstra (Intel) <[email protected]>
> Signed-off-by: Srivatsa S. Bhat (VMware) <[email protected]>
> Cc: Thomas Gleixner <[email protected]>
> Cc: Peter Zijlstra <[email protected]>
> Cc: Ingo Molnar <[email protected]>
> Cc: Borislav Petkov <[email protected]>
> Cc: Dave Hansen <[email protected]>
> Cc: "H. Peter Anvin" <[email protected]>
> Cc: "Rafael J. Wysocki" <[email protected]>
> Cc: "Paul E. McKenney" <[email protected]>
> Cc: Wyes Karny <[email protected]>
> Cc: Lewis Caroll <[email protected]>
> Cc: Tom Lendacky <[email protected]>
> Cc: Alexey Makhalov <[email protected]>
> Cc: Juergen Gross <[email protected]>
> Cc: [email protected]
> Cc: VMware PV-Drivers Reviewers <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]

Reviewed-by: Juergen Gross <[email protected]>


Juergen


Attachments:
OpenPGP_0xB0DE9DD628BF132F.asc (3.08 kB)
OpenPGP public key
OpenPGP_signature (505.00 B)
OpenPGP digital signature
Download all attachments

2023-01-16 15:25:28

by Igor Mammedov

[permalink] [raw]
Subject: Re: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state

On Sun, 15 Jan 2023 22:01:34 -0800
"Srivatsa S. Bhat" <[email protected]> wrote:

> From: "Srivatsa S. Bhat (VMware)" <[email protected]>
>
> Under hypervisors that support mwait passthrough, a vCPU in mwait
> CPU-idle state remains in guest context (instead of yielding to the
> hypervisor via VMEXIT), which helps speed up wakeups from idle.
>
> However, this runs into problems with CPU hotplug, because the Linux
> CPU offline path prefers to put the vCPU-to-be-offlined in mwait
> state, whenever mwait is available. As a result, since a vCPU in mwait
> remains in guest context and does not yield to the hypervisor, an
> offline vCPU *appears* to be 100% busy as viewed from the host, which
> prevents the hypervisor from running other vCPUs or workloads on the
> corresponding pCPU. [ Note that such a vCPU is not actually busy
> spinning though; it remains in mwait idle state in the guest ].
>
> Fix this by preventing the use of mwait idle state in the vCPU offline
> play_dead() path for any hypervisor, even if mwait support is
> available.

if mwait is enabled, it's very likely guest to have cpuidle
enabled and using the same mwait as well. So exiting early from
mwait_play_dead(), might just punt workflow down:
native_play_dead()
...
mwait_play_dead();
if (cpuidle_play_dead()) <- possible mwait here
hlt_play_dead();

and it will end up in mwait again and only if that fails
it will go HLT route and maybe transition to VMM.

Instead of workaround on guest side,
shouldn't hypervisor force VMEXIT on being uplugged vCPU when it's
actually hot-unplugging vCPU? (ex: QEMU kicks vCPU out from guest
context when it is removing vCPU, among other things)

> Suggested-by: Peter Zijlstra (Intel) <[email protected]>
> Signed-off-by: Srivatsa S. Bhat (VMware) <[email protected]>
> Cc: Thomas Gleixner <[email protected]>
> Cc: Peter Zijlstra <[email protected]>
> Cc: Ingo Molnar <[email protected]>
> Cc: Borislav Petkov <[email protected]>
> Cc: Dave Hansen <[email protected]>
> Cc: "H. Peter Anvin" <[email protected]>
> Cc: "Rafael J. Wysocki" <[email protected]>
> Cc: "Paul E. McKenney" <[email protected]>
> Cc: Wyes Karny <[email protected]>
> Cc: Lewis Caroll <[email protected]>
> Cc: Tom Lendacky <[email protected]>
> Cc: Alexey Makhalov <[email protected]>
> Cc: Juergen Gross <[email protected]>
> Cc: [email protected]
> Cc: VMware PV-Drivers Reviewers <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> ---
>
> v1: https://lore.kernel.org/lkml/[email protected]/
>
> arch/x86/kernel/smpboot.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
> index 55cad72715d9..125a5d4bfded 100644
> --- a/arch/x86/kernel/smpboot.c
> +++ b/arch/x86/kernel/smpboot.c
> @@ -1763,6 +1763,15 @@ static inline void mwait_play_dead(void)
> return;
> if (!this_cpu_has(X86_FEATURE_CLFLUSH))
> return;
> +
> + /*
> + * Do not use mwait in CPU offline play_dead if running under
> + * any hypervisor, to make sure that the offline vCPU actually
> + * yields to the hypervisor (which may not happen otherwise if
> + * the hypervisor supports mwait passthrough).
> + */
> + if (this_cpu_has(X86_FEATURE_HYPERVISOR))
> + return;
> if (__this_cpu_read(cpu_info.cpuid_level) < CPUID_MWAIT_LEAF)
> return;
>

2023-01-19 21:54:55

by Thomas Gleixner

[permalink] [raw]
Subject: Re: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state

On Mon, Jan 16 2023 at 15:55, Igor Mammedov wrote:
> "Srivatsa S. Bhat" <[email protected]> wrote:
>> Fix this by preventing the use of mwait idle state in the vCPU offline
>> play_dead() path for any hypervisor, even if mwait support is
>> available.
>
> if mwait is enabled, it's very likely guest to have cpuidle
> enabled and using the same mwait as well. So exiting early from
> mwait_play_dead(), might just punt workflow down:
> native_play_dead()
> ...
> mwait_play_dead();
> if (cpuidle_play_dead()) <- possible mwait here
> hlt_play_dead();
>
> and it will end up in mwait again and only if that fails
> it will go HLT route and maybe transition to VMM.

Good point.

> Instead of workaround on guest side,
> shouldn't hypervisor force VMEXIT on being uplugged vCPU when it's
> actually hot-unplugging vCPU? (ex: QEMU kicks vCPU out from guest
> context when it is removing vCPU, among other things)

For a pure guest side CPU unplug operation:

guest$ echo 0 >/sys/devices/system/cpu/cpu$N/online

the hypervisor is not involved at all. The vCPU is not removed in that
case.

So to ensure that this ends up in HLT something like the below is
required.

Note, the removal of the comment after mwait_play_dead() is intentional
because the comment is completely bogus. Not having MWAIT is not a
failure. But that wants to be a seperate patch.

Thanks,

tglx
---
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 55cad72715d9..3f1f20f71ec5 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -1833,7 +1833,10 @@ void native_play_dead(void)
play_dead_common();
tboot_shutdown(TB_SHUTDOWN_WFS);

- mwait_play_dead(); /* Only returns on failure */
+ if (this_cpu_has(X86_FEATURE_HYPERVISOR))
+ hlt_play_dead();
+
+ mwait_play_dead();
if (cpuidle_play_dead())
hlt_play_dead();
}



2023-01-20 14:45:37

by Srivatsa S. Bhat

[permalink] [raw]
Subject: Re: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state


Hi Igor and Thomas,

Thank you for your review!

On 1/19/23 1:12 PM, Thomas Gleixner wrote:
> On Mon, Jan 16 2023 at 15:55, Igor Mammedov wrote:
>> "Srivatsa S. Bhat" <[email protected]> wrote:
>>> Fix this by preventing the use of mwait idle state in the vCPU offline
>>> play_dead() path for any hypervisor, even if mwait support is
>>> available.
>>
>> if mwait is enabled, it's very likely guest to have cpuidle
>> enabled and using the same mwait as well. So exiting early from
>> mwait_play_dead(), might just punt workflow down:
>> native_play_dead()
>> ...
>> mwait_play_dead();
>> if (cpuidle_play_dead()) <- possible mwait here
>> hlt_play_dead();
>>
>> and it will end up in mwait again and only if that fails
>> it will go HLT route and maybe transition to VMM.
>
> Good point.
>
>> Instead of workaround on guest side,
>> shouldn't hypervisor force VMEXIT on being uplugged vCPU when it's
>> actually hot-unplugging vCPU? (ex: QEMU kicks vCPU out from guest
>> context when it is removing vCPU, among other things)
>
> For a pure guest side CPU unplug operation:
>
> guest$ echo 0 >/sys/devices/system/cpu/cpu$N/online
>
> the hypervisor is not involved at all. The vCPU is not removed in that
> case.
>

Agreed, and this is indeed the scenario I was targeting with this patch,
as opposed to vCPU removal from the host side. I'll add this clarification
to the commit message.

> So to ensure that this ends up in HLT something like the below is
> required.
>
> Note, the removal of the comment after mwait_play_dead() is intentional
> because the comment is completely bogus. Not having MWAIT is not a
> failure. But that wants to be a seperate patch.
>

Sounds good, will do and post a new version.

Thank you!

Regards,
Srivatsa
VMware Photon OS


> Thanks,
>
> tglx
> ---
> diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
> index 55cad72715d9..3f1f20f71ec5 100644
> --- a/arch/x86/kernel/smpboot.c
> +++ b/arch/x86/kernel/smpboot.c
> @@ -1833,7 +1833,10 @@ void native_play_dead(void)
> play_dead_common();
> tboot_shutdown(TB_SHUTDOWN_WFS);
>
> - mwait_play_dead(); /* Only returns on failure */
> + if (this_cpu_has(X86_FEATURE_HYPERVISOR))
> + hlt_play_dead();
> +
> + mwait_play_dead();
> if (cpuidle_play_dead())
> hlt_play_dead();
> }
>
>
>
>

2023-01-20 16:10:08

by Igor Mammedov

[permalink] [raw]
Subject: Re: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state

On Fri, 20 Jan 2023 05:55:11 -0800
"Srivatsa S. Bhat" <[email protected]> wrote:

> Hi Igor and Thomas,
>
> Thank you for your review!
>
> On 1/19/23 1:12 PM, Thomas Gleixner wrote:
> > On Mon, Jan 16 2023 at 15:55, Igor Mammedov wrote:
> >> "Srivatsa S. Bhat" <[email protected]> wrote:
> >>> Fix this by preventing the use of mwait idle state in the vCPU offline
> >>> play_dead() path for any hypervisor, even if mwait support is
> >>> available.
> >>
> >> if mwait is enabled, it's very likely guest to have cpuidle
> >> enabled and using the same mwait as well. So exiting early from
> >> mwait_play_dead(), might just punt workflow down:
> >> native_play_dead()
> >> ...
> >> mwait_play_dead();
> >> if (cpuidle_play_dead()) <- possible mwait here
> >> hlt_play_dead();
> >>
> >> and it will end up in mwait again and only if that fails
> >> it will go HLT route and maybe transition to VMM.
> >
> > Good point.
> >
> >> Instead of workaround on guest side,
> >> shouldn't hypervisor force VMEXIT on being uplugged vCPU when it's
> >> actually hot-unplugging vCPU? (ex: QEMU kicks vCPU out from guest
> >> context when it is removing vCPU, among other things)
> >
> > For a pure guest side CPU unplug operation:
> >
> > guest$ echo 0 >/sys/devices/system/cpu/cpu$N/online
> >
> > the hypervisor is not involved at all. The vCPU is not removed in that
> > case.
> >
>
> Agreed, and this is indeed the scenario I was targeting with this patch,
> as opposed to vCPU removal from the host side. I'll add this clarification
> to the commit message.

commit message explicitly said:
"which prevents the hypervisor from running other vCPUs or workloads on the
corresponding pCPU."

and that implies unplug on hypervisor side as well.
Why? That's because when hypervisor exposes mwait to guest, it has to reserve/pin
a pCPU for each of present vCPUs. And you can safely run other VMs/workloads
on that pCPU only after it's not possible for it to be reused by VM where
it was used originally.

Now consider following worst (and most likely) case without unplug
on hypervisor side:

1. vm1mwait: pin pCPU2 to vCPU2
2. vm1mwait: guest$ echo 0 >/sys/devices/system/cpu/cpu2/online
-> HLT -> VMEXIT
--
3. vm2mwait: pin pCPU2 to vCPUx and start VM
4. vm2mwait: guest OS onlines Vcpu and starts using it incl.
going into idle=>mwait state
--
5. vm1mwait: it still thinks that vCPU is present it can rightfully do:
guest$ echo 1 >/sys/devices/system/cpu/cpu2/online
--
6.1 best case vm1mwait online fails after timeout
6.2 worse case: vm2mwait does VMEXIT on vCPUx around time-frame when
vm1mwait onlines vCPU2, the online may succeed and then vm2mwait's
vCPUx will be stuck (possibly indefinitely) until for some reason
VMEXIT happens on vm1mwait's vCPU2 _and_ host decides to schedule
vCPUx on pCPU2 which would make vm1mwait stuck on vCPU2.
So either way it's expected behavior.

And if there is no intention to unplug vCPU on hypervisor side,
then VMEXIT on play_dead is not really necessary (mwait is better
then HLT), since hypervisor can't safely reuse pCPU elsewhere and
VCPU goes into deep sleep within guest context.

PS:
The only case where making HLT/VMEXIT on play_dead might work out,
would be if new workload weren't pinned to the same pCPU nor
used mwait (i.e. host can migrate it elsewhere and schedule
vCPU2 back on pCPU2).


> > So to ensure that this ends up in HLT something like the below is
> > required.
> >
> > Note, the removal of the comment after mwait_play_dead() is intentional
> > because the comment is completely bogus. Not having MWAIT is not a
> > failure. But that wants to be a seperate patch.
> >
>
> Sounds good, will do and post a new version.
>
> Thank you!
>
> Regards,
> Srivatsa
> VMware Photon OS
>
>
> > Thanks,
> >
> > tglx
> > ---
> > diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
> > index 55cad72715d9..3f1f20f71ec5 100644
> > --- a/arch/x86/kernel/smpboot.c
> > +++ b/arch/x86/kernel/smpboot.c
> > @@ -1833,7 +1833,10 @@ void native_play_dead(void)
> > play_dead_common();
> > tboot_shutdown(TB_SHUTDOWN_WFS);
> >
> > - mwait_play_dead(); /* Only returns on failure */
> > + if (this_cpu_has(X86_FEATURE_HYPERVISOR))
> > + hlt_play_dead();
> > +
> > + mwait_play_dead();
> > if (cpuidle_play_dead())
> > hlt_play_dead();
> > }
> >
> >
> >
> >
>

2023-01-20 18:43:23

by Sean Christopherson

[permalink] [raw]
Subject: Re: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state

On Fri, Jan 20, 2023, Igor Mammedov wrote:
> On Fri, 20 Jan 2023 05:55:11 -0800
> "Srivatsa S. Bhat" <[email protected]> wrote:
>
> > Hi Igor and Thomas,
> >
> > Thank you for your review!
> >
> > On 1/19/23 1:12 PM, Thomas Gleixner wrote:
> > > On Mon, Jan 16 2023 at 15:55, Igor Mammedov wrote:
> > >> "Srivatsa S. Bhat" <[email protected]> wrote:
> > >>> Fix this by preventing the use of mwait idle state in the vCPU offline
> > >>> play_dead() path for any hypervisor, even if mwait support is
> > >>> available.
> > >>
> > >> if mwait is enabled, it's very likely guest to have cpuidle
> > >> enabled and using the same mwait as well. So exiting early from
> > >> mwait_play_dead(), might just punt workflow down:
> > >> native_play_dead()
> > >> ...
> > >> mwait_play_dead();
> > >> if (cpuidle_play_dead()) <- possible mwait here
> > >> hlt_play_dead();
> > >>
> > >> and it will end up in mwait again and only if that fails
> > >> it will go HLT route and maybe transition to VMM.
> > >
> > > Good point.
> > >
> > >> Instead of workaround on guest side,
> > >> shouldn't hypervisor force VMEXIT on being uplugged vCPU when it's
> > >> actually hot-unplugging vCPU? (ex: QEMU kicks vCPU out from guest
> > >> context when it is removing vCPU, among other things)
> > >
> > > For a pure guest side CPU unplug operation:
> > >
> > > guest$ echo 0 >/sys/devices/system/cpu/cpu$N/online
> > >
> > > the hypervisor is not involved at all. The vCPU is not removed in that
> > > case.
> > >
> >
> > Agreed, and this is indeed the scenario I was targeting with this patch,
> > as opposed to vCPU removal from the host side. I'll add this clarification
> > to the commit message.

Forcing HLT doesn't solve anything, it's perfectly legal to passthrough HLT. I
guarantee there are use cases that passthrough HLT but _not_ MONITOR/MWAIT, and
that passthrough all of them.

> commit message explicitly said:
> "which prevents the hypervisor from running other vCPUs or workloads on the
> corresponding pCPU."
>
> and that implies unplug on hypervisor side as well.
> Why? That's because when hypervisor exposes mwait to guest, it has to reserve/pin
> a pCPU for each of present vCPUs. And you can safely run other VMs/workloads
> on that pCPU only after it's not possible for it to be reused by VM where
> it was used originally.

Pinning isn't strictly required from a safety perspective. The latency of context
switching may suffer due to wake times, but preempting a vCPU that it's C1 (or
deeper) won't cause functional problems. Passing through an entire socket
(or whatever scope triggers extra fun) might be a different story, but pinning
isn't strictly required.

That said, I 100% agree that this is expected behavior and not a bug. Letting the
guest execute MWAIT or HLT means the host won't have perfect visibility into guest
activity state.

Oversubscribing a pCPU and exposing MWAIT and/or HLT to vCPUs is generally not done
precisely because the guest will always appear busy without extra effort on the
host. E.g. KVM requires an explicit opt-in from userspace to expose MWAIT and/or
HLT.

If someone really wants to effeciently oversubscribe pCPUs and passthrough MWAIT,
then their best option is probably to have a paravirt interface so that the guest
can tell the host its offlining a vCPU. Barring that the host could inspect the
guest when preempting a vCPU to try and guesstimate how much work the vCPU is
actually doing in order to make better scheduling decisions.

> Now consider following worst (and most likely) case without unplug
> on hypervisor side:
>
> 1. vm1mwait: pin pCPU2 to vCPU2
> 2. vm1mwait: guest$ echo 0 >/sys/devices/system/cpu/cpu2/online
> -> HLT -> VMEXIT
> --
> 3. vm2mwait: pin pCPU2 to vCPUx and start VM
> 4. vm2mwait: guest OS onlines Vcpu and starts using it incl.
> going into idle=>mwait state
> --
> 5. vm1mwait: it still thinks that vCPU is present it can rightfully do:
> guest$ echo 1 >/sys/devices/system/cpu/cpu2/online
> --
> 6.1 best case vm1mwait online fails after timeout
> 6.2 worse case: vm2mwait does VMEXIT on vCPUx around time-frame when
> vm1mwait onlines vCPU2, the online may succeed and then vm2mwait's
> vCPUx will be stuck (possibly indefinitely) until for some reason
> VMEXIT happens on vm1mwait's vCPU2 _and_ host decides to schedule
> vCPUx on pCPU2 which would make vm1mwait stuck on vCPU2.
> So either way it's expected behavior.
>
> And if there is no intention to unplug vCPU on hypervisor side,
> then VMEXIT on play_dead is not really necessary (mwait is better
> then HLT), since hypervisor can't safely reuse pCPU elsewhere and
> VCPU goes into deep sleep within guest context.
>
> PS:
> The only case where making HLT/VMEXIT on play_dead might work out,
> would be if new workload weren't pinned to the same pCPU nor
> used mwait (i.e. host can migrate it elsewhere and schedule
> vCPU2 back on pCPU2).

2023-01-26 02:14:14

by Srivatsa S. Bhat

[permalink] [raw]
Subject: Re: [PATCH v2] x86/hotplug: Do not put offline vCPUs in mwait idle state


Hi Igor and Sean,

On 1/20/23 10:35 AM, Sean Christopherson wrote:
> On Fri, Jan 20, 2023, Igor Mammedov wrote:
>> On Fri, 20 Jan 2023 05:55:11 -0800
>> "Srivatsa S. Bhat" <[email protected]> wrote:
>>
>>> Hi Igor and Thomas,
>>>
>>> Thank you for your review!
>>>
>>> On 1/19/23 1:12 PM, Thomas Gleixner wrote:
>>>> On Mon, Jan 16 2023 at 15:55, Igor Mammedov wrote:
>>>>> "Srivatsa S. Bhat" <[email protected]> wrote:
>>>>>> Fix this by preventing the use of mwait idle state in the vCPU offline
>>>>>> play_dead() path for any hypervisor, even if mwait support is
>>>>>> available.
>>>>>
>>>>> if mwait is enabled, it's very likely guest to have cpuidle
>>>>> enabled and using the same mwait as well. So exiting early from
>>>>> mwait_play_dead(), might just punt workflow down:
>>>>> native_play_dead()
>>>>> ...
>>>>> mwait_play_dead();
>>>>> if (cpuidle_play_dead()) <- possible mwait here
>>>>> hlt_play_dead();
>>>>>
>>>>> and it will end up in mwait again and only if that fails
>>>>> it will go HLT route and maybe transition to VMM.
>>>>
>>>> Good point.
>>>>
>>>>> Instead of workaround on guest side,
>>>>> shouldn't hypervisor force VMEXIT on being uplugged vCPU when it's
>>>>> actually hot-unplugging vCPU? (ex: QEMU kicks vCPU out from guest
>>>>> context when it is removing vCPU, among other things)
>>>>
>>>> For a pure guest side CPU unplug operation:
>>>>
>>>> guest$ echo 0 >/sys/devices/system/cpu/cpu$N/online
>>>>
>>>> the hypervisor is not involved at all. The vCPU is not removed in that
>>>> case.
>>>>
>>>
>>> Agreed, and this is indeed the scenario I was targeting with this patch,
>>> as opposed to vCPU removal from the host side. I'll add this clarification
>>> to the commit message.
>
> Forcing HLT doesn't solve anything, it's perfectly legal to passthrough HLT. I
> guarantee there are use cases that passthrough HLT but _not_ MONITOR/MWAIT, and
> that passthrough all of them.
>
>> commit message explicitly said:
>> "which prevents the hypervisor from running other vCPUs or workloads on the
>> corresponding pCPU."
>>
>> and that implies unplug on hypervisor side as well.
>> Why? That's because when hypervisor exposes mwait to guest, it has to reserve/pin
>> a pCPU for each of present vCPUs. And you can safely run other VMs/workloads
>> on that pCPU only after it's not possible for it to be reused by VM where
>> it was used originally.
>
> Pinning isn't strictly required from a safety perspective. The latency of context
> switching may suffer due to wake times, but preempting a vCPU that it's C1 (or
> deeper) won't cause functional problems. Passing through an entire socket
> (or whatever scope triggers extra fun) might be a different story, but pinning
> isn't strictly required.
>
> That said, I 100% agree that this is expected behavior and not a bug. Letting the
> guest execute MWAIT or HLT means the host won't have perfect visibility into guest
> activity state.
>
> Oversubscribing a pCPU and exposing MWAIT and/or HLT to vCPUs is generally not done
> precisely because the guest will always appear busy without extra effort on the
> host. E.g. KVM requires an explicit opt-in from userspace to expose MWAIT and/or
> HLT.
>
> If someone really wants to effeciently oversubscribe pCPUs and passthrough MWAIT,
> then their best option is probably to have a paravirt interface so that the guest
> can tell the host its offlining a vCPU. Barring that the host could inspect the
> guest when preempting a vCPU to try and guesstimate how much work the vCPU is
> actually doing in order to make better scheduling decisions.
>
>> Now consider following worst (and most likely) case without unplug
>> on hypervisor side:
>>
>> 1. vm1mwait: pin pCPU2 to vCPU2
>> 2. vm1mwait: guest$ echo 0 >/sys/devices/system/cpu/cpu2/online
>> -> HLT -> VMEXIT
>> --
>> 3. vm2mwait: pin pCPU2 to vCPUx and start VM
>> 4. vm2mwait: guest OS onlines Vcpu and starts using it incl.
>> going into idle=>mwait state
>> --
>> 5. vm1mwait: it still thinks that vCPU is present it can rightfully do:
>> guest$ echo 1 >/sys/devices/system/cpu/cpu2/online
>> --
>> 6.1 best case vm1mwait online fails after timeout
>> 6.2 worse case: vm2mwait does VMEXIT on vCPUx around time-frame when
>> vm1mwait onlines vCPU2, the online may succeed and then vm2mwait's
>> vCPUx will be stuck (possibly indefinitely) until for some reason
>> VMEXIT happens on vm1mwait's vCPU2 _and_ host decides to schedule
>> vCPUx on pCPU2 which would make vm1mwait stuck on vCPU2.
>> So either way it's expected behavior.
>>
>> And if there is no intention to unplug vCPU on hypervisor side,
>> then VMEXIT on play_dead is not really necessary (mwait is better
>> then HLT), since hypervisor can't safely reuse pCPU elsewhere and
>> VCPU goes into deep sleep within guest context.
>>
>> PS:
>> The only case where making HLT/VMEXIT on play_dead might work out,
>> would be if new workload weren't pinned to the same pCPU nor
>> used mwait (i.e. host can migrate it elsewhere and schedule
>> vCPU2 back on pCPU2).


That makes sense. Thank you both for the detailed explanation!
Let's drop this patch.

Regards,
Srivatsa
VMware Photon OS