Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6844012yba;
        Tue, 14 May 2019 14:56:46 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx8tKKlDB/OYTmClPxAuSs1R5P32QwfcY+qN9RHa2GEci9os4UEv2Zui56lamN47fgUsJqx
X-Received: by 2002:a17:902:8d83:: with SMTP id v3mr40364014plo.283.1557871006607;
        Tue, 14 May 2019 14:56:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1557871006; cv=none;
        d=google.com; s=arc-20160816;
        b=n7Pd07WUIgjt3j3r7oH2lsde/1eU9yoZcSl8vBv975h+dnMbYYYkhuBxw4bjRQxDNk
         nRfm1bZq/jHM03QV0Ti1aBGbjCwfRyPyTmpgCjA3Ibw/nmKV7t6zVWTnxBKuXxftQ+GI
         sdPYf6yK1iZ6ERF0LU2+HVb1im15i4qmXy3+6Ku81lFfu3RDez9FABt6A0xR166Hz29r
         6W6gH1/WKYRe3NDfgIdUoC6CtTWNdwwqXH53cjwCnG+5RaDzpT3bW4mUd5dYm+JVgsTq
         FiDSKFsZeot8ytfrtw+st0Uh6X7ZK4aZwrqla4hyauFAayqTe7rB9l157u4vyftxI8eQ
         Y0Bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature;
        bh=zGsQ7lgpHhpTbszYslBdzxyDCXSizX6+VVJQr1o6b6I=;
        b=rLZ/TCX0YzTBnCzoGG6+vWbYUOrn6FHF70YYByNvbUBCJwAcCnMOcDbJ5kOL8vUK8v
         6RQ+KsNisK6OqePs3xq6iffKGp+ZY6vNZ3Gzkr16KN/LcuehXg6KwHZGZAv7ftJFLKeg
         B6AtfxvswgGZ5kQhm5bt8l6LfH79krPwYmO0xIx4TgBhYu1Vpn1vfOpPgf1a54eoN6aE
         6tjxLt8Ze5rY43sY8bl6V0BcCZlkFiYN6CmVRynonu7JzehMx61V3vPXbL5peWSvObib
         lLBOIYrVbBtZfCVCDIX++qHuNX9JrQcCT/A+vtkqogataKZ0hO06R0tlY7ybxHDlM6NR
         /lMQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Sqp9nGAl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l9si189750pff.51.2019.05.14.14.56.31;
        Tue, 14 May 2019 14:56:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Sqp9nGAl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726523AbfENVzY (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Tue, 14 May 2019 17:55:24 -0400
Received: from mail-pg1-f195.google.com ([209.85.215.195]:45369 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726352AbfENVzV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 May 2019 17:55:21 -0400
Received: by mail-pg1-f195.google.com with SMTP id i21so213424pgi.12
        for <linux-kernel@vger.kernel.org>; Tue, 14 May 2019 14:55:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=zGsQ7lgpHhpTbszYslBdzxyDCXSizX6+VVJQr1o6b6I=;
        b=Sqp9nGAlWQZ5vX1dxWHDTDuxZAQ8qZWMKHz3Jl8zJhU4HCd4U5LRW6+WrNk+FFVT4m
         hghwxry4xwaDl/HQX8VpDYEsXxjpIc+C5kovvhxiwYCqXTRQef29CxCNWFm1bW5znOQt
         K7SZARGMC8Rt7RfHAn3RpY8sM6daSCeeLH7swaooopzfa3ObMdZ6EWj/nj1LpViuniyi
         4bbhnkKWhoastGyfdBE/DJkoP1Rh8R0rld6KSf2YfFl4gdmjFXNecFeWf9TzQuYX9kSC
         yl5u8Qe4FV0TiiOwcMABkeTC1I2KGOOO/tJlPkFrFplmiajsczCkdhcwsEb9HLfHGJbp
         bZGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=zGsQ7lgpHhpTbszYslBdzxyDCXSizX6+VVJQr1o6b6I=;
        b=PZrb9PU2h+ZB2G9/pfBLMhQxb20AVTSJjrSN68tBTXU7kiXbSvQSdh0XE0njLZlkNI
         uEJndtWkYa2BGEyRbJ0wkq6RxeO6T75ywf+1FBE5eArAW3z5AuTkfxu9TDG4trWfHsAi
         BwXgzoNvm107eQR/AqrqA0UBAuwV81wjUrlHQLQoKmO7FqIfYUmzcRqsiHQyKKy33xS7
         6Oz58ltYXJe4vQRk3CQ/9tFKl5OL31Xm8ziXfmShH3B8RMiS+BvQCkvEY+Yn/Yniww9y
         IOUeCXm+GOUsfA5a3+Mr2ms3beVZrdmcBnE8hcZli6+kKWcBmhIaTJQbuGXbszSzX/pu
         8IIA==
X-Gm-Message-State: APjAAAVvqN8dxS45HROdQMpem9EBwp40ILUM1HRBYU9iy9FAbpM2iMWH
        Gs+wug+FJrPclrwdmCfgnUup/Q==
X-Received: by 2002:a63:2bc8:: with SMTP id r191mr39777166pgr.72.1557870920728;
        Tue, 14 May 2019 14:55:20 -0700 (PDT)
Received: from ?IPv6:2601:646:c200:1ef2:bde9:fbad:7d91:52eb? ([2601:646:c200:1ef2:bde9:fbad:7d91:52eb])
        by smtp.gmail.com with ESMTPSA id d15sm116637pfm.186.2019.05.14.14.55.18
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 14 May 2019 14:55:19 -0700 (PDT)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: [RFC KVM 18/27] kvm/isolation: function to copy page table entries for percpu buffer
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <20190514210603.GD1977@linux.intel.com>
Date:   Tue, 14 May 2019 14:55:18 -0700
Cc:     Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Alexandre Chartre <alexandre.chartre@oracle.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Radim Krcmar <rkrcmar@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        kvm list <kvm@vger.kernel.org>, X86 ML <x86@kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        jan.setjeeilers@oracle.com, Liran Alon <liran.alon@oracle.com>,
        Jonathan Adams <jwadams@google.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A1EB80C0-2D88-4DC0-A898-3BED50A4F5A8@amacapital.net>
References: <CALCETrWUKZv=wdcnYjLrHDakamMBrJv48wp2XBxZsEmzuearRQ@mail.gmail.com> <20190514070941.GE2589@hirez.programming.kicks-ass.net> <b8487de1-83a8-2761-f4a6-26c583eba083@oracle.com> <B447B6E8-8CEF-46FF-9967-DFB2E00E55DB@amacapital.net> <4e7d52d7-d4d2-3008-b967-c40676ed15d2@oracle.com> <CALCETrXtwksWniEjiWKgZWZAyYLDipuq+sQ449OvDKehJ3D-fg@mail.gmail.com> <e5fedad9-4607-0aa4-297e-398c0e34ae2b@oracle.com> <20190514170522.GW2623@hirez.programming.kicks-ass.net> <20190514180936.GA1977@linux.intel.com> <CALCETrVzbBLokip5n0KEyG6irH6aoEWqyNODTy8embpXhB1GQg@mail.gmail.com> <20190514210603.GD1977@linux.intel.com>
To:     Sean Christopherson <sean.j.christopherson@intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On May 14, 2019, at 2:06 PM, Sean Christopherson <sean.j.christopherson@in=
tel.com> wrote:
>=20
>> On Tue, May 14, 2019 at 01:33:21PM -0700, Andy Lutomirski wrote:
>> On Tue, May 14, 2019 at 11:09 AM Sean Christopherson
>> <sean.j.christopherson@intel.com> wrote:
>>> For IRQs it's somewhat feasible, but not for NMIs since NMIs are unblock=
ed
>>> on VMX immediately after VM-Exit, i.e. there's no way to prevent an NMI
>>> from occuring while KVM's page tables are loaded.
>>>=20
>>> Back to Andy's question about enabling IRQs, the answer is "it depends".=

>>> Exits due to INTR, NMI and #MC are considered high priority and are
>>> serviced before re-enabling IRQs and preemption[1].  All other exits are=

>>> handled after IRQs and preemption are re-enabled.
>>>=20
>>> A decent number of exit handlers are quite short, e.g. CPUID, most RDMSR=

>>> and WRMSR, any event-related exit, etc...  But many exit handlers requir=
e
>>> significantly longer flows, e.g. EPT violations (page faults) and anythi=
ng
>>> that requires extensive emulation, e.g. nested VMX.  In short, leaving
>>> IRQs disabled across all exits is not practical.
>>>=20
>>> Before going down the path of figuring out how to handle the corner case=
s
>>> regarding kvm_mm, I think it makes sense to pinpoint exactly what exits
>>> are a) in the hot path for the use case (configuration) and b) can be
>>> handled fast enough that they can run with IRQs disabled.  Generating th=
at
>>> list might allow us to tightly bound the contents of kvm_mm and sidestep=

>>> many of the corner cases, i.e. select VM-Exits are handle with IRQs
>>> disabled using KVM's mm, while "slow" VM-Exits go through the full conte=
xt
>>> switch.
>>=20
>> I suspect that the context switch is a bit of a red herring.  A
>> PCID-don't-flush CR3 write is IIRC under 300 cycles.  Sure, it's slow,
>> but it's probably minor compared to the full cost of the vm exit.  The
>> pain point is kicking the sibling thread.
>=20
> Speaking of PCIDs, a separate mm for KVM would mean consuming another
> ASID, which isn't good.

I=E2=80=99m not sure we care. We have many logical address spaces (two per m=
m plus a few more).  We have 4096 PCIDs, but we only use ten or so.  And we h=
ave some undocumented number of *physical* ASIDs with some undocumented mech=
anism by which PCID maps to a physical ASID.

I don=E2=80=99t suppose you know how many physical ASIDs we have?  And how i=
t interacts with the VPID stuff?