Mailing List Archive

[PATCH v3 1/2] x86/hvm: set 'ipat' in EPT for special pages
From: Paul Durrant <pdurrant@amazon.com>

All non-MMIO ranges (i.e those not mapping real device MMIO regions) that
map valid MFNs are normally marked MTRR_TYPE_WRBACK and 'ipat' is set. Hence
when PV drivers running in a guest populate the BAR space of the Xen Platform
PCI Device with pages such as the Shared Info page or Grant Table pages,
accesses to these pages will be cachable.

However, should IOMMU mappings be enabled be enabled for the guest then these
accesses become uncachable. This has a substantial negative effect on I/O
throughput of PV devices. Arguably PV drivers should bot be using BAR space to
host the Shared Info and Grant Table pages but it is currently commonplace for
them to do this and so this problem needs mitigation. Hence this patch makes
sure the 'ipat' bit is set for any special page regardless of where in GFN
space it is mapped.

NOTE: Clearly this mitigation only applies to Intel EPT. It is not obvious
that there is any similar mitigation possible for AMD NPT. Downstreams
such as Citrix XenServer have been carrying a patch similar to this for
several releases though.

Signed-off-by: Paul Durrant <pdurrant@amazon.com>
---
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Wei Liu <wl@xen.org>
Cc: "Roger Pau Monné" <roger.pau@citrix.com>

v3:
- dropping Jan's R-b
- cope with order > 0
---
xen/arch/x86/hvm/mtrr.c | 11 +++++++++++
1 file changed, 11 insertions(+)

diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c
index 511c3be1c8..26721f6ee7 100644
--- a/xen/arch/x86/hvm/mtrr.c
+++ b/xen/arch/x86/hvm/mtrr.c
@@ -836,6 +836,17 @@ int epte_get_entry_emt(struct domain *d, unsigned long gfn, mfn_t mfn,
return MTRR_TYPE_WRBACK;
}

+ for ( i = 0; i < (1ul << order); i++ )
+ {
+ if ( is_special_page(mfn_to_page(mfn_add(mfn, i))) )
+ {
+ if ( order )
+ return -1;
+ *ipat = 1;
+ return MTRR_TYPE_WRBACK;
+ }
+ }
+
gmtrr_mtype = hvm_get_mem_pinned_cacheattr(d, _gfn(gfn), order);
if ( gmtrr_mtype >= 0 )
{
--
2.20.1
RE: [PATCH v3 1/2] x86/hvm: set 'ipat' in EPT for special pages [ In reply to ]
> -----Original Message-----
> From: Paul Durrant <paul@xen.org>
> Sent: 31 July 2020 15:26
> To: xen-devel@lists.xenproject.org
> Cc: Durrant, Paul <pdurrant@amazon.co.uk>; Jan Beulich <jbeulich@suse.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Wei Liu <wl@xen.org>; Roger Pau Monné <roger.pau@citrix.com>
> Subject: [EXTERNAL] [PATCH v3 1/2] x86/hvm: set 'ipat' in EPT for special pages
>
> CAUTION: This email originated from outside of the organization. Do not click links or open
> attachments unless you can confirm the sender and know the content is safe.
>
>
>
> From: Paul Durrant <pdurrant@amazon.com>
>
> All non-MMIO ranges (i.e those not mapping real device MMIO regions) that
> map valid MFNs are normally marked MTRR_TYPE_WRBACK and 'ipat' is set. Hence
> when PV drivers running in a guest populate the BAR space of the Xen Platform
> PCI Device with pages such as the Shared Info page or Grant Table pages,
> accesses to these pages will be cachable.
>
> However, should IOMMU mappings be enabled be enabled for the guest then these
> accesses become uncachable. This has a substantial negative effect on I/O
> throughput of PV devices. Arguably PV drivers should bot be using BAR space to
> host the Shared Info and Grant Table pages but it is currently commonplace for
> them to do this and so this problem needs mitigation. Hence this patch makes
> sure the 'ipat' bit is set for any special page regardless of where in GFN
> space it is mapped.
>
> NOTE: Clearly this mitigation only applies to Intel EPT. It is not obvious
> that there is any similar mitigation possible for AMD NPT. Downstreams
> such as Citrix XenServer have been carrying a patch similar to this for
> several releases though.
>
> Signed-off-by: Paul Durrant <pdurrant@amazon.com>

This is missing a hunk. I'll send v4.

Paul

> ---
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: Wei Liu <wl@xen.org>
> Cc: "Roger Pau Monné" <roger.pau@citrix.com>
>
> v3:
> - dropping Jan's R-b
> - cope with order > 0
> ---
> xen/arch/x86/hvm/mtrr.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c
> index 511c3be1c8..26721f6ee7 100644
> --- a/xen/arch/x86/hvm/mtrr.c
> +++ b/xen/arch/x86/hvm/mtrr.c
> @@ -836,6 +836,17 @@ int epte_get_entry_emt(struct domain *d, unsigned long gfn, mfn_t mfn,
> return MTRR_TYPE_WRBACK;
> }
>
> + for ( i = 0; i < (1ul << order); i++ )
> + {
> + if ( is_special_page(mfn_to_page(mfn_add(mfn, i))) )
> + {
> + if ( order )
> + return -1;
> + *ipat = 1;
> + return MTRR_TYPE_WRBACK;
> + }
> + }
> +
> gmtrr_mtype = hvm_get_mem_pinned_cacheattr(d, _gfn(gfn), order);
> if ( gmtrr_mtype >= 0 )
> {
> --
> 2.20.1