Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx> writes: > On Sun, 2014-06-29 at 16:47 +0530, Aneesh Kumar K.V wrote: > >> To achieve the above we use virtual page calss protection mechanism for >> covering (2) and (3). For both the above case we mark the hpte >> valid, but associate the page with virtual page class index 30 and 31. >> The authority mask register is configured such that class index 30 and 31 >> will have read/write denied. The above change results in a key fault >> for (2) and (3). This allows us to forward a NO_HPTE fault directly to guest >> without doing the expensive hash pagetable lookup. > > So we have a measurable performance benefit (about half a second out of > 8). I was able to measure a performance benefit of 2 seconds earlier. But once i get the below patch applied that got reduced. I am trying to find how the patch is helping the performance. May be it is avoiding some unnecessary invalidation ? http://mid.gmane.org/1403876103-32459-1-git-send-email-aneesh.kumar@xxxxxxxxxxxxxxxxxx I also believe the benefit depends on how much impact a hash table lookup have. I did try to access the addresses linearly so that I can make sure we do take a cache miss for hash page table access. >but you didn't explain the drawback here which is to essentially make > it impossible for guests to exploit virtual page class keys, or did you > find a way to still make that possible ? I am now making PROTFAULT to go to host. That means, ksm sharing is represented as read only page and an attempt to write to it will get to host via PROTFAULT. Now with that we can implement keys for guest if we want to. So irrespective of what restrictions guest has put in, if the host swapout the page, we will deny read/write. Now if the key fault need to go to guest, we will find that out looking at the key index. > > As it-is, it's not a huge issue for Linux but we might have to care with > other OSes that do care... > > Do we have a way in PAPR to signify to the guest that the keys are not > available ? Right now Qemu doesn't provide the device tree node ibm,processor-storage-keys. That means guest cannot use keys. So we are good there. If we want to support guest keys, we need to fill that with the value that indicate how many keys can be used for data and instruction. -aneesh -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
