> 3. Design of vNVDIMM in Xen Thank you for this design!
> > Similarly to that in KVM/QEMU, enabling vNVDIMM in Xen is composed of > three parts: > (1) Guest clwb/clflushopt/pcommit enabling, > (2) Memory mapping, and > (3) Guest ACPI emulation. .. MCE? and vMCE? > > The rest of this section present the design of each part > respectively. The basic design principle to reuse existing code in > Linux NVDIMM driver and QEMU as much as possible. As recent > discussions in the both Xen and QEMU mailing lists for the v1 patch > series, alternative designs are also listed below. > > > 3.1 Guest clwb/clflushopt/pcommit Enabling > > The instruction enabling is simple and we do the same work as in KVM/QEMU. > - All three instructions are exposed to guest via guest cpuid. > - L1 guest pcommit is never intercepted by Xen. I wish there was some watermarks like the PLE has. My fear is that an unfriendly guest can issue sfence all day long flushing out other guests MMC queue (the writes followed by pcommits). Which means that an guest may have degraded performance as their memory writes are being flushed out immediately as if they were being written to UC instead of WB memory. In other words - the NVDIMM resource does not provide any resource isolation. However this may not be any different than what we had nowadays with CPU caches. > - L1 hypervisor is allowed to intercept L2 guest pcommit. clwb? > > > 3.2 Address Mapping > > 3.2.1 My Design > > The overview of this design is shown in the following figure. > > Dom0 | DomU > | > | > QEMU | > +...+--------------------+...+-----+ | > VA | | Label Storage Area | | buf | | > +...+--------------------+...+-----+ | > ^ ^ ^ | > | | | | > V | | | > +-------+ +-------+ mmap(2) | > | vACPI | | v_DSM | | | | +----+------------+ > +-------+ +-------+ | | | SPA | | /dev/pmem0 | > ^ ^ +------+ | | +----+------------+ > --------|-----------|-----|------------|-- | ^ ^ > | | | | | | | > | +------+ +------------~-----~-------------+ | > | | | | | > XEN_DOMCTL_memory_mapping > | | | +-----~--------------------------+ > | | | | | > | | +----+------------+ | > Linux | | SPA | | /dev/pmem0 | | +------+ +------+ > | | +----+------------+ | | ACPI | | _DSM | > | | ^ | +------+ +------+ > | | | | | | > | | Dom0 Driver | hvmloader/xl | > > --------|----|-------------------|---------------------|----------|--------------- > | +-------------------~---------------------~----------+ > Xen | | | > +------------------------~---------------------+ > > ---------------------------------|------------------------------------------------ > +----------------+ > | > +-------------+ > HW | NVDIMM | > +-------------+ > > > This design treats host NVDIMM devices as ordinary MMIO devices: Nice. But it also means you need Xen to 'share' the ranges of an MMIO device. That is you may need dom0 _DSM method to access certain ranges (the AML code may need to poke there) - and the guest may want to access those as well. And keep in mind that this NVDIMM management may not need to be always in initial domain. As in you could have NVDIMM device drivers that would carve out the ranges to guests. > (1) Dom0 Linux NVDIMM driver is responsible to detect (through NFIT) > and drive host NVDIMM devices (implementing block device > interface). Namespaces and file systems on host NVDIMM devices > are handled by Dom0 Linux as well. > > (2) QEMU mmap(2) the pmem NVDIMM devices (/dev/pmem0) into its > virtual address space (buf). > > (3) QEMU gets the host physical address of buf, i.e. the host system > physical address that is occupied by /dev/pmem0, and calls Xen > hypercall XEN_DOMCTL_memory_mapping to map it to a DomU. > > (ACPI part is described in Section 3.3 later) > > Above (1)(2) have already been done in current QEMU. Only (3) is > needed to implement in QEMU. No change is needed in Xen for address > mapping in this design. > > Open: It seems no system call/ioctl is provided by Linux kernel to > get the physical address from a virtual address. > /proc/<qemu_pid>/pagemap provides information of mapping from > VA to PA. Is it an acceptable solution to let QEMU parse this > file to get the physical address? > > Open: For a large pmem, mmap(2) is very possible to not map all SPA > occupied by pmem at the beginning, i.e. QEMU may not be able to > get all SPA of pmem from buf (in virtual address space) when > calling XEN_DOMCTL_memory_mapping. > Can mmap flag MAP_LOCKED or mlock(2) be used to enforce the > entire pmem being mmaped? > > 3.2.2 Alternative Design > > Jan Beulich's comments [7] on my question "why must pmem resource > management and partition be done in hypervisor": > | Because that's where memory management belongs. And PMEM, > | other than PBLK, is just another form of RAM. > | ... > | The main issue is that this would imo be a layering violation > > George Dunlap's comments [8]: > | This is not the case for PMEM. The whole point of PMEM (correct me if > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ used as fungible ram > | I'm wrong) is to be used for long-term storage that survives over > | reboot. It matters very much that a guest be given the same PRAM > | after the host is rebooted that it was given before. It doesn't make > | any sense to manage it the way Xen currently manages RAM (i.e., that > | you request a page and get whatever Xen happens to give you). > | > | So if Xen is going to use PMEM, it will have to invent an entirely new > | interface for guests, and it will have to keep track of those > | resources across host reboots. In other words, it will have to > | duplicate all the work that Linux already does. What do we gain from > | that duplication? Why not just leverage what's already implemented in > | dom0? > and [9]: > | Oh, right -- yes, if the usage model of PRAM is just "cheap slow RAM", > | then you're right -- it is just another form of RAM, that should be > | treated no differently than say, lowmem: a fungible resource that can be > | requested by setting a flag. > > However, pmem is used more as persistent storage than fungible ram, > and my design is for the former usage. I would like to leave the > detection, driver and partition (either through namespace or file > systems) of NVDIMM in Dom0 Linux kernel. > > I notice that current XEN_DOMCTL_memory_mapping does not make santiy > check for the physical address and size passed from caller > (QEMU). Can QEMU be always trusted? If not, we would need to make Xen > aware of the SPA range of pmem so that it can refuse map physical > address in neither the normal ram nor pmem. /me nods. > > Instead of duplicating the detection code (parsing NFIT and > evaluating _FIT) in Dom0 Linux kernel, we decide to patch Dom0 Linux > kernel to pass parameters of host pmem NVDIMM devices to Xen > hypervisor: > (1) Add a global > struct rangeset pmem_rangeset > in Xen hypervisor to record all SPA ranges of detected pmem devices. > Each range in pmem_rangeset corresponds to a pmem device. > > (2) Add a hypercall > XEN_SYSCTL_add_pmem_range > (should it be a sysctl or a platform op?) > that receives a pair of parameters (addr: starting SPA of pmem > region, len: size of pmem region) and add a range (addr, addr + > len - 1) in nvdimm_rangset. > > (3) Add a hypercall > XEN_DOMCTL_pmem_mapping > that takes the same parameters as XEN_DOMCTL_memory_mapping and > maps a given host pmem range to guest. It checks whether the > given host pmem range is in the pmem_rangeset before making the > actual mapping. > > (4) Patch Linux NVDIMM driver to call XEN_SYSCTL_add_pmem_range > whenever it detects a pmem device. > > (5) Patch QEMU to use XEN_DOMCTL_pmem_mapping for mapping host pmem > devices. That is nice - as you can instrument this on existing hardware and create 'fake' starting SPA for real memory - which Xen may not see due to being booted with 'mem=X'. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel