[1/2] KVM: PPC: Add generic hpte management functions

Currently the shadow paging code keeps an array of entries it knows about.
Whenever the guest invalidates an entry, we loop through that entry,
trying to invalidate matching parts.

While this is a really simple implementation, it is probably the most
ineffective one possible. So instead, let's keep an array of lists around
that are indexed by a hash. This way each PTE can be added by 4 list_add,
removed by 4 list_del invocations and the search only needs to loop through
entries that share the same hash.

This patch implements said lookup and exports generic functions that both
the 32-bit and 64-bit backend can use.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 arch/powerpc/kvm/book3s_mmu_hpte.c |  287 ++++++++++++++++++++++++++++++++++++
 1 files changed, 287 insertions(+), 0 deletions(-)
 create mode 100644 arch/powerpc/kvm/book3s_mmu_hpte.c

On 06/21/2010 04:44 PM, Alexander Graf wrote:
> Currently the shadow paging code keeps an array of entries it knows about.
> Whenever the guest invalidates an entry, we loop through that entry,
> trying to invalidate matching parts.
>
> While this is a really simple implementation, it is probably the most
> ineffective one possible. So instead, let's keep an array of lists around
> that are indexed by a hash. This way each PTE can be added by 4 list_add,
> removed by 4 list_del invocations and the search only needs to loop through
> entries that share the same hash.
>
> This patch implements said lookup and exports generic functions that both
> the 32-bit and 64-bit backend can use.
>    

Mind explaining the all list in there?

>
> +
> +static inline u64 kvmppc_mmu_hash_pte(u64 eaddr) {
> +	return hash_64(eaddr>>  PTE_SIZE, HPTEG_HASH_BITS);
> +}
> +
> +static inline u64 kvmppc_mmu_hash_vpte(u64 vpage) {
> +	return hash_64(vpage&  0xfffffffffULL, HPTEG_HASH_BITS);
> +}
> +
> +static inline u64 kvmppc_mmu_hash_vpte_long(u64 vpage) {
> +	return hash_64((vpage&  0xffffff000ULL)>>  12, HPTEG_HASH_BITS);
> +}
>    

Please use ordinary formatting for the functions above.

> +/* Flush with mask 0xffffff000 */
> +static void kvmppc_mmu_pte_vflush_long(struct kvm_vcpu *vcpu, u64 guest_vp)
> +{
> +	struct list_head *list;
> +	struct hpte_cache *pte, *tmp;
> +	u64 vp_mask = 0xffffff000ULL;
> +
> +	list =&vcpu->arch.hpte_hash_vpte_long[kvmppc_mmu_hash_vpte_long(guest_vp)];
> +
> +	/* No entries to flush */
> +	if (!list)
> +		return;
> +
> +	/* Check the list for matching entries */
> +	list_for_each_entry_safe(pte, tmp, list, list_vpte_long)
> +		/* Jump over the helper entry */
> +		if (&pte->list_vpte_long == list)
> +			continue;
> +
> +		if ((pte->pte.vpage&  vp_mask) == guest_vp)
> +			invalidate_pte(vcpu, pte);
> +}
>    

C wants brackets around blocks.

Avi Kivity wrote:
> On 06/21/2010 04:44 PM, Alexander Graf wrote:
>> Currently the shadow paging code keeps an array of entries it knows
>> about.
>> Whenever the guest invalidates an entry, we loop through that entry,
>> trying to invalidate matching parts.
>>
>> While this is a really simple implementation, it is probably the most
>> ineffective one possible. So instead, let's keep an array of lists
>> around
>> that are indexed by a hash. This way each PTE can be added by 4
>> list_add,
>> removed by 4 list_del invocations and the search only needs to loop
>> through
>> entries that share the same hash.
>>
>> This patch implements said lookup and exports generic functions that
>> both
>> the 32-bit and 64-bit backend can use.
>>    
>
> Mind explaining the all list in there?

The all list is used to flush all entries when we need to get rid of all
entries, for example when we write a BAT.

>
>>
>> +
>> +static inline u64 kvmppc_mmu_hash_pte(u64 eaddr) {
>> +    return hash_64(eaddr>>  PTE_SIZE, HPTEG_HASH_BITS);
>> +}
>> +
>> +static inline u64 kvmppc_mmu_hash_vpte(u64 vpage) {
>> +    return hash_64(vpage&  0xfffffffffULL, HPTEG_HASH_BITS);
>> +}
>> +
>> +static inline u64 kvmppc_mmu_hash_vpte_long(u64 vpage) {
>> +    return hash_64((vpage&  0xffffff000ULL)>>  12, HPTEG_HASH_BITS);
>> +}
>>    
>
> Please use ordinary formatting for the functions above.

Ouch.

>
>> +/* Flush with mask 0xffffff000 */
>> +static void kvmppc_mmu_pte_vflush_long(struct kvm_vcpu *vcpu, u64
>> guest_vp)
>> +{
>> +    struct list_head *list;
>> +    struct hpte_cache *pte, *tmp;
>> +    u64 vp_mask = 0xffffff000ULL;
>> +
>> +    list
>> =&vcpu->arch.hpte_hash_vpte_long[kvmppc_mmu_hash_vpte_long(guest_vp)];
>> +
>> +    /* No entries to flush */
>> +    if (!list)
>> +        return;
>> +
>> +    /* Check the list for matching entries */
>> +    list_for_each_entry_safe(pte, tmp, list, list_vpte_long)
>> +        /* Jump over the helper entry */
>> +        if (&pte->list_vpte_long == list)
>> +            continue;
>> +
>> +        if ((pte->pte.vpage&  vp_mask) == guest_vp)
>> +            invalidate_pte(vcpu, pte);
>> +}
>>    
>
> C wants brackets around blocks.
>


Even more ouch.


Alex

On 06/22/2010 03:04 PM, Alexander Graf wrote:
> Avi Kivity wrote:
>    
>> On 06/21/2010 04:44 PM, Alexander Graf wrote:
>>      
>>> Currently the shadow paging code keeps an array of entries it knows
>>> about.
>>> Whenever the guest invalidates an entry, we loop through that entry,
>>> trying to invalidate matching parts.
>>>
>>> While this is a really simple implementation, it is probably the most
>>> ineffective one possible. So instead, let's keep an array of lists
>>> around
>>> that are indexed by a hash. This way each PTE can be added by 4
>>> list_add,
>>> removed by 4 list_del invocations and the search only needs to loop
>>> through
>>> entries that share the same hash.
>>>
>>> This patch implements said lookup and exports generic functions that
>>> both
>>> the 32-bit and 64-bit backend can use.
>>>
>>>        
>> Mind explaining the all list in there?
>>      
> The all list is used to flush all entries when we need to get rid of all
> entries, for example when we write a BAT.
>
>    

Yes, I more or less gathered that when I saw patch 2.  Does it make 
sense to avoid it by looping over all vpte lists in the vpte hash?  More 
effort for a full flush, esp. when the mmu is sparse, but less for 
individual pte operations.

Avi Kivity wrote:
> On 06/22/2010 03:04 PM, Alexander Graf wrote:
>> Avi Kivity wrote:
>>   
>>> On 06/21/2010 04:44 PM, Alexander Graf wrote:
>>>     
>>>> Currently the shadow paging code keeps an array of entries it knows
>>>> about.
>>>> Whenever the guest invalidates an entry, we loop through that entry,
>>>> trying to invalidate matching parts.
>>>>
>>>> While this is a really simple implementation, it is probably the most
>>>> ineffective one possible. So instead, let's keep an array of lists
>>>> around
>>>> that are indexed by a hash. This way each PTE can be added by 4
>>>> list_add,
>>>> removed by 4 list_del invocations and the search only needs to loop
>>>> through
>>>> entries that share the same hash.
>>>>
>>>> This patch implements said lookup and exports generic functions that
>>>> both
>>>> the 32-bit and 64-bit backend can use.
>>>>
>>>>        
>>> Mind explaining the all list in there?
>>>      
>> The all list is used to flush all entries when we need to get rid of all
>> entries, for example when we write a BAT.
>>
>>    
>
> Yes, I more or less gathered that when I saw patch 2.  Does it make
> sense to avoid it by looping over all vpte lists in the vpte hash? 
> More effort for a full flush, esp. when the mmu is sparse, but less
> for individual pte operations.

Hrm. We could probably make the vpte_long list shorter. Currently all
lists are 1 << 13 entries wide. So we have 8192 lists to loop through.
For vpte_long 1 << 8 = 256 is probably enough. With that it would
probably make sense, yes.

If you have more performance hints, I'll gladly take them :).


Alex

On 06/22/2010 03:10 PM, Alexander Graf wrote:
> If you have more performance hints, I'll gladly take them :).
>    

Using a cpu that virtualizes the mmu in hardware helps tremendously.

Avi Kivity wrote:
> On 06/22/2010 03:10 PM, Alexander Graf wrote:
>> If you have more performance hints, I'll gladly take them :).
>>    
>
> Using a cpu that virtualizes the mmu in hardware helps tremendously.
>

PPC never does that. Even with the virtualization extensions the MMU is
still software managed. I was also more thinking of hints like
"kmem_cache_zalloc is slow" or so ;).


Alex

On 06/22/2010 03:14 PM, Alexander Graf wrote:
> Avi Kivity wrote:
>    
>> On 06/22/2010 03:10 PM, Alexander Graf wrote:
>>      
>>> If you have more performance hints, I'll gladly take them :).
>>>
>>>        
>> Using a cpu that virtualizes the mmu in hardware helps tremendously.
>>
>>      
> PPC never does that. Even with the virtualization extensions the MMU is
> still software managed.

Then mmu intensive loads can expect to be slow.

> I was also more thinking of hints like
> "kmem_cache_zalloc is slow" or so ;).
>    

Stuff like that is usually worthless.  To give real feedback I need to 
understand the hardware, so I'm reduced to coding style and indentation 
review.

On Tue, 2010-06-22 at 15:20 +0300, Avi Kivity wrote:
> On 06/22/2010 03:14 PM, Alexander Graf wrote:
> > Avi Kivity wrote:
> >    
> >> On 06/22/2010 03:10 PM, Alexander Graf wrote:
> >>      
> >>> If you have more performance hints, I'll gladly take them :).
> >>>
> >>>        
> >> Using a cpu that virtualizes the mmu in hardware helps tremendously.
> >>
> >>      
> > PPC never does that. Even with the virtualization extensions the MMU is
> > still software managed.
> 
> Then mmu intensive loads can expect to be slow.

Well, depends. ppc64 indeed requires the hash to be managed by the
hypervisor, so inserting or invalidating translations will mean a
roundtrip to the hypervisor, though there are ways at least the
insertion could be alleviated (for example, the HV could service the
hash misses directly walking the guest page tables).

But that's due in part to a design choice (whether it's a good one or
not I'm not going to argue here) which favors huge reasonably static
workloads where the hash is expected to contain all translations for
everything.

However, note that BookE (the embedded variant of the architecture) uses
a different model for virtualization, including options in its latest
variant for a HW logical->real translation (via a small dedicated TLB)
and direct access to some TLB ops from the guest.

> > I was also more thinking of hints like
> > "kmem_cache_zalloc is slow" or so ;).
> >    
> 
> Stuff like that is usually worthless.  To give real feedback I need to 
> understand the hardware, so I'm reduced to coding style and indentation 
> review.

In that case, I'd say that BAT manipulation is rare enough (mostly only
at boot time) to warrant indeed speeding up the normal PTE operations &
invalidations at the expense of the BAT change case.

Cheers,
Ben.

On 06/27/2010 01:58 AM, Benjamin Herrenschmidt wrote:
>
>> Then mmu intensive loads can expect to be slow.
>>      
> Well, depends. ppc64 indeed requires the hash to be managed by the
> hypervisor, so inserting or invalidating translations will mean a
> roundtrip to the hypervisor, though there are ways at least the
> insertion could be alleviated (for example, the HV could service the
> hash misses directly walking the guest page tables).
>    

But the guest page tables are software defined, no?  That means the 
interface will break if the page table format changes.

> But that's due in part to a design choice (whether it's a good one or
> not I'm not going to argue here) which favors huge reasonably static
> workloads where the hash is expected to contain all translations for
> everything.
>    

What about when you have memory pressure?  The hash will have to reflect 
those pte_clear_flush_young(), no?

It seems horribly expensive.

> However, note that BookE (the embedded variant of the architecture) uses
> a different model for virtualization, including options in its latest
> variant for a HW logical->real translation (via a small dedicated TLB)
> and direct access to some TLB ops from the guest.
>    

I'm somewhat familiar with it, yes.

On Sun, 2010-06-27 at 10:53 +0300, Avi Kivity wrote:
> On 06/27/2010 01:58 AM, Benjamin Herrenschmidt wrote:
> >
> >> Then mmu intensive loads can expect to be slow.
> >>      
> > Well, depends. ppc64 indeed requires the hash to be managed by the
> > hypervisor, so inserting or invalidating translations will mean a
> > roundtrip to the hypervisor, though there are ways at least the
> > insertion could be alleviated (for example, the HV could service the
> > hash misses directly walking the guest page tables).
> >    
> 
> But the guest page tables are software defined, no?  That means the 
> interface will break if the page table format changes.

Yes. Unless the hypervisor or architecture defines the format to be
used :-) IE. That's what Niagara 1 did. But we don't do that indeed
currently.

> > But that's due in part to a design choice (whether it's a good one or
> > not I'm not going to argue here) which favors huge reasonably static
> > workloads where the hash is expected to contain all translations for
> > everything.
> >    
> 
> What about when you have memory pressure?  The hash will have to reflect 
> those pte_clear_flush_young(), no?

Well, our architects would argue that the kind of workloads we target
don't have memory pressure :-)

But yes, I agree, harvesting of dirty and young bits is going to force a
hash flush which can be pretty expensive. Heh, we've been trying to
convince our own architects at designers that the MMU sucks for long
enough...

> It seems horribly expensive.
> 
> > However, note that BookE (the embedded variant of the architecture) uses
> > a different model for virtualization, including options in its latest
> > variant for a HW logical->real translation (via a small dedicated TLB)
> > and direct access to some TLB ops from the guest.
> >    
> 
> I'm somewhat familiar with it, yes.

Cheers,
Ben.