From patchwork Tue Apr 5 15:32:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 606543 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3qfXxB70mJz9t5Y for ; Wed, 6 Apr 2016 01:35:26 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b=IdO9sLD0; dkim-atps=neutral Received: from localhost ([::1]:37812 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1anT0n-0003FF-3n for incoming@patchwork.ozlabs.org; Tue, 05 Apr 2016 11:35:25 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54806) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1anSy8-0006k7-1W for qemu-devel@nongnu.org; Tue, 05 Apr 2016 11:32:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1anSy3-0007DA-FV for qemu-devel@nongnu.org; Tue, 05 Apr 2016 11:32:39 -0400 Received: from mail-wm0-x229.google.com ([2a00:1450:400c:c09::229]:33750) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1anSy3-0007D4-5I for qemu-devel@nongnu.org; Tue, 05 Apr 2016 11:32:35 -0400 Received: by mail-wm0-x229.google.com with SMTP id f198so37281320wme.0 for ; Tue, 05 Apr 2016 08:32:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=upY9R6dGwRosE9l3i26j9edoU2gQ2GUZUfiQ0T5QT5Q=; b=IdO9sLD0rHoDAP34BeYwx28R7hHHQV9bZquHpgBPb+wOJoC4o1WX9hE+fI3w3OUrlD yXz3+emELDc86C8qntoQXXGdU7i92DuIVVWTWz9JuhJY/wqBlvIp+nPxORKJVg4A3vFp WGV21IC/iQa5/5euv3hJemzkhFpiXwh/fsM/k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=upY9R6dGwRosE9l3i26j9edoU2gQ2GUZUfiQ0T5QT5Q=; b=Y3Wn6q9FHMmt2Co1iyZ2/kXlKpVW6PpxxZtPQIV9bGUTvhSDSwPgtCOrxJiA3Zu+NI Iv/28eK8Clr+XTx3rrMj+PoQS577U8QNVa5EuAgTd0efxoxBuGLtHorxVMWcq19ay0cs IvU+x6bMha1277ovGZvVGCDB4xtn/74ydyRvKlke/Qkurb3TuAUffbgx9tXlt3/lmV94 gbX+Wsmq0RsW6O+yVC+nQDqXurDxRzuATlzIx0Wwyhql7rrYIizba1gq/Da2Wcs5sCab Vq6CRiUxuT/Y+3U6Evo45UA7OZ78ofWeNwpX5glClSaZsc9DokYpPWrqo5Xlp6wAfnZr qRog== X-Gm-Message-State: AD7BkJLHcX1s8/cE3vbqeXQ2eFVPQ2NSvwyg7bQZ0U6Mx4LpvX1HmMZjuQ2ro44KFjo3Lxv+ X-Received: by 10.28.141.141 with SMTP id p135mr18639529wmd.8.1459870354251; Tue, 05 Apr 2016 08:32:34 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id n3sm21469597wja.6.2016.04.05.08.32.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Apr 2016 08:32:31 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 17E403E04C5; Tue, 5 Apr 2016 16:32:33 +0100 (BST) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: mttcg@listserver.greensocs.com, fred.konrad@greensocs.com, a.rigo@virtualopensystems.com, serge.fdrv@gmail.com, cota@braap.org Date: Tue, 5 Apr 2016 16:32:16 +0100 Message-Id: <1459870344-16773-4-git-send-email-alex.bennee@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1459870344-16773-1-git-send-email-alex.bennee@linaro.org> References: <1459870344-16773-1-git-send-email-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:400c:c09::229 Cc: peter.maydell@linaro.org, claudio.fontana@huawei.com, jan.kiszka@siemens.com, mark.burton@greensocs.com, qemu-devel@nongnu.org, pbonzini@redhat.com, =?UTF-8?q?Alex=20Benn=C3=A9e?= , rth@twiddle.net Subject: [Qemu-devel] [RFC v2 03/11] docs: new design document multi-thread-tcg.txt (DRAFTING) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org This is a current DRAFT of a design proposal for upgrading TCG emulation to take advantage of modern CPUs by running a thread-per-CPU. The document goes through the various areas of the code affected by such a change and proposes design requirements for each part of the solution. It has been written *without* explicit reference to the current ongoing efforts to introduce this feature. The hope being we can review and discuss the design choices without assuming the current choices taken by the implementation are correct. Signed-off-by: Alex Bennée --- v1 - initial version v2 - update discussion on locks - bit more detail on vCPU scheduling - explicitly mention Translation Blocks - emulated hardware state already covered by iomutex - a few minor rewords --- docs/multi-thread-tcg.txt | 184 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 docs/multi-thread-tcg.txt diff --git a/docs/multi-thread-tcg.txt b/docs/multi-thread-tcg.txt new file mode 100644 index 0000000..32e2f46 --- /dev/null +++ b/docs/multi-thread-tcg.txt @@ -0,0 +1,184 @@ +Copyright (c) 2015 Linaro Ltd. + +This work is licensed under the terms of the GNU GPL, version 2 or later. See +the COPYING file in the top-level directory. + +STATUS: DRAFTING + +Introduction +============ + +This document outlines the design for multi-threaded TCG emulation. +The original TCG implementation was single threaded and dealt with +multiple CPUs by with simple round-robin scheduling. This simplified a +lot of things but became increasingly limited as systems being +emulated gained additional cores and per-core performance gains for +host systems started to level off. + +vCPU Scheduling +=============== + +We introduce a new running mode where each vCPU will run on its own +user-space thread. This will be enabled by default for all +FE/BE combinations that have had the required work done to support +this safely. + +In the general case of running translated code there should be no +inter-vCPU dependencies and all vCPUs should be able to run at full +speed. Synchronisation will only be required while accessing internal +shared data structures or when the emulated architecture requires a +coherent representation of the emulated machine state. + +Shared Data Structures +====================== + +Global TCG State +---------------- + +We need to protect the entire code generation cycle including any post +generation patching of the translated code. This also implies a shared +translation buffer which contains code running on all cores. Any +execution path that comes to the main run loop will need to hold a +mutex for code generation. This also includes times when we need flush +code or jumps from the tb_cache. + +DESIGN REQUIREMENT: Add locking around all code generation, patching +and jump cache modification. + +Translation Blocks +------------------ + +Currently the whole system shares a single code generation buffer +which when full will force a flush of all translations and start from +scratch again. + +Once a basic block has been translated it will continue to be used +until it is invalidated. These invalidation events are typically due +to page changes in system emulation and changes in memory mapping in +user mode. Debugging operations can also trigger invalidation's. + +The invalidation also requires removing the TB from look-ups +(tb_phys_hash and tb_jmp_cache) as well removing any direct TB to TB +patched jumps. + +DESIGN REQUIREMENT: Safely handle invalidation of TBs + +Memory maps and TLBs +-------------------- + +The memory handling code is fairly critical to the speed of memory +access in the emulated system. + + - Memory regions (dividing up access to PIO, MMIO and RAM) + - Dirty page tracking (for code gen, migration and display) + - Virtual TLB (for translating guest address->real address) + +There is a both a fast path walked by the generated code and a slow +path when resolution is required. When the TLB tables are updated we +need to ensure they are done in a safe way by bringing all executing +threads to a halt before making the modifications. + +DESIGN REQUIREMENTS: + + - TLB Flush All/Page + - can be across-CPUs + - will need all other CPUs brought to a halt + - TLB Update (update a CPUTLBEntry, via tlb_set_page_with_attrs) + - This is a per-CPU table - by definition can't race + - updated by it's own thread when the slow-path is forced + +Emulated hardware state +----------------------- + +Currently thanks to KVM work any access to IO memory is automatically +protected by the global iothread mutex. Any IO region that doesn't use +global mutex is expected to do its own locking. + +Memory Consistency +================== + +Between emulated guests and host systems there are a range of memory +consistency models. While emulating weakly ordered systems on strongly +ordered hosts shouldn't cause any problems the same is not true for +the reverse setup. + +The proposed design currently does not address the problem of +emulating strong ordering on a weakly ordered host although even on +strongly ordered systems software should be using synchronisation +primitives to ensure correct operation. + +Memory Barriers +--------------- + +Barriers (sometimes known as fences) provide a mechanism for software +to enforce a particular ordering of memory operations from the point +of view of external observers (e.g. another processor core). They can +apply to any memory operations as well as just loads or stores. + +The Linux kernel has an excellent write-up on the various forms of +memory barrier and the guarantees they can provide [1]. + +Barriers are often wrapped around synchronisation primitives to +provide explicit memory ordering semantics. However they can be used +by themselves to provide safe lockless access by ensuring for example +a signal flag will always be set after a payload. + +DESIGN REQUIREMENT: Add a new tcg_memory_barrier op + +This would enforce a strong load/store ordering so all loads/stores +complete at the memory barrier. On single-core non-SMP strongly +ordered backends this could become a NOP. + +There may be a case for further refinement if this causes performance +bottlenecks. + +Memory Control and Maintenance +------------------------------ + +This includes a class of instructions for controlling system cache +behaviour. While QEMU doesn't model cache behaviour these instructions +are often seen when code modification has taken place to ensure the +changes take effect. + +Synchronisation Primitives +-------------------------- + +There are two broad types of synchronisation primitives found in +modern ISAs: atomic instructions and exclusive regions. + +The first type offer a simple atomic instruction which will guarantee +some sort of test and conditional store will be truly atomic w.r.t. +other cores sharing access to the memory. The classic example is the +x86 cmpxchg instruction. + +The second type offer a pair of load/store instructions which offer a +guarantee that an region of memory has not been touched between the +load and store instructions. An example of this is ARM's ldrex/strex +pair where the strex instruction will return a flag indicating a +successful store only if no other CPU has accessed the memory region +since the ldrex. + +Traditionally TCG has generated a series of operations that work +because they are within the context of a single translation block so +will have completed before another CPU is scheduled. However with +the ability to have multiple threads running to emulate multiple CPUs +we will need to explicitly expose these semantics. + +DESIGN REQUIREMENTS: + - atomics + - Introduce some atomic TCG ops for the common semantics + - The default fallback helper function will use qemu_atomics + - Each backend can then add a more efficient implementation + - load/store exclusive + [AJB: + There are currently a number proposals of interest: + - Greensocs tweaks to ldst ex (using locks) + - Slow-path for atomic instruction translation [2] + - Helper-based Atomic Instruction Emulation (AIE) [3] + ] + +========== + +[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/memory-barriers.txt +[2] http://thread.gmane.org/gmane.comp.emulators.qemu/334561 +[3] http://thread.gmane.org/gmane.comp.emulators.qemu/335297