net: add initial support for AF_XDP network backend

AF_XDP is a network socket family that allows communication directly
with the network device driver in the kernel, bypassing most or all
of the kernel networking stack.  In the essence, the technology is
pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
and works with any network interfaces without driver modifications.
Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
require access to character devices or unix sockets.  Only access to
the network interface itself is necessary.

This patch implements a network backend that communicates with the
kernel by creating an AF_XDP socket.  A chunk of userspace memory
is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
Fill and Completion) are placed in that memory along with a pool of
memory buffers for the packet data.  Data transmission is done by
allocating one of the buffers, copying packet data into it and
placing the pointer into Tx ring.  After transmission, device will
return the buffer via Completion ring.  On Rx, device will take
a buffer form a pre-populated Fill ring, write the packet data into
it and place the buffer into Rx ring.

AF_XDP network backend takes on the communication with the host
kernel and the network interface and forwards packets to/from the
peer device in QEMU.

Usage example:

  -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
  -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1

XDP program bridges the socket with a network interface.  It can be
attached to the interface in 2 different modes:

1. skb - this mode should work for any interface and doesn't require
         driver support.  With a caveat of lower performance.

2. native - this does require support from the driver and allows to
            bypass skb allocation in the kernel and potentially use
            zero-copy while getting packets in/out userspace.

By default, QEMU will try to use native mode and fall back to skb.
Mode can be forced via 'mode' option.  To force 'copy' even in native
mode, use 'force-copy=on' option.  This might be useful if there is
some issue with the driver.

Option 'queues=N' allows to specify how many device queues should
be open.  Note that all the queues that are not open are still
functional and can receive traffic, but it will not be delivered to
QEMU.  So, the number of device queues should generally match the
QEMU configuration, unless the device is shared with something
else and the traffic re-direction to appropriate queues is correctly
configured on a device level (e.g. with ethtool -N).
'start-queue=M' option can be used to specify from which queue id
QEMU should start configuring 'N' queues.  It might also be necessary
to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
for examples.

In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
capabilities in order to load default XSK/XDP programs to the
network interface and configure BTF maps.  It is possible, however,
to run only with CAP_NET_RAW.  For that to work, an external process
with admin capabilities will need to pre-load default XSK program
and pass an open file descriptor for this program's 'xsks_map' to
QEMU process on startup.  Network backend will need to be configured
with 'inhibit=on' to avoid loading of the programs.  The file
descriptor for 'xsks_map' can be passed via 'xsks-map-fd=N' option.

There are few performance challenges with the current network backends.

First is that they do not support IO threads.  This means that data
path is handled by the main thread in QEMU and may slow down other
work or may be slowed down by some other work.  This also means that
taking advantage of multi-queue is generally not possible today.

Another thing is that data path is going through the device emulation
code, which is not really optimized for performance.  The fastest
"frontend" device is virtio-net.  But it's not optimized for heavy
traffic either, because it expects such use-cases to be handled via
some implementation of vhost (user, kernel, vdpa).  In practice, we
have virtio notifications and rcu lock/unlock on a per-packet basis
and not very efficient accesses to the guest memory.  Communication
channels between backend and frontend devices do not allow passing
more than one packet at a time as well.

Some of these challenges can be avoided in the future by adding better
batching into device emulation or by implementing vhost-af-xdp variant.

There are also a few kernel limitations.  AF_XDP sockets do not
support any kinds of checksum or segmentation offloading.  Buffers
are limited to a page size (4K), i.e. MTU is limited.  Multi-buffer
support is not implemented for AF_XDP today.  Also, transmission in
all non-zero-copy modes is synchronous, i.e. done in a syscall.
That doesn't allow high packet rates on virtual interfaces.

However, keeping in mind all of these challenges, current implementation
of the AF_XDP backend shows a decent performance while running on top
of a physical NIC with zero-copy support.

Test setup:

2 VMs running on 2 physical hosts connected via ConnectX6-Dx card.
Network backend is configured to open the NIC directly in native mode.
The driver supports zero-copy.  NIC is configured to use 1 queue.

Inside a VM - iperf3 for basic TCP performance testing and dpdk-testpmd
for PPS testing.

iperf3 result:
 TCP stream      : 19.1 Gbps

dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
 Tx only         : 3.4 Mpps
 Rx only         : 2.0 Mpps
 L2 FWD Loopback : 1.5 Mpps

In skb mode the same setup shows much lower performance, similar to
the setup where pair of physical NICs is replaced with veth a pair:

iperf3 result:
  TCP stream      : 9 Gbps

dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
  Tx only         : 1.2 Mpps
  Rx only         : 1.0 Mpps
  L2 FWD Loopback : 0.7 Mpps

Results in skb mode or over the veth are close to results of a tap
backend with vhost=on and disabled segmentation offloading bridged
with a NIC.

Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
 MAINTAINERS                                   |   4 +
 hmp-commands.hx                               |   2 +-
 meson.build                                   |  14 +
 meson_options.txt                             |   2 +
 net/af-xdp.c                                  | 501 ++++++++++++++++++
 net/clients.h                                 |   5 +
 net/meson.build                               |   3 +
 net/net.c                                     |   6 +
 qapi/net.json                                 |  54 +-
 qemu-options.hx                               |  61 ++-
 .../ci/org.centos/stream/8/x86_64/configure   |   1 +
 scripts/meson-buildoptions.sh                 |   3 +
 tests/docker/dockerfiles/debian-amd64.docker  |   1 +
 13 files changed, 654 insertions(+), 3 deletions(-)
 create mode 100644 net/af-xdp.c

On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>
> AF_XDP is a network socket family that allows communication directly
> with the network device driver in the kernel, bypassing most or all
> of the kernel networking stack.  In the essence, the technology is
> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
> and works with any network interfaces without driver modifications.
> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
> require access to character devices or unix sockets.  Only access to
> the network interface itself is necessary.
>
> This patch implements a network backend that communicates with the
> kernel by creating an AF_XDP socket.  A chunk of userspace memory
> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
> Fill and Completion) are placed in that memory along with a pool of
> memory buffers for the packet data.  Data transmission is done by
> allocating one of the buffers, copying packet data into it and
> placing the pointer into Tx ring.  After transmission, device will
> return the buffer via Completion ring.  On Rx, device will take
> a buffer form a pre-populated Fill ring, write the packet data into
> it and place the buffer into Rx ring.
>
> AF_XDP network backend takes on the communication with the host
> kernel and the network interface and forwards packets to/from the
> peer device in QEMU.
>
> Usage example:
>
>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
>
> XDP program bridges the socket with a network interface.  It can be
> attached to the interface in 2 different modes:
>
> 1. skb - this mode should work for any interface and doesn't require
>          driver support.  With a caveat of lower performance.
>
> 2. native - this does require support from the driver and allows to
>             bypass skb allocation in the kernel and potentially use
>             zero-copy while getting packets in/out userspace.
>
> By default, QEMU will try to use native mode and fall back to skb.
> Mode can be forced via 'mode' option.  To force 'copy' even in native
> mode, use 'force-copy=on' option.  This might be useful if there is
> some issue with the driver.
>
> Option 'queues=N' allows to specify how many device queues should
> be open.  Note that all the queues that are not open are still
> functional and can receive traffic, but it will not be delivered to
> QEMU.  So, the number of device queues should generally match the
> QEMU configuration, unless the device is shared with something
> else and the traffic re-direction to appropriate queues is correctly
> configured on a device level (e.g. with ethtool -N).
> 'start-queue=M' option can be used to specify from which queue id
> QEMU should start configuring 'N' queues.  It might also be necessary
> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
> for examples.
>
> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
> capabilities in order to load default XSK/XDP programs to the
> network interface and configure BTF maps.

I think you mean "BPF" actually?

>  It is possible, however,
> to run only with CAP_NET_RAW.

Qemu often runs without any privileges, so we need to fix it.

I think adding support for SCM_RIGHTS via monitor would be a way to go.


> For that to work, an external process
> with admin capabilities will need to pre-load default XSK program
> and pass an open file descriptor for this program's 'xsks_map' to
> QEMU process on startup.  Network backend will need to be configured
> with 'inhibit=on' to avoid loading of the programs.  The file
> descriptor for 'xsks_map' can be passed via 'xsks-map-fd=N' option.
>
> There are few performance challenges with the current network backends.
>
> First is that they do not support IO threads.

The current networking codes needs some major recatoring to support IO
threads which I'm not sure is worthwhile.

> This means that data
> path is handled by the main thread in QEMU and may slow down other
> work or may be slowed down by some other work.  This also means that
> taking advantage of multi-queue is generally not possible today.
>
> Another thing is that data path is going through the device emulation
> code, which is not really optimized for performance.  The fastest
> "frontend" device is virtio-net.  But it's not optimized for heavy
> traffic either, because it expects such use-cases to be handled via
> some implementation of vhost (user, kernel, vdpa).  In practice, we
> have virtio notifications and rcu lock/unlock on a per-packet basis
> and not very efficient accesses to the guest memory.  Communication
> channels between backend and frontend devices do not allow passing
> more than one packet at a time as well.
>
> Some of these challenges can be avoided in the future by adding better
> batching into device emulation or by implementing vhost-af-xdp variant.

It might require you to register(pin) the whole guest memory to XSK or
there could be a copy. Both of them are sub-optimal.

A really interesting project is to do AF_XDP passthrough, then we
don't need to care about pin and copy and we will get ultra speed in
the guest. (But again, it might needs BPF support in virtio-net).

>
> There are also a few kernel limitations.  AF_XDP sockets do not
> support any kinds of checksum or segmentation offloading.  Buffers
> are limited to a page size (4K), i.e. MTU is limited.  Multi-buffer
> support is not implemented for AF_XDP today.  Also, transmission in
> all non-zero-copy modes is synchronous, i.e. done in a syscall.
> That doesn't allow high packet rates on virtual interfaces.
>
> However, keeping in mind all of these challenges, current implementation
> of the AF_XDP backend shows a decent performance while running on top
> of a physical NIC with zero-copy support.
>
> Test setup:
>
> 2 VMs running on 2 physical hosts connected via ConnectX6-Dx card.
> Network backend is configured to open the NIC directly in native mode.
> The driver supports zero-copy.  NIC is configured to use 1 queue.
>
> Inside a VM - iperf3 for basic TCP performance testing and dpdk-testpmd
> for PPS testing.
>
> iperf3 result:
>  TCP stream      : 19.1 Gbps
>
> dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
>  Tx only         : 3.4 Mpps
>  Rx only         : 2.0 Mpps
>  L2 FWD Loopback : 1.5 Mpps

I don't object to merging this backend (considering we've already
merged netmap) once the code is fine, but the number is not amazing so
I wonder what is the use case for this backend?

Thanks

On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
>
> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >
> > AF_XDP is a network socket family that allows communication directly
> > with the network device driver in the kernel, bypassing most or all
> > of the kernel networking stack.  In the essence, the technology is
> > pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
> > and works with any network interfaces without driver modifications.
> > Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
> > require access to character devices or unix sockets.  Only access to
> > the network interface itself is necessary.
> >
> > This patch implements a network backend that communicates with the
> > kernel by creating an AF_XDP socket.  A chunk of userspace memory
> > is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
> > Fill and Completion) are placed in that memory along with a pool of
> > memory buffers for the packet data.  Data transmission is done by
> > allocating one of the buffers, copying packet data into it and
> > placing the pointer into Tx ring.  After transmission, device will
> > return the buffer via Completion ring.  On Rx, device will take
> > a buffer form a pre-populated Fill ring, write the packet data into
> > it and place the buffer into Rx ring.
> >
> > AF_XDP network backend takes on the communication with the host
> > kernel and the network interface and forwards packets to/from the
> > peer device in QEMU.
> >
> > Usage example:
> >
> >   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
> >   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
> >
> > XDP program bridges the socket with a network interface.  It can be
> > attached to the interface in 2 different modes:
> >
> > 1. skb - this mode should work for any interface and doesn't require
> >          driver support.  With a caveat of lower performance.
> >
> > 2. native - this does require support from the driver and allows to
> >             bypass skb allocation in the kernel and potentially use
> >             zero-copy while getting packets in/out userspace.
> >
> > By default, QEMU will try to use native mode and fall back to skb.
> > Mode can be forced via 'mode' option.  To force 'copy' even in native
> > mode, use 'force-copy=on' option.  This might be useful if there is
> > some issue with the driver.
> >
> > Option 'queues=N' allows to specify how many device queues should
> > be open.  Note that all the queues that are not open are still
> > functional and can receive traffic, but it will not be delivered to
> > QEMU.  So, the number of device queues should generally match the
> > QEMU configuration, unless the device is shared with something
> > else and the traffic re-direction to appropriate queues is correctly
> > configured on a device level (e.g. with ethtool -N).
> > 'start-queue=M' option can be used to specify from which queue id
> > QEMU should start configuring 'N' queues.  It might also be necessary
> > to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
> > for examples.
> >
> > In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
> > capabilities in order to load default XSK/XDP programs to the
> > network interface and configure BTF maps.
>
> I think you mean "BPF" actually?
>
> >  It is possible, however,
> > to run only with CAP_NET_RAW.
>
> Qemu often runs without any privileges, so we need to fix it.
>
> I think adding support for SCM_RIGHTS via monitor would be a way to go.
>
>
> > For that to work, an external process
> > with admin capabilities will need to pre-load default XSK program
> > and pass an open file descriptor for this program's 'xsks_map' to
> > QEMU process on startup.  Network backend will need to be configured
> > with 'inhibit=on' to avoid loading of the programs.  The file
> > descriptor for 'xsks_map' can be passed via 'xsks-map-fd=N' option.
> >
> > There are few performance challenges with the current network backends.
> >
> > First is that they do not support IO threads.
>
> The current networking codes needs some major recatoring to support IO
> threads which I'm not sure is worthwhile.
>
> > This means that data
> > path is handled by the main thread in QEMU and may slow down other
> > work or may be slowed down by some other work.  This also means that
> > taking advantage of multi-queue is generally not possible today.
> >
> > Another thing is that data path is going through the device emulation
> > code, which is not really optimized for performance.  The fastest
> > "frontend" device is virtio-net.  But it's not optimized for heavy
> > traffic either, because it expects such use-cases to be handled via
> > some implementation of vhost (user, kernel, vdpa).  In practice, we
> > have virtio notifications and rcu lock/unlock on a per-packet basis
> > and not very efficient accesses to the guest memory.  Communication
> > channels between backend and frontend devices do not allow passing
> > more than one packet at a time as well.
> >
> > Some of these challenges can be avoided in the future by adding better
> > batching into device emulation or by implementing vhost-af-xdp variant.
>
> It might require you to register(pin) the whole guest memory to XSK or
> there could be a copy. Both of them are sub-optimal.
>
> A really interesting project is to do AF_XDP passthrough, then we
> don't need to care about pin and copy and we will get ultra speed in
> the guest. (But again, it might needs BPF support in virtio-net).
>
> >
> > There are also a few kernel limitations.  AF_XDP sockets do not
> > support any kinds of checksum or segmentation offloading.  Buffers
> > are limited to a page size (4K), i.e. MTU is limited.  Multi-buffer
> > support is not implemented for AF_XDP today.  Also, transmission in
> > all non-zero-copy modes is synchronous, i.e. done in a syscall.
> > That doesn't allow high packet rates on virtual interfaces.
> >
> > However, keeping in mind all of these challenges, current implementation
> > of the AF_XDP backend shows a decent performance while running on top
> > of a physical NIC with zero-copy support.
> >
> > Test setup:
> >
> > 2 VMs running on 2 physical hosts connected via ConnectX6-Dx card.
> > Network backend is configured to open the NIC directly in native mode.
> > The driver supports zero-copy.  NIC is configured to use 1 queue.
> >
> > Inside a VM - iperf3 for basic TCP performance testing and dpdk-testpmd
> > for PPS testing.
> >
> > iperf3 result:
> >  TCP stream      : 19.1 Gbps
> >
> > dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
> >  Tx only         : 3.4 Mpps
> >  Rx only         : 2.0 Mpps
> >  L2 FWD Loopback : 1.5 Mpps
>
> I don't object to merging this backend (considering we've already
> merged netmap) once the code is fine, but the number is not amazing so
> I wonder what is the use case for this backend?

A more ambitious method is to reuse DPDK via dedicated threads, then
we can reuse any of its PMD like AF_XDP.

Thanks

>
> Thanks

On 6/26/23 08:32, Jason Wang wrote:
> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
>>
>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>
>>> AF_XDP is a network socket family that allows communication directly
>>> with the network device driver in the kernel, bypassing most or all
>>> of the kernel networking stack.  In the essence, the technology is
>>> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
>>> and works with any network interfaces without driver modifications.
>>> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
>>> require access to character devices or unix sockets.  Only access to
>>> the network interface itself is necessary.
>>>
>>> This patch implements a network backend that communicates with the
>>> kernel by creating an AF_XDP socket.  A chunk of userspace memory
>>> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
>>> Fill and Completion) are placed in that memory along with a pool of
>>> memory buffers for the packet data.  Data transmission is done by
>>> allocating one of the buffers, copying packet data into it and
>>> placing the pointer into Tx ring.  After transmission, device will
>>> return the buffer via Completion ring.  On Rx, device will take
>>> a buffer form a pre-populated Fill ring, write the packet data into
>>> it and place the buffer into Rx ring.
>>>
>>> AF_XDP network backend takes on the communication with the host
>>> kernel and the network interface and forwards packets to/from the
>>> peer device in QEMU.
>>>
>>> Usage example:
>>>
>>>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
>>>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
>>>
>>> XDP program bridges the socket with a network interface.  It can be
>>> attached to the interface in 2 different modes:
>>>
>>> 1. skb - this mode should work for any interface and doesn't require
>>>          driver support.  With a caveat of lower performance.
>>>
>>> 2. native - this does require support from the driver and allows to
>>>             bypass skb allocation in the kernel and potentially use
>>>             zero-copy while getting packets in/out userspace.
>>>
>>> By default, QEMU will try to use native mode and fall back to skb.
>>> Mode can be forced via 'mode' option.  To force 'copy' even in native
>>> mode, use 'force-copy=on' option.  This might be useful if there is
>>> some issue with the driver.
>>>
>>> Option 'queues=N' allows to specify how many device queues should
>>> be open.  Note that all the queues that are not open are still
>>> functional and can receive traffic, but it will not be delivered to
>>> QEMU.  So, the number of device queues should generally match the
>>> QEMU configuration, unless the device is shared with something
>>> else and the traffic re-direction to appropriate queues is correctly
>>> configured on a device level (e.g. with ethtool -N).
>>> 'start-queue=M' option can be used to specify from which queue id
>>> QEMU should start configuring 'N' queues.  It might also be necessary
>>> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
>>> for examples.
>>>
>>> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
>>> capabilities in order to load default XSK/XDP programs to the
>>> network interface and configure BTF maps.
>>
>> I think you mean "BPF" actually?

"BPF Type Format maps" kind of makes some sense, but yes. :)

>>
>>>  It is possible, however,
>>> to run only with CAP_NET_RAW.
>>
>> Qemu often runs without any privileges, so we need to fix it.
>>
>> I think adding support for SCM_RIGHTS via monitor would be a way to go.

I looked through the code and it seems like we can run completely
non-privileged as far as kernel concerned.  We'll need an API
modification in libxdp though.

The thing is, IIUC, the only syscall that requires CAP_NET_RAW is
a base socket creation.  Binding and other configuration doesn't
require any privileges.  So, we could create a socket externally
and pass it to QEMU.  Should work, unless it's an oversight from
the kernel side that needs to be patched. :)  libxdp doesn't have
a way to specify externally created socket today, so we'll need
to change that.  Should be easy to do though.  I can explore.

In case the bind syscall will actually need CAP_NET_RAW for some
reason, we could change the kernel and allow non-privileged bind
by utilizing, e.g. SO_BINDTODEVICE.  i.e., let the privileged
process bind the socket to a particular device, so QEMU can't
bind it to a random one.  Might be a good use case to allow even
if not strictly necessary.

>>
>>
>>> For that to work, an external process
>>> with admin capabilities will need to pre-load default XSK program
>>> and pass an open file descriptor for this program's 'xsks_map' to
>>> QEMU process on startup.  Network backend will need to be configured
>>> with 'inhibit=on' to avoid loading of the programs.  The file
>>> descriptor for 'xsks_map' can be passed via 'xsks-map-fd=N' option.
>>>
>>> There are few performance challenges with the current network backends.
>>>
>>> First is that they do not support IO threads.
>>
>> The current networking codes needs some major recatoring to support IO
>> threads which I'm not sure is worthwhile.
>>
>>> This means that data
>>> path is handled by the main thread in QEMU and may slow down other
>>> work or may be slowed down by some other work.  This also means that
>>> taking advantage of multi-queue is generally not possible today.
>>>
>>> Another thing is that data path is going through the device emulation
>>> code, which is not really optimized for performance.  The fastest
>>> "frontend" device is virtio-net.  But it's not optimized for heavy
>>> traffic either, because it expects such use-cases to be handled via
>>> some implementation of vhost (user, kernel, vdpa).  In practice, we
>>> have virtio notifications and rcu lock/unlock on a per-packet basis
>>> and not very efficient accesses to the guest memory.  Communication
>>> channels between backend and frontend devices do not allow passing
>>> more than one packet at a time as well.
>>>
>>> Some of these challenges can be avoided in the future by adding better
>>> batching into device emulation or by implementing vhost-af-xdp variant.
>>
>> It might require you to register(pin) the whole guest memory to XSK or
>> there could be a copy. Both of them are sub-optimal.

A single copy by itself shouldn't be a huge problem, right?
vhost-user and -kernel do copy packets.

>>
>> A really interesting project is to do AF_XDP passthrough, then we
>> don't need to care about pin and copy and we will get ultra speed in
>> the guest. (But again, it might needs BPF support in virtio-net).

I suppose, if we're doing pass-through we need a new device type and a
driver in the kernel/dpdk.  There is no point pretending it's a
virtio-net and translating between different ring layouts.  Or is there?

>>
>>>
>>> There are also a few kernel limitations.  AF_XDP sockets do not
>>> support any kinds of checksum or segmentation offloading.  Buffers
>>> are limited to a page size (4K), i.e. MTU is limited.  Multi-buffer
>>> support is not implemented for AF_XDP today.  Also, transmission in
>>> all non-zero-copy modes is synchronous, i.e. done in a syscall.
>>> That doesn't allow high packet rates on virtual interfaces.
>>>
>>> However, keeping in mind all of these challenges, current implementation
>>> of the AF_XDP backend shows a decent performance while running on top
>>> of a physical NIC with zero-copy support.
>>>
>>> Test setup:
>>>
>>> 2 VMs running on 2 physical hosts connected via ConnectX6-Dx card.
>>> Network backend is configured to open the NIC directly in native mode.
>>> The driver supports zero-copy.  NIC is configured to use 1 queue.
>>>
>>> Inside a VM - iperf3 for basic TCP performance testing and dpdk-testpmd
>>> for PPS testing.
>>>
>>> iperf3 result:
>>>  TCP stream      : 19.1 Gbps
>>>
>>> dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
>>>  Tx only         : 3.4 Mpps
>>>  Rx only         : 2.0 Mpps
>>>  L2 FWD Loopback : 1.5 Mpps
>>
>> I don't object to merging this backend (considering we've already
>> merged netmap) once the code is fine, but the number is not amazing so
>> I wonder what is the use case for this backend?

I don't think there is a use case right now that would significantly benefit
from the current implementation, so I'm fine if the merge is postponed.
It is noticeably more performant than a tap with vhost=on in terms of PPS.
So, that might be one case.  Taking into account that just rcu lock and
unlock in virtio-net code takes more time than a packet copy, some batching
on QEMU side should improve performance significantly.  And it shouldn't be
too hard to implement.

Performance over virtual interfaces may potentially be improved by creating
a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
scale well.

So, I do think that there is a potential in this backend.

The main benefit, assuming we can reach performance comparable with other
high-performance backends (vhost-user), I think, is the fact that it's
Linux-native and doesn't require talking with any other devices
(like chardevs/sockets), except for a network interface itself. i.e. it
could be easier to manage in complex environments.

> A more ambitious method is to reuse DPDK via dedicated threads, then
> we can reuse any of its PMD like AF_XDP.

Linking with DPDK will make configuration much more complex.  I don't
think it makes sense to bring it in for AF_XDP specifically.  Might be
a separate project though, sure.  

Best regards, Ilya Maximets.

On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>
> On 6/26/23 08:32, Jason Wang wrote:
> > On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> >>
> >> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>
> >>> AF_XDP is a network socket family that allows communication directly
> >>> with the network device driver in the kernel, bypassing most or all
> >>> of the kernel networking stack.  In the essence, the technology is
> >>> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
> >>> and works with any network interfaces without driver modifications.
> >>> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
> >>> require access to character devices or unix sockets.  Only access to
> >>> the network interface itself is necessary.
> >>>
> >>> This patch implements a network backend that communicates with the
> >>> kernel by creating an AF_XDP socket.  A chunk of userspace memory
> >>> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
> >>> Fill and Completion) are placed in that memory along with a pool of
> >>> memory buffers for the packet data.  Data transmission is done by
> >>> allocating one of the buffers, copying packet data into it and
> >>> placing the pointer into Tx ring.  After transmission, device will
> >>> return the buffer via Completion ring.  On Rx, device will take
> >>> a buffer form a pre-populated Fill ring, write the packet data into
> >>> it and place the buffer into Rx ring.
> >>>
> >>> AF_XDP network backend takes on the communication with the host
> >>> kernel and the network interface and forwards packets to/from the
> >>> peer device in QEMU.
> >>>
> >>> Usage example:
> >>>
> >>>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
> >>>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
> >>>
> >>> XDP program bridges the socket with a network interface.  It can be
> >>> attached to the interface in 2 different modes:
> >>>
> >>> 1. skb - this mode should work for any interface and doesn't require
> >>>          driver support.  With a caveat of lower performance.
> >>>
> >>> 2. native - this does require support from the driver and allows to
> >>>             bypass skb allocation in the kernel and potentially use
> >>>             zero-copy while getting packets in/out userspace.
> >>>
> >>> By default, QEMU will try to use native mode and fall back to skb.
> >>> Mode can be forced via 'mode' option.  To force 'copy' even in native
> >>> mode, use 'force-copy=on' option.  This might be useful if there is
> >>> some issue with the driver.
> >>>
> >>> Option 'queues=N' allows to specify how many device queues should
> >>> be open.  Note that all the queues that are not open are still
> >>> functional and can receive traffic, but it will not be delivered to
> >>> QEMU.  So, the number of device queues should generally match the
> >>> QEMU configuration, unless the device is shared with something
> >>> else and the traffic re-direction to appropriate queues is correctly
> >>> configured on a device level (e.g. with ethtool -N).
> >>> 'start-queue=M' option can be used to specify from which queue id
> >>> QEMU should start configuring 'N' queues.  It might also be necessary
> >>> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
> >>> for examples.
> >>>
> >>> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
> >>> capabilities in order to load default XSK/XDP programs to the
> >>> network interface and configure BTF maps.
> >>
> >> I think you mean "BPF" actually?
>
> "BPF Type Format maps" kind of makes some sense, but yes. :)
>
> >>
> >>>  It is possible, however,
> >>> to run only with CAP_NET_RAW.
> >>
> >> Qemu often runs without any privileges, so we need to fix it.
> >>
> >> I think adding support for SCM_RIGHTS via monitor would be a way to go.
>
> I looked through the code and it seems like we can run completely
> non-privileged as far as kernel concerned.  We'll need an API
> modification in libxdp though.
>
> The thing is, IIUC, the only syscall that requires CAP_NET_RAW is
> a base socket creation.  Binding and other configuration doesn't
> require any privileges.  So, we could create a socket externally
> and pass it to QEMU.

That's the way TAP works for example.

>  Should work, unless it's an oversight from
> the kernel side that needs to be patched. :)  libxdp doesn't have
> a way to specify externally created socket today, so we'll need
> to change that.  Should be easy to do though.  I can explore.

Please do that.

>
> In case the bind syscall will actually need CAP_NET_RAW for some
> reason, we could change the kernel and allow non-privileged bind
> by utilizing, e.g. SO_BINDTODEVICE.  i.e., let the privileged
> process bind the socket to a particular device, so QEMU can't
> bind it to a random one.  Might be a good use case to allow even
> if not strictly necessary.

Yes.

>
> >>
> >>
> >>> For that to work, an external process
> >>> with admin capabilities will need to pre-load default XSK program
> >>> and pass an open file descriptor for this program's 'xsks_map' to
> >>> QEMU process on startup.  Network backend will need to be configured
> >>> with 'inhibit=on' to avoid loading of the programs.  The file
> >>> descriptor for 'xsks_map' can be passed via 'xsks-map-fd=N' option.
> >>>
> >>> There are few performance challenges with the current network backends.
> >>>
> >>> First is that they do not support IO threads.
> >>
> >> The current networking codes needs some major recatoring to support IO
> >> threads which I'm not sure is worthwhile.
> >>
> >>> This means that data
> >>> path is handled by the main thread in QEMU and may slow down other
> >>> work or may be slowed down by some other work.  This also means that
> >>> taking advantage of multi-queue is generally not possible today.
> >>>
> >>> Another thing is that data path is going through the device emulation
> >>> code, which is not really optimized for performance.  The fastest
> >>> "frontend" device is virtio-net.  But it's not optimized for heavy
> >>> traffic either, because it expects such use-cases to be handled via
> >>> some implementation of vhost (user, kernel, vdpa).  In practice, we
> >>> have virtio notifications and rcu lock/unlock on a per-packet basis
> >>> and not very efficient accesses to the guest memory.  Communication
> >>> channels between backend and frontend devices do not allow passing
> >>> more than one packet at a time as well.
> >>>
> >>> Some of these challenges can be avoided in the future by adding better
> >>> batching into device emulation or by implementing vhost-af-xdp variant.
> >>
> >> It might require you to register(pin) the whole guest memory to XSK or
> >> there could be a copy. Both of them are sub-optimal.
>
> A single copy by itself shouldn't be a huge problem, right?

Probably.

> vhost-user and -kernel do copy packets.
>
> >>
> >> A really interesting project is to do AF_XDP passthrough, then we
> >> don't need to care about pin and copy and we will get ultra speed in
> >> the guest. (But again, it might needs BPF support in virtio-net).
>
> I suppose, if we're doing pass-through we need a new device type and a
> driver in the kernel/dpdk.  There is no point pretending it's a
> virtio-net and translating between different ring layouts.

Yes.

>  Or is there?
>
> >>
> >>>
> >>> There are also a few kernel limitations.  AF_XDP sockets do not
> >>> support any kinds of checksum or segmentation offloading.  Buffers
> >>> are limited to a page size (4K), i.e. MTU is limited.  Multi-buffer
> >>> support is not implemented for AF_XDP today.  Also, transmission in
> >>> all non-zero-copy modes is synchronous, i.e. done in a syscall.
> >>> That doesn't allow high packet rates on virtual interfaces.
> >>>
> >>> However, keeping in mind all of these challenges, current implementation
> >>> of the AF_XDP backend shows a decent performance while running on top
> >>> of a physical NIC with zero-copy support.
> >>>
> >>> Test setup:
> >>>
> >>> 2 VMs running on 2 physical hosts connected via ConnectX6-Dx card.
> >>> Network backend is configured to open the NIC directly in native mode.
> >>> The driver supports zero-copy.  NIC is configured to use 1 queue.
> >>>
> >>> Inside a VM - iperf3 for basic TCP performance testing and dpdk-testpmd
> >>> for PPS testing.
> >>>
> >>> iperf3 result:
> >>>  TCP stream      : 19.1 Gbps
> >>>
> >>> dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
> >>>  Tx only         : 3.4 Mpps
> >>>  Rx only         : 2.0 Mpps
> >>>  L2 FWD Loopback : 1.5 Mpps
> >>
> >> I don't object to merging this backend (considering we've already
> >> merged netmap) once the code is fine, but the number is not amazing so
> >> I wonder what is the use case for this backend?
>
> I don't think there is a use case right now that would significantly benefit
> from the current implementation, so I'm fine if the merge is postponed.

Just to be clear, I don't want to postpone this if we decide to
invest/enhance it. I will go through the codes and get back.

> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> So, that might be one case.  Taking into account that just rcu lock and
> unlock in virtio-net code takes more time than a packet copy, some batching
> on QEMU side should improve performance significantly.  And it shouldn't be
> too hard to implement.
>
> Performance over virtual interfaces may potentially be improved by creating
> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> scale well.

Interestingly, actually, there are a lot of "duplication" between
io_uring and AF_XDP:

1) both have similar memory model (user register)
2) both use ring for communication

I wonder if we can let io_uring talks directly to AF_XDP.

>
> So, I do think that there is a potential in this backend.
>
> The main benefit, assuming we can reach performance comparable with other
> high-performance backends (vhost-user), I think, is the fact that it's
> Linux-native and doesn't require talking with any other devices
> (like chardevs/sockets), except for a network interface itself. i.e. it
> could be easier to manage in complex environments.

Yes.

>
> > A more ambitious method is to reuse DPDK via dedicated threads, then
> > we can reuse any of its PMD like AF_XDP.
>
> Linking with DPDK will make configuration much more complex.  I don't
> think it makes sense to bring it in for AF_XDP specifically.  Might be
> a separate project though, sure.

Right.

Thanks

>
> Best regards, Ilya Maximets.
>

Can multiple VMs share a host netdev by filtering incoming traffic
based on each VM's MAC address and directing it to the appropriate
XSK? If yes, then I think AF_XDP is interesting when SR-IOV or similar
hardware features are not available.

The idea of an AF_XDP passthrough device seems interesting because it
would minimize the overhead and avoid some of the existing software
limitations (mostly in QEMU's networking subsystem) that you
described. I don't know whether the AF_XDP API is suitable or can be
extended to build a hardware emulation interface, but it seems
plausible. When Stefano Garzarella played with io_uring passthrough
into the guest, one of the issues was guest memory translation (since
the guest doesn't use host userspace virtual addresses). I guess
AF_XDP would need an API for adding/removing memory translations or
operate in a mode where addresses are relative offsets from the start
of the umem regions (but this may be impractical if it limits where
the guest can allocate packet payload buffers).

Whether you pursue the passthrough approach or not, making -netdev
af-xdp work in an environment where QEMU runs unprivileged seems like
the most important practical issue to solve.

Stefan

On 6/27/23 04:54, Jason Wang wrote:
> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>>
>> On 6/26/23 08:32, Jason Wang wrote:
>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
>>>>
>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>
>>>>> AF_XDP is a network socket family that allows communication directly
>>>>> with the network device driver in the kernel, bypassing most or all
>>>>> of the kernel networking stack.  In the essence, the technology is
>>>>> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
>>>>> and works with any network interfaces without driver modifications.
>>>>> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
>>>>> require access to character devices or unix sockets.  Only access to
>>>>> the network interface itself is necessary.
>>>>>
>>>>> This patch implements a network backend that communicates with the
>>>>> kernel by creating an AF_XDP socket.  A chunk of userspace memory
>>>>> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
>>>>> Fill and Completion) are placed in that memory along with a pool of
>>>>> memory buffers for the packet data.  Data transmission is done by
>>>>> allocating one of the buffers, copying packet data into it and
>>>>> placing the pointer into Tx ring.  After transmission, device will
>>>>> return the buffer via Completion ring.  On Rx, device will take
>>>>> a buffer form a pre-populated Fill ring, write the packet data into
>>>>> it and place the buffer into Rx ring.
>>>>>
>>>>> AF_XDP network backend takes on the communication with the host
>>>>> kernel and the network interface and forwards packets to/from the
>>>>> peer device in QEMU.
>>>>>
>>>>> Usage example:
>>>>>
>>>>>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
>>>>>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
>>>>>
>>>>> XDP program bridges the socket with a network interface.  It can be
>>>>> attached to the interface in 2 different modes:
>>>>>
>>>>> 1. skb - this mode should work for any interface and doesn't require
>>>>>          driver support.  With a caveat of lower performance.
>>>>>
>>>>> 2. native - this does require support from the driver and allows to
>>>>>             bypass skb allocation in the kernel and potentially use
>>>>>             zero-copy while getting packets in/out userspace.
>>>>>
>>>>> By default, QEMU will try to use native mode and fall back to skb.
>>>>> Mode can be forced via 'mode' option.  To force 'copy' even in native
>>>>> mode, use 'force-copy=on' option.  This might be useful if there is
>>>>> some issue with the driver.
>>>>>
>>>>> Option 'queues=N' allows to specify how many device queues should
>>>>> be open.  Note that all the queues that are not open are still
>>>>> functional and can receive traffic, but it will not be delivered to
>>>>> QEMU.  So, the number of device queues should generally match the
>>>>> QEMU configuration, unless the device is shared with something
>>>>> else and the traffic re-direction to appropriate queues is correctly
>>>>> configured on a device level (e.g. with ethtool -N).
>>>>> 'start-queue=M' option can be used to specify from which queue id
>>>>> QEMU should start configuring 'N' queues.  It might also be necessary
>>>>> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
>>>>> for examples.
>>>>>
>>>>> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
>>>>> capabilities in order to load default XSK/XDP programs to the
>>>>> network interface and configure BTF maps.
>>>>
>>>> I think you mean "BPF" actually?
>>
>> "BPF Type Format maps" kind of makes some sense, but yes. :)
>>
>>>>
>>>>>  It is possible, however,
>>>>> to run only with CAP_NET_RAW.
>>>>
>>>> Qemu often runs without any privileges, so we need to fix it.
>>>>
>>>> I think adding support for SCM_RIGHTS via monitor would be a way to go.
>>
>> I looked through the code and it seems like we can run completely
>> non-privileged as far as kernel concerned.  We'll need an API
>> modification in libxdp though.
>>
>> The thing is, IIUC, the only syscall that requires CAP_NET_RAW is
>> a base socket creation.  Binding and other configuration doesn't
>> require any privileges.  So, we could create a socket externally
>> and pass it to QEMU.
> 
> That's the way TAP works for example.
> 
>>  Should work, unless it's an oversight from
>> the kernel side that needs to be patched. :)  libxdp doesn't have
>> a way to specify externally created socket today, so we'll need
>> to change that.  Should be easy to do though.  I can explore.
> 
> Please do that.

I have a prototype:
  https://github.com/igsilya/xdp-tools/commit/db73e90945e3aa5e451ac88c42c83cb9389642d3

Need to test it out and then submit PR to xdp-tools project.

> 
>>
>> In case the bind syscall will actually need CAP_NET_RAW for some
>> reason, we could change the kernel and allow non-privileged bind
>> by utilizing, e.g. SO_BINDTODEVICE.  i.e., let the privileged
>> process bind the socket to a particular device, so QEMU can't
>> bind it to a random one.  Might be a good use case to allow even
>> if not strictly necessary.
> 
> Yes.

Will propose something for a kernel as well.  We might want something
more granular though, e.g. bind to a queue instead of a device.  In
case we want better control in the device sharing scenario.

> 
>>
>>>>
>>>>
>>>>> For that to work, an external process
>>>>> with admin capabilities will need to pre-load default XSK program
>>>>> and pass an open file descriptor for this program's 'xsks_map' to
>>>>> QEMU process on startup.  Network backend will need to be configured
>>>>> with 'inhibit=on' to avoid loading of the programs.  The file
>>>>> descriptor for 'xsks_map' can be passed via 'xsks-map-fd=N' option.
>>>>>
>>>>> There are few performance challenges with the current network backends.
>>>>>
>>>>> First is that they do not support IO threads.
>>>>
>>>> The current networking codes needs some major recatoring to support IO
>>>> threads which I'm not sure is worthwhile.
>>>>
>>>>> This means that data
>>>>> path is handled by the main thread in QEMU and may slow down other
>>>>> work or may be slowed down by some other work.  This also means that
>>>>> taking advantage of multi-queue is generally not possible today.
>>>>>
>>>>> Another thing is that data path is going through the device emulation
>>>>> code, which is not really optimized for performance.  The fastest
>>>>> "frontend" device is virtio-net.  But it's not optimized for heavy
>>>>> traffic either, because it expects such use-cases to be handled via
>>>>> some implementation of vhost (user, kernel, vdpa).  In practice, we
>>>>> have virtio notifications and rcu lock/unlock on a per-packet basis
>>>>> and not very efficient accesses to the guest memory.  Communication
>>>>> channels between backend and frontend devices do not allow passing
>>>>> more than one packet at a time as well.
>>>>>
>>>>> Some of these challenges can be avoided in the future by adding better
>>>>> batching into device emulation or by implementing vhost-af-xdp variant.
>>>>
>>>> It might require you to register(pin) the whole guest memory to XSK or
>>>> there could be a copy. Both of them are sub-optimal.
>>
>> A single copy by itself shouldn't be a huge problem, right?
> 
> Probably.
> 
>> vhost-user and -kernel do copy packets.
>>
>>>>
>>>> A really interesting project is to do AF_XDP passthrough, then we
>>>> don't need to care about pin and copy and we will get ultra speed in
>>>> the guest. (But again, it might needs BPF support in virtio-net).
>>
>> I suppose, if we're doing pass-through we need a new device type and a
>> driver in the kernel/dpdk.  There is no point pretending it's a
>> virtio-net and translating between different ring layouts.
> 
> Yes.
> 
>>  Or is there?
>>
>>>>
>>>>>
>>>>> There are also a few kernel limitations.  AF_XDP sockets do not
>>>>> support any kinds of checksum or segmentation offloading.  Buffers
>>>>> are limited to a page size (4K), i.e. MTU is limited.  Multi-buffer
>>>>> support is not implemented for AF_XDP today.  Also, transmission in
>>>>> all non-zero-copy modes is synchronous, i.e. done in a syscall.
>>>>> That doesn't allow high packet rates on virtual interfaces.
>>>>>
>>>>> However, keeping in mind all of these challenges, current implementation
>>>>> of the AF_XDP backend shows a decent performance while running on top
>>>>> of a physical NIC with zero-copy support.
>>>>>
>>>>> Test setup:
>>>>>
>>>>> 2 VMs running on 2 physical hosts connected via ConnectX6-Dx card.
>>>>> Network backend is configured to open the NIC directly in native mode.
>>>>> The driver supports zero-copy.  NIC is configured to use 1 queue.
>>>>>
>>>>> Inside a VM - iperf3 for basic TCP performance testing and dpdk-testpmd
>>>>> for PPS testing.
>>>>>
>>>>> iperf3 result:
>>>>>  TCP stream      : 19.1 Gbps
>>>>>
>>>>> dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
>>>>>  Tx only         : 3.4 Mpps
>>>>>  Rx only         : 2.0 Mpps
>>>>>  L2 FWD Loopback : 1.5 Mpps
>>>>
>>>> I don't object to merging this backend (considering we've already
>>>> merged netmap) once the code is fine, but the number is not amazing so
>>>> I wonder what is the use case for this backend?
>>
>> I don't think there is a use case right now that would significantly benefit
>> from the current implementation, so I'm fine if the merge is postponed.
> 
> Just to be clear, I don't want to postpone this if we decide to
> invest/enhance it. I will go through the codes and get back.

Ack.  Thanks.

> 
>> It is noticeably more performant than a tap with vhost=on in terms of PPS.
>> So, that might be one case.  Taking into account that just rcu lock and
>> unlock in virtio-net code takes more time than a packet copy, some batching
>> on QEMU side should improve performance significantly.  And it shouldn't be
>> too hard to implement.
>>
>> Performance over virtual interfaces may potentially be improved by creating
>> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
>> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
>> scale well.
> 
> Interestingly, actually, there are a lot of "duplication" between
> io_uring and AF_XDP:
> 
> 1) both have similar memory model (user register)
> 2) both use ring for communication
> 
> I wonder if we can let io_uring talks directly to AF_XDP.

Well, if we submit poll() in QEMU main loop via io_uring, then we can
avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
virtual interfaces.  io_uring thread in the kernel will be able to
perform transmission for us.

But yeah, there are way too many way too similar ring buffer interfaces
in the kernel.

> 
>>
>> So, I do think that there is a potential in this backend.
>>
>> The main benefit, assuming we can reach performance comparable with other
>> high-performance backends (vhost-user), I think, is the fact that it's
>> Linux-native and doesn't require talking with any other devices
>> (like chardevs/sockets), except for a network interface itself. i.e. it
>> could be easier to manage in complex environments.
> 
> Yes.
> 
>>
>>> A more ambitious method is to reuse DPDK via dedicated threads, then
>>> we can reuse any of its PMD like AF_XDP.
>>
>> Linking with DPDK will make configuration much more complex.  I don't
>> think it makes sense to bring it in for AF_XDP specifically.  Might be
>> a separate project though, sure.
> 
> Right.
> 
> Thanks
> 
>>
>> Best regards, Ilya Maximets.
>>
>

On 6/27/23 10:56, Stefan Hajnoczi wrote:
> Can multiple VMs share a host netdev by filtering incoming traffic
> based on each VM's MAC address and directing it to the appropriate
> XSK? If yes, then I think AF_XDP is interesting when SR-IOV or similar
> hardware features are not available.

Good point.  Thanks!

Yes, they can.  Traffic can be re-directed via 'ethtool -N' similarly
to an example in the patch.  Or, potentially, via custom XDP program.
Then different QEMU instances may use different start-queue arguments
and use their own range of queues this way.

> 
> The idea of an AF_XDP passthrough device seems interesting because it
> would minimize the overhead and avoid some of the existing software
> limitations (mostly in QEMU's networking subsystem) that you
> described. I don't know whether the AF_XDP API is suitable or can be
> extended to build a hardware emulation interface, but it seems
> plausible. When Stefano Garzarella played with io_uring passthrough
> into the guest, one of the issues was guest memory translation (since
> the guest doesn't use host userspace virtual addresses). I guess
> AF_XDP would need an API for adding/removing memory translations or
> operate in a mode where addresses are relative offsets from the start
> of the umem regions

Actually, addresses in AF_XDP rings are already offsets from the
start of the umem region.  For example, xsk_umem__get_data is
implemented as &((char *)umem_area)[addr]; inside libxdp.  So, that
should not be an issue.

> (but this may be impractical if it limits where
> the guest can allocate packet payload buffers).

Yeah, we will either need to:

a. register the whole guest memory as umem and offset buffer pointers
   in the guest driver by the start of guest physical memory.

   (I'm not familiar much with QEMU memory subsystem.  Is guest physical
    memory always start at 0? I know that it's not always true for the
    real hardware.)

b. or require the guest driver to allocate a chunk of aligned contiguous
   memory and copy all the packets there on Tx.  And populate the Fill
   ring only with buffers from that area.  Assuming guest pages align
   with the host pages.  Again, a single copy might not be that bad,
   but it's hard to tell what the actual impact will be without testing.

> 
> Whether you pursue the passthrough approach or not, making -netdev
> af-xdp work in an environment where QEMU runs unprivileged seems like
> the most important practical issue to solve.

Yes, working on it.  Doesn't seem to be hard to do, but I need to test.

Best regards, Ilya Maximets.

On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>
> On 6/27/23 04:54, Jason Wang wrote:
> > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>
> >> On 6/26/23 08:32, Jason Wang wrote:
> >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> >>>>
> >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>
> >>>>> AF_XDP is a network socket family that allows communication directly
> >>>>> with the network device driver in the kernel, bypassing most or all
> >>>>> of the kernel networking stack.  In the essence, the technology is
> >>>>> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
> >>>>> and works with any network interfaces without driver modifications.
> >>>>> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
> >>>>> require access to character devices or unix sockets.  Only access to
> >>>>> the network interface itself is necessary.
> >>>>>
> >>>>> This patch implements a network backend that communicates with the
> >>>>> kernel by creating an AF_XDP socket.  A chunk of userspace memory
> >>>>> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
> >>>>> Fill and Completion) are placed in that memory along with a pool of
> >>>>> memory buffers for the packet data.  Data transmission is done by
> >>>>> allocating one of the buffers, copying packet data into it and
> >>>>> placing the pointer into Tx ring.  After transmission, device will
> >>>>> return the buffer via Completion ring.  On Rx, device will take
> >>>>> a buffer form a pre-populated Fill ring, write the packet data into
> >>>>> it and place the buffer into Rx ring.
> >>>>>
> >>>>> AF_XDP network backend takes on the communication with the host
> >>>>> kernel and the network interface and forwards packets to/from the
> >>>>> peer device in QEMU.
> >>>>>
> >>>>> Usage example:
> >>>>>
> >>>>>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
> >>>>>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
> >>>>>
> >>>>> XDP program bridges the socket with a network interface.  It can be
> >>>>> attached to the interface in 2 different modes:
> >>>>>
> >>>>> 1. skb - this mode should work for any interface and doesn't require
> >>>>>          driver support.  With a caveat of lower performance.
> >>>>>
> >>>>> 2. native - this does require support from the driver and allows to
> >>>>>             bypass skb allocation in the kernel and potentially use
> >>>>>             zero-copy while getting packets in/out userspace.
> >>>>>
> >>>>> By default, QEMU will try to use native mode and fall back to skb.
> >>>>> Mode can be forced via 'mode' option.  To force 'copy' even in native
> >>>>> mode, use 'force-copy=on' option.  This might be useful if there is
> >>>>> some issue with the driver.
> >>>>>
> >>>>> Option 'queues=N' allows to specify how many device queues should
> >>>>> be open.  Note that all the queues that are not open are still
> >>>>> functional and can receive traffic, but it will not be delivered to
> >>>>> QEMU.  So, the number of device queues should generally match the
> >>>>> QEMU configuration, unless the device is shared with something
> >>>>> else and the traffic re-direction to appropriate queues is correctly
> >>>>> configured on a device level (e.g. with ethtool -N).
> >>>>> 'start-queue=M' option can be used to specify from which queue id
> >>>>> QEMU should start configuring 'N' queues.  It might also be necessary
> >>>>> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
> >>>>> for examples.
> >>>>>
> >>>>> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
> >>>>> capabilities in order to load default XSK/XDP programs to the
> >>>>> network interface and configure BTF maps.
> >>>>
> >>>> I think you mean "BPF" actually?
> >>
> >> "BPF Type Format maps" kind of makes some sense, but yes. :)
> >>
> >>>>
> >>>>>  It is possible, however,
> >>>>> to run only with CAP_NET_RAW.
> >>>>
> >>>> Qemu often runs without any privileges, so we need to fix it.
> >>>>
> >>>> I think adding support for SCM_RIGHTS via monitor would be a way to go.
> >>
> >> I looked through the code and it seems like we can run completely
> >> non-privileged as far as kernel concerned.  We'll need an API
> >> modification in libxdp though.
> >>
> >> The thing is, IIUC, the only syscall that requires CAP_NET_RAW is
> >> a base socket creation.  Binding and other configuration doesn't
> >> require any privileges.  So, we could create a socket externally
> >> and pass it to QEMU.
> >
> > That's the way TAP works for example.
> >
> >>  Should work, unless it's an oversight from
> >> the kernel side that needs to be patched. :)  libxdp doesn't have
> >> a way to specify externally created socket today, so we'll need
> >> to change that.  Should be easy to do though.  I can explore.
> >
> > Please do that.
>
> I have a prototype:
>   https://github.com/igsilya/xdp-tools/commit/db73e90945e3aa5e451ac88c42c83cb9389642d3
>
> Need to test it out and then submit PR to xdp-tools project.
>
> >
> >>
> >> In case the bind syscall will actually need CAP_NET_RAW for some
> >> reason, we could change the kernel and allow non-privileged bind
> >> by utilizing, e.g. SO_BINDTODEVICE.  i.e., let the privileged
> >> process bind the socket to a particular device, so QEMU can't
> >> bind it to a random one.  Might be a good use case to allow even
> >> if not strictly necessary.
> >
> > Yes.
>
> Will propose something for a kernel as well.  We might want something
> more granular though, e.g. bind to a queue instead of a device.  In
> case we want better control in the device sharing scenario.

I may miss something but the bind is already done at dev plus queue
right now, isn't it?


>
> >
> >>
> >>>>
> >>>>
> >>>>> For that to work, an external process
> >>>>> with admin capabilities will need to pre-load default XSK program
> >>>>> and pass an open file descriptor for this program's 'xsks_map' to
> >>>>> QEMU process on startup.  Network backend will need to be configured
> >>>>> with 'inhibit=on' to avoid loading of the programs.  The file
> >>>>> descriptor for 'xsks_map' can be passed via 'xsks-map-fd=N' option.
> >>>>>
> >>>>> There are few performance challenges with the current network backends.
> >>>>>
> >>>>> First is that they do not support IO threads.
> >>>>
> >>>> The current networking codes needs some major recatoring to support IO
> >>>> threads which I'm not sure is worthwhile.
> >>>>
> >>>>> This means that data
> >>>>> path is handled by the main thread in QEMU and may slow down other
> >>>>> work or may be slowed down by some other work.  This also means that
> >>>>> taking advantage of multi-queue is generally not possible today.
> >>>>>
> >>>>> Another thing is that data path is going through the device emulation
> >>>>> code, which is not really optimized for performance.  The fastest
> >>>>> "frontend" device is virtio-net.  But it's not optimized for heavy
> >>>>> traffic either, because it expects such use-cases to be handled via
> >>>>> some implementation of vhost (user, kernel, vdpa).  In practice, we
> >>>>> have virtio notifications and rcu lock/unlock on a per-packet basis
> >>>>> and not very efficient accesses to the guest memory.  Communication
> >>>>> channels between backend and frontend devices do not allow passing
> >>>>> more than one packet at a time as well.
> >>>>>
> >>>>> Some of these challenges can be avoided in the future by adding better
> >>>>> batching into device emulation or by implementing vhost-af-xdp variant.
> >>>>
> >>>> It might require you to register(pin) the whole guest memory to XSK or
> >>>> there could be a copy. Both of them are sub-optimal.
> >>
> >> A single copy by itself shouldn't be a huge problem, right?
> >
> > Probably.
> >
> >> vhost-user and -kernel do copy packets.
> >>
> >>>>
> >>>> A really interesting project is to do AF_XDP passthrough, then we
> >>>> don't need to care about pin and copy and we will get ultra speed in
> >>>> the guest. (But again, it might needs BPF support in virtio-net).
> >>
> >> I suppose, if we're doing pass-through we need a new device type and a
> >> driver in the kernel/dpdk.  There is no point pretending it's a
> >> virtio-net and translating between different ring layouts.
> >
> > Yes.
> >
> >>  Or is there?
> >>
> >>>>
> >>>>>
> >>>>> There are also a few kernel limitations.  AF_XDP sockets do not
> >>>>> support any kinds of checksum or segmentation offloading.  Buffers
> >>>>> are limited to a page size (4K), i.e. MTU is limited.  Multi-buffer
> >>>>> support is not implemented for AF_XDP today.  Also, transmission in
> >>>>> all non-zero-copy modes is synchronous, i.e. done in a syscall.
> >>>>> That doesn't allow high packet rates on virtual interfaces.
> >>>>>
> >>>>> However, keeping in mind all of these challenges, current implementation
> >>>>> of the AF_XDP backend shows a decent performance while running on top
> >>>>> of a physical NIC with zero-copy support.
> >>>>>
> >>>>> Test setup:
> >>>>>
> >>>>> 2 VMs running on 2 physical hosts connected via ConnectX6-Dx card.
> >>>>> Network backend is configured to open the NIC directly in native mode.
> >>>>> The driver supports zero-copy.  NIC is configured to use 1 queue.
> >>>>>
> >>>>> Inside a VM - iperf3 for basic TCP performance testing and dpdk-testpmd
> >>>>> for PPS testing.
> >>>>>
> >>>>> iperf3 result:
> >>>>>  TCP stream      : 19.1 Gbps
> >>>>>
> >>>>> dpdk-testpmd (single queue, single CPU core, 64 B packets) results:
> >>>>>  Tx only         : 3.4 Mpps
> >>>>>  Rx only         : 2.0 Mpps
> >>>>>  L2 FWD Loopback : 1.5 Mpps
> >>>>
> >>>> I don't object to merging this backend (considering we've already
> >>>> merged netmap) once the code is fine, but the number is not amazing so
> >>>> I wonder what is the use case for this backend?
> >>
> >> I don't think there is a use case right now that would significantly benefit
> >> from the current implementation, so I'm fine if the merge is postponed.
> >
> > Just to be clear, I don't want to postpone this if we decide to
> > invest/enhance it. I will go through the codes and get back.
>
> Ack.  Thanks.
>
> >
> >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> >> So, that might be one case.  Taking into account that just rcu lock and
> >> unlock in virtio-net code takes more time than a packet copy, some batching
> >> on QEMU side should improve performance significantly.  And it shouldn't be
> >> too hard to implement.
> >>
> >> Performance over virtual interfaces may potentially be improved by creating
> >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> >> scale well.
> >
> > Interestingly, actually, there are a lot of "duplication" between
> > io_uring and AF_XDP:
> >
> > 1) both have similar memory model (user register)
> > 2) both use ring for communication
> >
> > I wonder if we can let io_uring talks directly to AF_XDP.
>
> Well, if we submit poll() in QEMU main loop via io_uring, then we can
> avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> virtual interfaces.  io_uring thread in the kernel will be able to
> perform transmission for us.

It would be nice if we can use iothread/vhost other than the main loop
even if io_uring can use kthreads. We can avoid the memory translation
cost.

Thanks

>
> But yeah, there are way too many way too similar ring buffer interfaces
> in the kernel.
>
> >
> >>
> >> So, I do think that there is a potential in this backend.
> >>
> >> The main benefit, assuming we can reach performance comparable with other
> >> high-performance backends (vhost-user), I think, is the fact that it's
> >> Linux-native and doesn't require talking with any other devices
> >> (like chardevs/sockets), except for a network interface itself. i.e. it
> >> could be easier to manage in complex environments.
> >
> > Yes.
> >
> >>
> >>> A more ambitious method is to reuse DPDK via dedicated threads, then
> >>> we can reuse any of its PMD like AF_XDP.
> >>
> >> Linking with DPDK will make configuration much more complex.  I don't
> >> think it makes sense to bring it in for AF_XDP specifically.  Might be
> >> a separate project though, sure.
> >
> > Right.
> >
> > Thanks
> >
> >>
> >> Best regards, Ilya Maximets.
> >>
> >
>

On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
>
> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >
> > On 6/27/23 04:54, Jason Wang wrote:
> > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > >>
> > >> On 6/26/23 08:32, Jason Wang wrote:
> > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > >>>>
> > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > >> So, that might be one case.  Taking into account that just rcu lock and
> > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > >> too hard to implement.
> > >>
> > >> Performance over virtual interfaces may potentially be improved by creating
> > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > >> scale well.
> > >
> > > Interestingly, actually, there are a lot of "duplication" between
> > > io_uring and AF_XDP:
> > >
> > > 1) both have similar memory model (user register)
> > > 2) both use ring for communication
> > >
> > > I wonder if we can let io_uring talks directly to AF_XDP.
> >
> > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > virtual interfaces.  io_uring thread in the kernel will be able to
> > perform transmission for us.
>
> It would be nice if we can use iothread/vhost other than the main loop
> even if io_uring can use kthreads. We can avoid the memory translation
> cost.

The QEMU event loop (AioContext) has io_uring code
(utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
on patches to re-enable it and will probably send them in July. The
patches also add an API to submit arbitrary io_uring operations so
that you can do stuff besides file descriptor monitoring. Both the
main loop and IOThreads will be able to use io_uring on Linux hosts.

Stefan

On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> >
> > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > >
> > > On 6/27/23 04:54, Jason Wang wrote:
> > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > >>
> > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > >>>>
> > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > >> too hard to implement.
> > > >>
> > > >> Performance over virtual interfaces may potentially be improved by creating
> > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > >> scale well.
> > > >
> > > > Interestingly, actually, there are a lot of "duplication" between
> > > > io_uring and AF_XDP:
> > > >
> > > > 1) both have similar memory model (user register)
> > > > 2) both use ring for communication
> > > >
> > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > >
> > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > perform transmission for us.
> >
> > It would be nice if we can use iothread/vhost other than the main loop
> > even if io_uring can use kthreads. We can avoid the memory translation
> > cost.
>
> The QEMU event loop (AioContext) has io_uring code
> (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> on patches to re-enable it and will probably send them in July. The
> patches also add an API to submit arbitrary io_uring operations so
> that you can do stuff besides file descriptor monitoring. Both the
> main loop and IOThreads will be able to use io_uring on Linux hosts.

Just to make sure I understand. If we still need a copy from guest to
io_uring buffer, we still need to go via memory API for GPA which
seems expensive.

Vhost seems to be a shortcut for this.

Thanks

>
> Stefan
>

On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
>
> On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >
> > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > >
> > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > >
> > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > >>
> > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > >>>>
> > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > >> too hard to implement.
> > > > >>
> > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > >> scale well.
> > > > >
> > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > io_uring and AF_XDP:
> > > > >
> > > > > 1) both have similar memory model (user register)
> > > > > 2) both use ring for communication
> > > > >
> > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > >
> > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > perform transmission for us.
> > >
> > > It would be nice if we can use iothread/vhost other than the main loop
> > > even if io_uring can use kthreads. We can avoid the memory translation
> > > cost.
> >
> > The QEMU event loop (AioContext) has io_uring code
> > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > on patches to re-enable it and will probably send them in July. The
> > patches also add an API to submit arbitrary io_uring operations so
> > that you can do stuff besides file descriptor monitoring. Both the
> > main loop and IOThreads will be able to use io_uring on Linux hosts.
>
> Just to make sure I understand. If we still need a copy from guest to
> io_uring buffer, we still need to go via memory API for GPA which
> seems expensive.
>
> Vhost seems to be a shortcut for this.

I'm not sure how exactly you're thinking of using io_uring.

Simply using io_uring for the event loop (file descriptor monitoring)
doesn't involve an extra buffer, but the packet payload still needs to
reside in AF_XDP umem, so there is a copy between guest memory and
umem. If umem encompasses guest memory, it may be possible to avoid
copying the packet payload.

Stefan

On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> >
> > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >
> > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > >
> > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > >
> > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > >>
> > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > >>>>
> > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > >> too hard to implement.
> > > > > >>
> > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > >> scale well.
> > > > > >
> > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > io_uring and AF_XDP:
> > > > > >
> > > > > > 1) both have similar memory model (user register)
> > > > > > 2) both use ring for communication
> > > > > >
> > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > >
> > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > perform transmission for us.
> > > >
> > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > cost.
> > >
> > > The QEMU event loop (AioContext) has io_uring code
> > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > on patches to re-enable it and will probably send them in July. The
> > > patches also add an API to submit arbitrary io_uring operations so
> > > that you can do stuff besides file descriptor monitoring. Both the
> > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> >
> > Just to make sure I understand. If we still need a copy from guest to
> > io_uring buffer, we still need to go via memory API for GPA which
> > seems expensive.
> >
> > Vhost seems to be a shortcut for this.
>
> I'm not sure how exactly you're thinking of using io_uring.
>
> Simply using io_uring for the event loop (file descriptor monitoring)
> doesn't involve an extra buffer, but the packet payload still needs to
> reside in AF_XDP umem, so there is a copy between guest memory and
> umem.

So there would be a translation from GPA to HVA (unless io_uring
support 2 stages) which needs to go via qemu memory core. And this
part seems to be very expensive according to my test in the past.

> If umem encompasses guest memory,

It requires you to pin the whole guest memory and a GPA to HVA
translation is still required.

Thanks

>it may be possible to avoid
> copying the packet payload.
>
> Stefan
>

On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
>
> On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >
> > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > >
> > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > >
> > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > >
> > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > >
> > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > >>
> > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > >>>>
> > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > >> too hard to implement.
> > > > > > >>
> > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > >> scale well.
> > > > > > >
> > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > io_uring and AF_XDP:
> > > > > > >
> > > > > > > 1) both have similar memory model (user register)
> > > > > > > 2) both use ring for communication
> > > > > > >
> > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > >
> > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > perform transmission for us.
> > > > >
> > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > cost.
> > > >
> > > > The QEMU event loop (AioContext) has io_uring code
> > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > on patches to re-enable it and will probably send them in July. The
> > > > patches also add an API to submit arbitrary io_uring operations so
> > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > >
> > > Just to make sure I understand. If we still need a copy from guest to
> > > io_uring buffer, we still need to go via memory API for GPA which
> > > seems expensive.
> > >
> > > Vhost seems to be a shortcut for this.
> >
> > I'm not sure how exactly you're thinking of using io_uring.
> >
> > Simply using io_uring for the event loop (file descriptor monitoring)
> > doesn't involve an extra buffer, but the packet payload still needs to
> > reside in AF_XDP umem, so there is a copy between guest memory and
> > umem.
>
> So there would be a translation from GPA to HVA (unless io_uring
> support 2 stages) which needs to go via qemu memory core. And this
> part seems to be very expensive according to my test in the past.

Yes, but in the current approach where AF_XDP is implemented as a QEMU
netdev, there is already QEMU device emulation (e.g. virtio-net)
happening. So the GPA to HVA translation will happen anyway in device
emulation.

Are you thinking about AF_XDP passthrough where the guest directly
interacts with AF_XDP?

> > If umem encompasses guest memory,
>
> It requires you to pin the whole guest memory and a GPA to HVA
> translation is still required.

Ilya mentioned that umem uses relative offsets instead of absolute
memory addresses. In the AF_XDP passthrough case this means no address
translation needs to be added to AF_XDP.

Regarding pinning - I wonder if that's something that can be refined
in the kernel by adding an AF_XDP flag that enables on-demand pinning
of umem. That way only rx and tx buffers that are currently in use
will be pinned. The disadvantage is the runtime overhead to pin/unpin
pages. I'm not sure whether it's possible to implement this, I haven't
checked the kernel code.

Stefan

On 6/28/23 05:27, Jason Wang wrote:
> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>
>> On 6/27/23 04:54, Jason Wang wrote:
>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>
>>>> On 6/26/23 08:32, Jason Wang wrote:
>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
>>>>>>
>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>
>>>>>>> AF_XDP is a network socket family that allows communication directly
>>>>>>> with the network device driver in the kernel, bypassing most or all
>>>>>>> of the kernel networking stack.  In the essence, the technology is
>>>>>>> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
>>>>>>> and works with any network interfaces without driver modifications.
>>>>>>> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
>>>>>>> require access to character devices or unix sockets.  Only access to
>>>>>>> the network interface itself is necessary.
>>>>>>>
>>>>>>> This patch implements a network backend that communicates with the
>>>>>>> kernel by creating an AF_XDP socket.  A chunk of userspace memory
>>>>>>> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
>>>>>>> Fill and Completion) are placed in that memory along with a pool of
>>>>>>> memory buffers for the packet data.  Data transmission is done by
>>>>>>> allocating one of the buffers, copying packet data into it and
>>>>>>> placing the pointer into Tx ring.  After transmission, device will
>>>>>>> return the buffer via Completion ring.  On Rx, device will take
>>>>>>> a buffer form a pre-populated Fill ring, write the packet data into
>>>>>>> it and place the buffer into Rx ring.
>>>>>>>
>>>>>>> AF_XDP network backend takes on the communication with the host
>>>>>>> kernel and the network interface and forwards packets to/from the
>>>>>>> peer device in QEMU.
>>>>>>>
>>>>>>> Usage example:
>>>>>>>
>>>>>>>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
>>>>>>>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
>>>>>>>
>>>>>>> XDP program bridges the socket with a network interface.  It can be
>>>>>>> attached to the interface in 2 different modes:
>>>>>>>
>>>>>>> 1. skb - this mode should work for any interface and doesn't require
>>>>>>>          driver support.  With a caveat of lower performance.
>>>>>>>
>>>>>>> 2. native - this does require support from the driver and allows to
>>>>>>>             bypass skb allocation in the kernel and potentially use
>>>>>>>             zero-copy while getting packets in/out userspace.
>>>>>>>
>>>>>>> By default, QEMU will try to use native mode and fall back to skb.
>>>>>>> Mode can be forced via 'mode' option.  To force 'copy' even in native
>>>>>>> mode, use 'force-copy=on' option.  This might be useful if there is
>>>>>>> some issue with the driver.
>>>>>>>
>>>>>>> Option 'queues=N' allows to specify how many device queues should
>>>>>>> be open.  Note that all the queues that are not open are still
>>>>>>> functional and can receive traffic, but it will not be delivered to
>>>>>>> QEMU.  So, the number of device queues should generally match the
>>>>>>> QEMU configuration, unless the device is shared with something
>>>>>>> else and the traffic re-direction to appropriate queues is correctly
>>>>>>> configured on a device level (e.g. with ethtool -N).
>>>>>>> 'start-queue=M' option can be used to specify from which queue id
>>>>>>> QEMU should start configuring 'N' queues.  It might also be necessary
>>>>>>> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
>>>>>>> for examples.
>>>>>>>
>>>>>>> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
>>>>>>> capabilities in order to load default XSK/XDP programs to the
>>>>>>> network interface and configure BTF maps.
>>>>>>
>>>>>> I think you mean "BPF" actually?
>>>>
>>>> "BPF Type Format maps" kind of makes some sense, but yes. :)
>>>>
>>>>>>
>>>>>>>  It is possible, however,
>>>>>>> to run only with CAP_NET_RAW.
>>>>>>
>>>>>> Qemu often runs without any privileges, so we need to fix it.
>>>>>>
>>>>>> I think adding support for SCM_RIGHTS via monitor would be a way to go.
>>>>
>>>> I looked through the code and it seems like we can run completely
>>>> non-privileged as far as kernel concerned.  We'll need an API
>>>> modification in libxdp though.
>>>>
>>>> The thing is, IIUC, the only syscall that requires CAP_NET_RAW is
>>>> a base socket creation.  Binding and other configuration doesn't
>>>> require any privileges.  So, we could create a socket externally
>>>> and pass it to QEMU.
>>>
>>> That's the way TAP works for example.
>>>
>>>>  Should work, unless it's an oversight from
>>>> the kernel side that needs to be patched. :)  libxdp doesn't have
>>>> a way to specify externally created socket today, so we'll need
>>>> to change that.  Should be easy to do though.  I can explore.
>>>
>>> Please do that.
>>
>> I have a prototype:
>>   https://github.com/igsilya/xdp-tools/commit/db73e90945e3aa5e451ac88c42c83cb9389642d3
>>
>> Need to test it out and then submit PR to xdp-tools project.
>>
>>>
>>>>
>>>> In case the bind syscall will actually need CAP_NET_RAW for some
>>>> reason, we could change the kernel and allow non-privileged bind
>>>> by utilizing, e.g. SO_BINDTODEVICE.  i.e., let the privileged
>>>> process bind the socket to a particular device, so QEMU can't
>>>> bind it to a random one.  Might be a good use case to allow even
>>>> if not strictly necessary.
>>>
>>> Yes.
>>
>> Will propose something for a kernel as well.  We might want something
>> more granular though, e.g. bind to a queue instead of a device.  In
>> case we want better control in the device sharing scenario.
> 
> I may miss something but the bind is already done at dev plus queue
> right now, isn't it?


Yes, the bind() syscall will bind socket to the dev+queue.  I was talking
about SO_BINDTODEVICE that only ties the socket to a particular device,
but not a queue.

Assuming SO_BINDTODEVICE is implemented for AF_XDP sockets and
assuming a privileged process does:

  fd = socket(AF_XDP, ...);
  setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, <device>);

And sends fd to a non-privileged process.  That non-privileged process
will be able to call:

  bind(fd, <device>, <random queue>);

It will have to use the same device, but can choose any queue, if that
queue is not already busy with another socket.

So, I was thinking maybe implementing something like XDP_BINDTOQID option.
This way the privileged process may call:

  setsockopt(fd, SOL_XDP, XDP_BINDTOQID, <device>, <queue>);

And later kernel will be able to refuse bind() for any other queue for
this particular socket.

Not sure if that is necessary though.
Since we're allocating the socket in the privileged process, that process
may add the socket to the BPF map on the correct queue id.  This way the
non-privileged process will not be able to receive any packets from any
other queue on this socket, even if bound to it.  And no other AF_XDP
socket will be able to be bound to that other queue as well.  So, the
rogue QEMU will be able to hog one extra queue, but it will not be able
to intercept traffic any from it, AFAICT.  May not be a huge problem
after all.

SO_BINDTODEVICE would still be nice to have.  Especially for cases where
we give the whole device to one VM.

Best regards, Ilya Maximets.

On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> >
> > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >
> > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > >
> > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > >
> > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > >
> > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > >
> > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > >>
> > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > >>>>
> > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > >> too hard to implement.
> > > > > > > >>
> > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > >> scale well.
> > > > > > > >
> > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > io_uring and AF_XDP:
> > > > > > > >
> > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > 2) both use ring for communication
> > > > > > > >
> > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > >
> > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > perform transmission for us.
> > > > > >
> > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > cost.
> > > > >
> > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > on patches to re-enable it and will probably send them in July. The
> > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > >
> > > > Just to make sure I understand. If we still need a copy from guest to
> > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > seems expensive.
> > > >
> > > > Vhost seems to be a shortcut for this.
> > >
> > > I'm not sure how exactly you're thinking of using io_uring.
> > >
> > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > doesn't involve an extra buffer, but the packet payload still needs to
> > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > umem.
> >
> > So there would be a translation from GPA to HVA (unless io_uring
> > support 2 stages) which needs to go via qemu memory core. And this
> > part seems to be very expensive according to my test in the past.
>
> Yes, but in the current approach where AF_XDP is implemented as a QEMU
> netdev, there is already QEMU device emulation (e.g. virtio-net)
> happening. So the GPA to HVA translation will happen anyway in device
> emulation.

Just to make sure we're on the same page.

I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
QEMU netdev, it would be very hard to achieve that if we stick to
using the Qemu memory core translations which need to take care about
too much extra stuff. That's why I suggest using vhost in io threads
which only cares about ram so the translation could be very fast.

>
> Are you thinking about AF_XDP passthrough where the guest directly
> interacts with AF_XDP?

This could be another way to solve, since it won't use Qemu's memory
core to do the translation.

>
> > > If umem encompasses guest memory,
> >
> > It requires you to pin the whole guest memory and a GPA to HVA
> > translation is still required.
>
> Ilya mentioned that umem uses relative offsets instead of absolute
> memory addresses. In the AF_XDP passthrough case this means no address
> translation needs to be added to AF_XDP.

I don't see how it can avoid the translations as it works at the level
of HVA. But what guests submit is PA or even IOVA.

What's more, guest memory could be backed by different memory
backends, this means a single umem may not even work.

>
> Regarding pinning - I wonder if that's something that can be refined
> in the kernel by adding an AF_XDP flag that enables on-demand pinning
> of umem. That way only rx and tx buffers that are currently in use
> will be pinned. The disadvantage is the runtime overhead to pin/unpin
> pages. I'm not sure whether it's possible to implement this, I haven't
> checked the kernel code.

It requires the device to do page faults which is not commonly
supported nowadays.

Thanks

>
> Stefan
>

On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
>
> On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >
> > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > >
> > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > >
> > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > >
> > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > >
> > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > >
> > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > >
> > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > >>
> > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > >>>>
> > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > >> too hard to implement.
> > > > > > > > >>
> > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > >> scale well.
> > > > > > > > >
> > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > io_uring and AF_XDP:
> > > > > > > > >
> > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > 2) both use ring for communication
> > > > > > > > >
> > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > >
> > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > perform transmission for us.
> > > > > > >
> > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > cost.
> > > > > >
> > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > >
> > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > seems expensive.
> > > > >
> > > > > Vhost seems to be a shortcut for this.
> > > >
> > > > I'm not sure how exactly you're thinking of using io_uring.
> > > >
> > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > umem.
> > >
> > > So there would be a translation from GPA to HVA (unless io_uring
> > > support 2 stages) which needs to go via qemu memory core. And this
> > > part seems to be very expensive according to my test in the past.
> >
> > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > happening. So the GPA to HVA translation will happen anyway in device
> > emulation.
>
> Just to make sure we're on the same page.
>
> I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> QEMU netdev, it would be very hard to achieve that if we stick to
> using the Qemu memory core translations which need to take care about
> too much extra stuff. That's why I suggest using vhost in io threads
> which only cares about ram so the translation could be very fast.

What does using "vhost in io threads" mean? Is that a vhost kernel
approach where userspace dedicates threads (the stuff that Mike
Christie has been working on)? I haven't looked at how Mike's recent
patches work, but I wouldn't call that approach QEMU IOThreads,
because the threads probably don't run the AioContext event loop and
instead execute vhost kernel code the entire time.

But despite these questions, I think I'm beginning to understand that
you're proposing a vhost_net.ko AF_XDP implementation instead of a
userspace QEMU AF_XDP netdev implementation. I wonder if any
optimizations can be made when the AF_XDP user is kernel code instead
of userspace code.

> >
> > Are you thinking about AF_XDP passthrough where the guest directly
> > interacts with AF_XDP?
>
> This could be another way to solve, since it won't use Qemu's memory
> core to do the translation.
>
> >
> > > > If umem encompasses guest memory,
> > >
> > > It requires you to pin the whole guest memory and a GPA to HVA
> > > translation is still required.
> >
> > Ilya mentioned that umem uses relative offsets instead of absolute
> > memory addresses. In the AF_XDP passthrough case this means no address
> > translation needs to be added to AF_XDP.
>
> I don't see how it can avoid the translations as it works at the level
> of HVA. But what guests submit is PA or even IOVA.

In a passthrough scenario the guest is doing AF_XDP, so it writes
relative umem offsets, thereby eliminating address translation
concerns (the addresses are not PAs or IOVAs). However, this approach
probably won't work well with memory hotplug - or at least it will end
up becoming a memory translation mechanism in order to support memory
hotplug.

>
> What's more, guest memory could be backed by different memory
> backends, this means a single umem may not even work.

Maybe. I don't know the nature of umem. If there can be multiple vmas
in the umem range, then there should be no issue mixing different
memory backends.

>
> >
> > Regarding pinning - I wonder if that's something that can be refined
> > in the kernel by adding an AF_XDP flag that enables on-demand pinning
> > of umem. That way only rx and tx buffers that are currently in use
> > will be pinned. The disadvantage is the runtime overhead to pin/unpin
> > pages. I'm not sure whether it's possible to implement this, I haven't
> > checked the kernel code.
>
> It requires the device to do page faults which is not commonly
> supported nowadays.

I don't understand this comment. AF_XDP processes each rx/tx
descriptor. At that point it can getuserpages() or similar in order to
pin the page. When the memory is no longer needed, it can put those
pages. No fault mechanism is needed. What am I missing?

Stefan

On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> >
> > On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >
> > > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > > >
> > > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > >
> > > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > > >
> > > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > >
> > > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > >
> > > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > >
> > > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > >>
> > > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > >>>>
> > > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > > >> too hard to implement.
> > > > > > > > > >>
> > > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > > >> scale well.
> > > > > > > > > >
> > > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > > io_uring and AF_XDP:
> > > > > > > > > >
> > > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > > 2) both use ring for communication
> > > > > > > > > >
> > > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > > >
> > > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > > perform transmission for us.
> > > > > > > >
> > > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > > cost.
> > > > > > >
> > > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > > >
> > > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > > seems expensive.
> > > > > >
> > > > > > Vhost seems to be a shortcut for this.
> > > > >
> > > > > I'm not sure how exactly you're thinking of using io_uring.
> > > > >
> > > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > > umem.
> > > >
> > > > So there would be a translation from GPA to HVA (unless io_uring
> > > > support 2 stages) which needs to go via qemu memory core. And this
> > > > part seems to be very expensive according to my test in the past.
> > >
> > > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > > happening. So the GPA to HVA translation will happen anyway in device
> > > emulation.
> >
> > Just to make sure we're on the same page.
> >
> > I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > QEMU netdev, it would be very hard to achieve that if we stick to
> > using the Qemu memory core translations which need to take care about
> > too much extra stuff. That's why I suggest using vhost in io threads
> > which only cares about ram so the translation could be very fast.
>
> What does using "vhost in io threads" mean?

It means a vhost userspace dataplane that is implemented via io threads.

> Is that a vhost kernel
> approach where userspace dedicates threads (the stuff that Mike
> Christie has been working on)? I haven't looked at how Mike's recent
> patches work, but I wouldn't call that approach QEMU IOThreads,
> because the threads probably don't run the AioContext event loop and
> instead execute vhost kernel code the entire time.
>
> But despite these questions, I think I'm beginning to understand that
> you're proposing a vhost_net.ko AF_XDP implementation instead of a
> userspace QEMU AF_XDP netdev implementation.

Sorry for being unclear, but I'm not proposing that.

> I wonder if any
> optimizations can be made when the AF_XDP user is kernel code instead
> of userspace code.

The only possible way to go is to adapt AF_XDP umem memory model to
vhost which I'm not sure of anything we can gain.

>
> > >
> > > Are you thinking about AF_XDP passthrough where the guest directly
> > > interacts with AF_XDP?
> >
> > This could be another way to solve, since it won't use Qemu's memory
> > core to do the translation.
> >
> > >
> > > > > If umem encompasses guest memory,
> > > >
> > > > It requires you to pin the whole guest memory and a GPA to HVA
> > > > translation is still required.
> > >
> > > Ilya mentioned that umem uses relative offsets instead of absolute
> > > memory addresses. In the AF_XDP passthrough case this means no address
> > > translation needs to be added to AF_XDP.
> >
> > I don't see how it can avoid the translations as it works at the level
> > of HVA. But what guests submit is PA or even IOVA.
>
> In a passthrough scenario the guest is doing AF_XDP, so it writes
> relative umem offsets, thereby eliminating address translation
> concerns (the addresses are not PAs or IOVAs). However, this approach
> probably won't work well with memory hotplug - or at least it will end
> up becoming a memory translation mechanism in order to support memory
> hotplug.

Ok.

>
> >
> > What's more, guest memory could be backed by different memory
> > backends, this means a single umem may not even work.
>
> Maybe. I don't know the nature of umem. If there can be multiple vmas
> in the umem range, then there should be no issue mixing different
> memory backends.

If I understand correctly, a single umem requires contiguous VA at least.

>
> >
> > >
> > > Regarding pinning - I wonder if that's something that can be refined
> > > in the kernel by adding an AF_XDP flag that enables on-demand pinning
> > > of umem. That way only rx and tx buffers that are currently in use
> > > will be pinned. The disadvantage is the runtime overhead to pin/unpin
> > > pages. I'm not sure whether it's possible to implement this, I haven't
> > > checked the kernel code.
> >
> > It requires the device to do page faults which is not commonly
> > supported nowadays.
>
> I don't understand this comment. AF_XDP processes each rx/tx
> descriptor. At that point it can getuserpages() or similar in order to
> pin the page. When the memory is no longer needed, it can put those
> pages. No fault mechanism is needed. What am I missing?

Ok, I think I kind of get you, you mean doing pinning while processing
rx/tx buffers? It's not easy since GUP itself is not very fast, it may
hit PPS for sure.

Thanks

>
> Stefan
>

On Wed, Jun 28, 2023 at 7:14 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>
> On 6/28/23 05:27, Jason Wang wrote:
> > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>
> >> On 6/27/23 04:54, Jason Wang wrote:
> >>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>
> >>>> On 6/26/23 08:32, Jason Wang wrote:
> >>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>
> >>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>
> >>>>>>> AF_XDP is a network socket family that allows communication directly
> >>>>>>> with the network device driver in the kernel, bypassing most or all
> >>>>>>> of the kernel networking stack.  In the essence, the technology is
> >>>>>>> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
> >>>>>>> and works with any network interfaces without driver modifications.
> >>>>>>> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
> >>>>>>> require access to character devices or unix sockets.  Only access to
> >>>>>>> the network interface itself is necessary.
> >>>>>>>
> >>>>>>> This patch implements a network backend that communicates with the
> >>>>>>> kernel by creating an AF_XDP socket.  A chunk of userspace memory
> >>>>>>> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
> >>>>>>> Fill and Completion) are placed in that memory along with a pool of
> >>>>>>> memory buffers for the packet data.  Data transmission is done by
> >>>>>>> allocating one of the buffers, copying packet data into it and
> >>>>>>> placing the pointer into Tx ring.  After transmission, device will
> >>>>>>> return the buffer via Completion ring.  On Rx, device will take
> >>>>>>> a buffer form a pre-populated Fill ring, write the packet data into
> >>>>>>> it and place the buffer into Rx ring.
> >>>>>>>
> >>>>>>> AF_XDP network backend takes on the communication with the host
> >>>>>>> kernel and the network interface and forwards packets to/from the
> >>>>>>> peer device in QEMU.
> >>>>>>>
> >>>>>>> Usage example:
> >>>>>>>
> >>>>>>>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
> >>>>>>>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
> >>>>>>>
> >>>>>>> XDP program bridges the socket with a network interface.  It can be
> >>>>>>> attached to the interface in 2 different modes:
> >>>>>>>
> >>>>>>> 1. skb - this mode should work for any interface and doesn't require
> >>>>>>>          driver support.  With a caveat of lower performance.
> >>>>>>>
> >>>>>>> 2. native - this does require support from the driver and allows to
> >>>>>>>             bypass skb allocation in the kernel and potentially use
> >>>>>>>             zero-copy while getting packets in/out userspace.
> >>>>>>>
> >>>>>>> By default, QEMU will try to use native mode and fall back to skb.
> >>>>>>> Mode can be forced via 'mode' option.  To force 'copy' even in native
> >>>>>>> mode, use 'force-copy=on' option.  This might be useful if there is
> >>>>>>> some issue with the driver.
> >>>>>>>
> >>>>>>> Option 'queues=N' allows to specify how many device queues should
> >>>>>>> be open.  Note that all the queues that are not open are still
> >>>>>>> functional and can receive traffic, but it will not be delivered to
> >>>>>>> QEMU.  So, the number of device queues should generally match the
> >>>>>>> QEMU configuration, unless the device is shared with something
> >>>>>>> else and the traffic re-direction to appropriate queues is correctly
> >>>>>>> configured on a device level (e.g. with ethtool -N).
> >>>>>>> 'start-queue=M' option can be used to specify from which queue id
> >>>>>>> QEMU should start configuring 'N' queues.  It might also be necessary
> >>>>>>> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
> >>>>>>> for examples.
> >>>>>>>
> >>>>>>> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
> >>>>>>> capabilities in order to load default XSK/XDP programs to the
> >>>>>>> network interface and configure BTF maps.
> >>>>>>
> >>>>>> I think you mean "BPF" actually?
> >>>>
> >>>> "BPF Type Format maps" kind of makes some sense, but yes. :)
> >>>>
> >>>>>>
> >>>>>>>  It is possible, however,
> >>>>>>> to run only with CAP_NET_RAW.
> >>>>>>
> >>>>>> Qemu often runs without any privileges, so we need to fix it.
> >>>>>>
> >>>>>> I think adding support for SCM_RIGHTS via monitor would be a way to go.
> >>>>
> >>>> I looked through the code and it seems like we can run completely
> >>>> non-privileged as far as kernel concerned.  We'll need an API
> >>>> modification in libxdp though.
> >>>>
> >>>> The thing is, IIUC, the only syscall that requires CAP_NET_RAW is
> >>>> a base socket creation.  Binding and other configuration doesn't
> >>>> require any privileges.  So, we could create a socket externally
> >>>> and pass it to QEMU.
> >>>
> >>> That's the way TAP works for example.
> >>>
> >>>>  Should work, unless it's an oversight from
> >>>> the kernel side that needs to be patched. :)  libxdp doesn't have
> >>>> a way to specify externally created socket today, so we'll need
> >>>> to change that.  Should be easy to do though.  I can explore.
> >>>
> >>> Please do that.
> >>
> >> I have a prototype:
> >>   https://github.com/igsilya/xdp-tools/commit/db73e90945e3aa5e451ac88c42c83cb9389642d3
> >>
> >> Need to test it out and then submit PR to xdp-tools project.
> >>
> >>>
> >>>>
> >>>> In case the bind syscall will actually need CAP_NET_RAW for some
> >>>> reason, we could change the kernel and allow non-privileged bind
> >>>> by utilizing, e.g. SO_BINDTODEVICE.  i.e., let the privileged
> >>>> process bind the socket to a particular device, so QEMU can't
> >>>> bind it to a random one.  Might be a good use case to allow even
> >>>> if not strictly necessary.
> >>>
> >>> Yes.
> >>
> >> Will propose something for a kernel as well.  We might want something
> >> more granular though, e.g. bind to a queue instead of a device.  In
> >> case we want better control in the device sharing scenario.
> >
> > I may miss something but the bind is already done at dev plus queue
> > right now, isn't it?
>
>
> Yes, the bind() syscall will bind socket to the dev+queue.  I was talking
> about SO_BINDTODEVICE that only ties the socket to a particular device,
> but not a queue.
>
> Assuming SO_BINDTODEVICE is implemented for AF_XDP sockets and
> assuming a privileged process does:
>
>   fd = socket(AF_XDP, ...);
>   setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, <device>);
>
> And sends fd to a non-privileged process.  That non-privileged process
> will be able to call:
>
>   bind(fd, <device>, <random queue>);
>
> It will have to use the same device, but can choose any queue, if that
> queue is not already busy with another socket.
>
> So, I was thinking maybe implementing something like XDP_BINDTOQID option.
> This way the privileged process may call:
>
>   setsockopt(fd, SOL_XDP, XDP_BINDTOQID, <device>, <queue>);
>
> And later kernel will be able to refuse bind() for any other queue for
> this particular socket.

Not sure, if file descriptor passing works, we probably don't need another way.

>
> Not sure if that is necessary though.
> Since we're allocating the socket in the privileged process, that process
> may add the socket to the BPF map on the correct queue id.  This way the
> non-privileged process will not be able to receive any packets from any
> other queue on this socket, even if bound to it.  And no other AF_XDP
> socket will be able to be bound to that other queue as well.

I think that's by design, or anything wrong with this model?

> So, the
> rogue QEMU will be able to hog one extra queue, but it will not be able
> to intercept traffic any from it, AFAICT.  May not be a huge problem
> after all.
>
> SO_BINDTODEVICE would still be nice to have.  Especially for cases where
> we give the whole device to one VM.

Then we need to use AF_XDP in the guest which seems to be a different
topic. Alibaba is working on the AF_XDP support for virtio-net.

Thanks

>
> Best regards, Ilya Maximets.
>

On 6/30/23 09:44, Jason Wang wrote:
> On Wed, Jun 28, 2023 at 7:14 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>>
>> On 6/28/23 05:27, Jason Wang wrote:
>>> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>
>>>> On 6/27/23 04:54, Jason Wang wrote:
>>>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>
>>>>>> On 6/26/23 08:32, Jason Wang wrote:
>>>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>
>>>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>>>
>>>>>>>>> AF_XDP is a network socket family that allows communication directly
>>>>>>>>> with the network device driver in the kernel, bypassing most or all
>>>>>>>>> of the kernel networking stack.  In the essence, the technology is
>>>>>>>>> pretty similar to netmap.  But, unlike netmap, AF_XDP is Linux-native
>>>>>>>>> and works with any network interfaces without driver modifications.
>>>>>>>>> Unlike vhost-based backends (kernel, user, vdpa), AF_XDP doesn't
>>>>>>>>> require access to character devices or unix sockets.  Only access to
>>>>>>>>> the network interface itself is necessary.
>>>>>>>>>
>>>>>>>>> This patch implements a network backend that communicates with the
>>>>>>>>> kernel by creating an AF_XDP socket.  A chunk of userspace memory
>>>>>>>>> is shared between QEMU and the host kernel.  4 ring buffers (Tx, Rx,
>>>>>>>>> Fill and Completion) are placed in that memory along with a pool of
>>>>>>>>> memory buffers for the packet data.  Data transmission is done by
>>>>>>>>> allocating one of the buffers, copying packet data into it and
>>>>>>>>> placing the pointer into Tx ring.  After transmission, device will
>>>>>>>>> return the buffer via Completion ring.  On Rx, device will take
>>>>>>>>> a buffer form a pre-populated Fill ring, write the packet data into
>>>>>>>>> it and place the buffer into Rx ring.
>>>>>>>>>
>>>>>>>>> AF_XDP network backend takes on the communication with the host
>>>>>>>>> kernel and the network interface and forwards packets to/from the
>>>>>>>>> peer device in QEMU.
>>>>>>>>>
>>>>>>>>> Usage example:
>>>>>>>>>
>>>>>>>>>   -device virtio-net-pci,netdev=guest1,mac=00:16:35:AF:AA:5C
>>>>>>>>>   -netdev af-xdp,ifname=ens6f1np1,id=guest1,mode=native,queues=1
>>>>>>>>>
>>>>>>>>> XDP program bridges the socket with a network interface.  It can be
>>>>>>>>> attached to the interface in 2 different modes:
>>>>>>>>>
>>>>>>>>> 1. skb - this mode should work for any interface and doesn't require
>>>>>>>>>          driver support.  With a caveat of lower performance.
>>>>>>>>>
>>>>>>>>> 2. native - this does require support from the driver and allows to
>>>>>>>>>             bypass skb allocation in the kernel and potentially use
>>>>>>>>>             zero-copy while getting packets in/out userspace.
>>>>>>>>>
>>>>>>>>> By default, QEMU will try to use native mode and fall back to skb.
>>>>>>>>> Mode can be forced via 'mode' option.  To force 'copy' even in native
>>>>>>>>> mode, use 'force-copy=on' option.  This might be useful if there is
>>>>>>>>> some issue with the driver.
>>>>>>>>>
>>>>>>>>> Option 'queues=N' allows to specify how many device queues should
>>>>>>>>> be open.  Note that all the queues that are not open are still
>>>>>>>>> functional and can receive traffic, but it will not be delivered to
>>>>>>>>> QEMU.  So, the number of device queues should generally match the
>>>>>>>>> QEMU configuration, unless the device is shared with something
>>>>>>>>> else and the traffic re-direction to appropriate queues is correctly
>>>>>>>>> configured on a device level (e.g. with ethtool -N).
>>>>>>>>> 'start-queue=M' option can be used to specify from which queue id
>>>>>>>>> QEMU should start configuring 'N' queues.  It might also be necessary
>>>>>>>>> to use this option with certain NICs, e.g. MLX5 NICs.  See the docs
>>>>>>>>> for examples.
>>>>>>>>>
>>>>>>>>> In a general case QEMU will need CAP_NET_ADMIN and CAP_SYS_ADMIN
>>>>>>>>> capabilities in order to load default XSK/XDP programs to the
>>>>>>>>> network interface and configure BTF maps.
>>>>>>>>
>>>>>>>> I think you mean "BPF" actually?
>>>>>>
>>>>>> "BPF Type Format maps" kind of makes some sense, but yes. :)
>>>>>>
>>>>>>>>
>>>>>>>>>  It is possible, however,
>>>>>>>>> to run only with CAP_NET_RAW.
>>>>>>>>
>>>>>>>> Qemu often runs without any privileges, so we need to fix it.
>>>>>>>>
>>>>>>>> I think adding support for SCM_RIGHTS via monitor would be a way to go.
>>>>>>
>>>>>> I looked through the code and it seems like we can run completely
>>>>>> non-privileged as far as kernel concerned.  We'll need an API
>>>>>> modification in libxdp though.
>>>>>>
>>>>>> The thing is, IIUC, the only syscall that requires CAP_NET_RAW is
>>>>>> a base socket creation.  Binding and other configuration doesn't
>>>>>> require any privileges.  So, we could create a socket externally
>>>>>> and pass it to QEMU.
>>>>>
>>>>> That's the way TAP works for example.
>>>>>
>>>>>>  Should work, unless it's an oversight from
>>>>>> the kernel side that needs to be patched. :)  libxdp doesn't have
>>>>>> a way to specify externally created socket today, so we'll need
>>>>>> to change that.  Should be easy to do though.  I can explore.
>>>>>
>>>>> Please do that.
>>>>
>>>> I have a prototype:
>>>>   https://github.com/igsilya/xdp-tools/commit/db73e90945e3aa5e451ac88c42c83cb9389642d3
>>>>
>>>> Need to test it out and then submit PR to xdp-tools project.

The change is now accepted:
  https://github.com/xdp-project/xdp-tools/commit/740c839806a02517da5bce7bd0ccaba908b3f675

I can update the QEMU patch with support for passing socket fds.  It may
look like this:

 -netved af-xdp,eth0,queues=2,inhibit=on,sock-fds=fd1,fd2

We'll need an fd per queue.  And we may require these fds to be already
added to the xsks map, so QEMU doesn't need xsks-map-fd.

I'd say we'll need to compile support for that conditionally based on
availability of xsk_umem__create_with_fd() as it may not be available
in distributions for some time.
Alternative is to require libxdp >= 1.4.0, which is not released yet.

The last restriction will be that QEMU will need 32 MB of RLIMIT_MEMLOCK
per queue for umem registration, but that should not be a huge deal, right?
Alternative is to have CAP_IPC_LOCK.


And I'd keep the xsks-map-fd parameter for setups that do not have latest
libxdp and can allow CAP_NET_RAW.  So, they could still do:

 -netdev af-xdp,eth0,queues=2,inhibit=on,xsks-map-fd=fd

What do you think?


>>>>
>>>>>
>>>>>>
>>>>>> In case the bind syscall will actually need CAP_NET_RAW for some
>>>>>> reason, we could change the kernel and allow non-privileged bind
>>>>>> by utilizing, e.g. SO_BINDTODEVICE.  i.e., let the privileged
>>>>>> process bind the socket to a particular device, so QEMU can't
>>>>>> bind it to a random one.  Might be a good use case to allow even
>>>>>> if not strictly necessary.
>>>>>
>>>>> Yes.
>>>>
>>>> Will propose something for a kernel as well.  We might want something
>>>> more granular though, e.g. bind to a queue instead of a device.  In
>>>> case we want better control in the device sharing scenario.
>>>
>>> I may miss something but the bind is already done at dev plus queue
>>> right now, isn't it?
>>
>>
>> Yes, the bind() syscall will bind socket to the dev+queue.  I was talking
>> about SO_BINDTODEVICE that only ties the socket to a particular device,
>> but not a queue.
>>
>> Assuming SO_BINDTODEVICE is implemented for AF_XDP sockets and
>> assuming a privileged process does:
>>
>>   fd = socket(AF_XDP, ...);
>>   setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, <device>);
>>
>> And sends fd to a non-privileged process.  That non-privileged process
>> will be able to call:
>>
>>   bind(fd, <device>, <random queue>);
>>
>> It will have to use the same device, but can choose any queue, if that
>> queue is not already busy with another socket.
>>
>> So, I was thinking maybe implementing something like XDP_BINDTOQID option.
>> This way the privileged process may call:
>>
>>   setsockopt(fd, SOL_XDP, XDP_BINDTOQID, <device>, <queue>);
>>
>> And later kernel will be able to refuse bind() for any other queue for
>> this particular socket.
> 
> Not sure, if file descriptor passing works, we probably don't need another way.
> 
>>
>> Not sure if that is necessary though.
>> Since we're allocating the socket in the privileged process, that process
>> may add the socket to the BPF map on the correct queue id.  This way the
>> non-privileged process will not be able to receive any packets from any
>> other queue on this socket, even if bound to it.  And no other AF_XDP
>> socket will be able to be bound to that other queue as well.
> 
> I think that's by design, or anything wrong with this model?

No, should be fine.  I'll posted a simple SO_BINDTODEVICE change to bpf-next
as an RFC for now since the tree is closed:
  https://lore.kernel.org/netdev/20230630145831.2988845-1-i.maximets@ovn.org/

Will re-send a non-RFC once it is open (after 10th of July, IIRC).

> 
>> So, the
>> rogue QEMU will be able to hog one extra queue, but it will not be able
>> to intercept traffic any from it, AFAICT.  May not be a huge problem
>> after all.
>>
>> SO_BINDTODEVICE would still be nice to have.  Especially for cases where
>> we give the whole device to one VM.
> 
> Then we need to use AF_XDP in the guest which seems to be a different
> topic. Alibaba is working on the AF_XDP support for virtio-net.
> 
> Thanks
> 
>>
>> Best regards, Ilya Maximets.
>>
>

On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
>
> On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >
> > On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> > >
> > > On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > >
> > > > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > > > >
> > > > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > >
> > > > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > >
> > > > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > >
> > > > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > >
> > > > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > >
> > > > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > >>
> > > > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > >>>>
> > > > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > > > >> too hard to implement.
> > > > > > > > > > >>
> > > > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > > > >> scale well.
> > > > > > > > > > >
> > > > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > > > io_uring and AF_XDP:
> > > > > > > > > > >
> > > > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > > > 2) both use ring for communication
> > > > > > > > > > >
> > > > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > > > >
> > > > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > > > perform transmission for us.
> > > > > > > > >
> > > > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > > > cost.
> > > > > > > >
> > > > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > > > >
> > > > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > > > seems expensive.
> > > > > > >
> > > > > > > Vhost seems to be a shortcut for this.
> > > > > >
> > > > > > I'm not sure how exactly you're thinking of using io_uring.
> > > > > >
> > > > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > > > umem.
> > > > >
> > > > > So there would be a translation from GPA to HVA (unless io_uring
> > > > > support 2 stages) which needs to go via qemu memory core. And this
> > > > > part seems to be very expensive according to my test in the past.
> > > >
> > > > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > > > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > > > happening. So the GPA to HVA translation will happen anyway in device
> > > > emulation.
> > >
> > > Just to make sure we're on the same page.
> > >
> > > I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > > QEMU netdev, it would be very hard to achieve that if we stick to
> > > using the Qemu memory core translations which need to take care about
> > > too much extra stuff. That's why I suggest using vhost in io threads
> > > which only cares about ram so the translation could be very fast.
> >
> > What does using "vhost in io threads" mean?
>
> It means a vhost userspace dataplane that is implemented via io threads.

AFAIK this does not exist today. QEMU's built-in devices that use
IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
vhost-user, or vDPA but not built-in devices that use IOThreads. The
built-in devices implement VirtioDeviceClass callbacks directly and
use AioContext APIs to run in IOThreads.

Do you have an idea for using vhost code for built-in devices? Maybe
it's fastest if you explain your idea and its advantages instead of me
guessing.

> > > > Regarding pinning - I wonder if that's something that can be refined
> > > > in the kernel by adding an AF_XDP flag that enables on-demand pinning
> > > > of umem. That way only rx and tx buffers that are currently in use
> > > > will be pinned. The disadvantage is the runtime overhead to pin/unpin
> > > > pages. I'm not sure whether it's possible to implement this, I haven't
> > > > checked the kernel code.
> > >
> > > It requires the device to do page faults which is not commonly
> > > supported nowadays.
> >
> > I don't understand this comment. AF_XDP processes each rx/tx
> > descriptor. At that point it can getuserpages() or similar in order to
> > pin the page. When the memory is no longer needed, it can put those
> > pages. No fault mechanism is needed. What am I missing?
>
> Ok, I think I kind of get you, you mean doing pinning while processing
> rx/tx buffers? It's not easy since GUP itself is not very fast, it may
> hit PPS for sure.

Yes. It's not as fast as permanently pinning rx/tx buffers, but it
supports unpinned guest RAM.

There are variations on this approach, like keeping a certain amount
of pages pinned after they have been used so the cost of
pinning/unpinning can be avoided when the same pages are reused in the
future, but I don't know how effective that is in practice.

Is there a more efficient approach without relying on hardware page
fault support?

My understanding is that hardware page fault support is not yet
deployed. We'd be left with pinning guest RAM permanently or using a
runtime pinning/unpinning approach like I've described.

Stefan

On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> >
> > On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >
> > > On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> > > >
> > > > On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > >
> > > > > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > > > > >
> > > > > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > >
> > > > > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > >
> > > > > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > >
> > > > > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > >
> > > > > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > >
> > > > > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > >>
> > > > > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > >>>>
> > > > > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > > > > >> too hard to implement.
> > > > > > > > > > > >>
> > > > > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > > > > >> scale well.
> > > > > > > > > > > >
> > > > > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > > > > io_uring and AF_XDP:
> > > > > > > > > > > >
> > > > > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > > > > 2) both use ring for communication
> > > > > > > > > > > >
> > > > > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > > > > >
> > > > > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > > > > perform transmission for us.
> > > > > > > > > >
> > > > > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > > > > cost.
> > > > > > > > >
> > > > > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > > > > >
> > > > > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > > > > seems expensive.
> > > > > > > >
> > > > > > > > Vhost seems to be a shortcut for this.
> > > > > > >
> > > > > > > I'm not sure how exactly you're thinking of using io_uring.
> > > > > > >
> > > > > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > > > > umem.
> > > > > >
> > > > > > So there would be a translation from GPA to HVA (unless io_uring
> > > > > > support 2 stages) which needs to go via qemu memory core. And this
> > > > > > part seems to be very expensive according to my test in the past.
> > > > >
> > > > > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > > > > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > > > > happening. So the GPA to HVA translation will happen anyway in device
> > > > > emulation.
> > > >
> > > > Just to make sure we're on the same page.
> > > >
> > > > I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > > > QEMU netdev, it would be very hard to achieve that if we stick to
> > > > using the Qemu memory core translations which need to take care about
> > > > too much extra stuff. That's why I suggest using vhost in io threads
> > > > which only cares about ram so the translation could be very fast.
> > >
> > > What does using "vhost in io threads" mean?
> >
> > It means a vhost userspace dataplane that is implemented via io threads.
>
> AFAIK this does not exist today. QEMU's built-in devices that use
> IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> vhost-user, or vDPA but not built-in devices that use IOThreads. The
> built-in devices implement VirtioDeviceClass callbacks directly and
> use AioContext APIs to run in IOThreads.

Yes.

>
> Do you have an idea for using vhost code for built-in devices? Maybe
> it's fastest if you explain your idea and its advantages instead of me
> guessing.

It's something like I'd proposed in [1]:

1) a vhost that is implemented via IOThreads
2) memory translation is done via vhost memory table/IOTLB

The advantages are:

1) No 3rd application like DPDK application
2) Attack surface were reduced
3) Better understanding/interactions with device model for things like
RSS and IOMMU

There could be some dis-advantages but it's not obvious to me :)

It's something like linking SPDK/DPDK to Qemu.

>
> > > > > Regarding pinning - I wonder if that's something that can be refined
> > > > > in the kernel by adding an AF_XDP flag that enables on-demand pinning
> > > > > of umem. That way only rx and tx buffers that are currently in use
> > > > > will be pinned. The disadvantage is the runtime overhead to pin/unpin
> > > > > pages. I'm not sure whether it's possible to implement this, I haven't
> > > > > checked the kernel code.
> > > >
> > > > It requires the device to do page faults which is not commonly
> > > > supported nowadays.
> > >
> > > I don't understand this comment. AF_XDP processes each rx/tx
> > > descriptor. At that point it can getuserpages() or similar in order to
> > > pin the page. When the memory is no longer needed, it can put those
> > > pages. No fault mechanism is needed. What am I missing?
> >
> > Ok, I think I kind of get you, you mean doing pinning while processing
> > rx/tx buffers? It's not easy since GUP itself is not very fast, it may
> > hit PPS for sure.
>
> Yes. It's not as fast as permanently pinning rx/tx buffers, but it
> supports unpinned guest RAM.

Right, it's a balance between pin and PPS. PPS seems to be more
important in this case.

>
> There are variations on this approach, like keeping a certain amount
> of pages pinned after they have been used so the cost of
> pinning/unpinning can be avoided when the same pages are reused in the
> future, but I don't know how effective that is in practice.
>
> Is there a more efficient approach without relying on hardware page
> fault support?

I guess so, I see some slides that say device page fault is very slow.

>
> My understanding is that hardware page fault support is not yet
> deployed. We'd be left with pinning guest RAM permanently or using a
> runtime pinning/unpinning approach like I've described.

Probably.

Thanks

>
> Stefan
>

On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
>
> On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >
> > On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> > >
> > > On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > >
> > > > On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> > > > >
> > > > > On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > >
> > > > > > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > >
> > > > > > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > >
> > > > > > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > >
> > > > > > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > > >
> > > > > > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > >>
> > > > > > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > > >>>>
> > > > > > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > > > > > >> too hard to implement.
> > > > > > > > > > > > >>
> > > > > > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > > > > > >> scale well.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > > > > > io_uring and AF_XDP:
> > > > > > > > > > > > >
> > > > > > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > > > > > 2) both use ring for communication
> > > > > > > > > > > > >
> > > > > > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > > > > > >
> > > > > > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > > > > > perform transmission for us.
> > > > > > > > > > >
> > > > > > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > > > > > cost.
> > > > > > > > > >
> > > > > > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > > > > > >
> > > > > > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > > > > > seems expensive.
> > > > > > > > >
> > > > > > > > > Vhost seems to be a shortcut for this.
> > > > > > > >
> > > > > > > > I'm not sure how exactly you're thinking of using io_uring.
> > > > > > > >
> > > > > > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > > > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > > > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > > > > > umem.
> > > > > > >
> > > > > > > So there would be a translation from GPA to HVA (unless io_uring
> > > > > > > support 2 stages) which needs to go via qemu memory core. And this
> > > > > > > part seems to be very expensive according to my test in the past.
> > > > > >
> > > > > > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > > > > > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > > > > > happening. So the GPA to HVA translation will happen anyway in device
> > > > > > emulation.
> > > > >
> > > > > Just to make sure we're on the same page.
> > > > >
> > > > > I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > > > > QEMU netdev, it would be very hard to achieve that if we stick to
> > > > > using the Qemu memory core translations which need to take care about
> > > > > too much extra stuff. That's why I suggest using vhost in io threads
> > > > > which only cares about ram so the translation could be very fast.
> > > >
> > > > What does using "vhost in io threads" mean?
> > >
> > > It means a vhost userspace dataplane that is implemented via io threads.
> >
> > AFAIK this does not exist today. QEMU's built-in devices that use
> > IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> > vhost-user, or vDPA but not built-in devices that use IOThreads. The
> > built-in devices implement VirtioDeviceClass callbacks directly and
> > use AioContext APIs to run in IOThreads.
>
> Yes.
>
> >
> > Do you have an idea for using vhost code for built-in devices? Maybe
> > it's fastest if you explain your idea and its advantages instead of me
> > guessing.
>
> It's something like I'd proposed in [1]:
>
> 1) a vhost that is implemented via IOThreads
> 2) memory translation is done via vhost memory table/IOTLB
>
> The advantages are:
>
> 1) No 3rd application like DPDK application
> 2) Attack surface were reduced
> 3) Better understanding/interactions with device model for things like
> RSS and IOMMU
>
> There could be some dis-advantages but it's not obvious to me :)

Why is QEMU's native device emulation API not the natural choice for
writing built-in devices? I don't understand why the vhost interface
is desirable for built-in devices.

>
> It's something like linking SPDK/DPDK to Qemu.

Sergio Lopez tried loading vhost-user devices as shared libraries that
run in the QEMU process. It worked as an experiment but wasn't pursued
further.

I think that might make sense in specific cases where there is an
existing vhost-user codebase that needs to run as part of QEMU.

In this case the AF_XDP code is new, so it's not a case of moving
existing code into QEMU.

>
> >
> > > > > > Regarding pinning - I wonder if that's something that can be refined
> > > > > > in the kernel by adding an AF_XDP flag that enables on-demand pinning
> > > > > > of umem. That way only rx and tx buffers that are currently in use
> > > > > > will be pinned. The disadvantage is the runtime overhead to pin/unpin
> > > > > > pages. I'm not sure whether it's possible to implement this, I haven't
> > > > > > checked the kernel code.
> > > > >
> > > > > It requires the device to do page faults which is not commonly
> > > > > supported nowadays.
> > > >
> > > > I don't understand this comment. AF_XDP processes each rx/tx
> > > > descriptor. At that point it can getuserpages() or similar in order to
> > > > pin the page. When the memory is no longer needed, it can put those
> > > > pages. No fault mechanism is needed. What am I missing?
> > >
> > > Ok, I think I kind of get you, you mean doing pinning while processing
> > > rx/tx buffers? It's not easy since GUP itself is not very fast, it may
> > > hit PPS for sure.
> >
> > Yes. It's not as fast as permanently pinning rx/tx buffers, but it
> > supports unpinned guest RAM.
>
> Right, it's a balance between pin and PPS. PPS seems to be more
> important in this case.
>
> >
> > There are variations on this approach, like keeping a certain amount
> > of pages pinned after they have been used so the cost of
> > pinning/unpinning can be avoided when the same pages are reused in the
> > future, but I don't know how effective that is in practice.
> >
> > Is there a more efficient approach without relying on hardware page
> > fault support?
>
> I guess so, I see some slides that say device page fault is very slow.
>
> >
> > My understanding is that hardware page fault support is not yet
> > deployed. We'd be left with pinning guest RAM permanently or using a
> > runtime pinning/unpinning approach like I've described.
>
> Probably.
>
> Thanks
>
> >
> > Stefan
> >
>

On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
> >
> > On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >
> > > On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> > > >
> > > > On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > >
> > > > > On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> > > > > >
> > > > > > On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > >
> > > > > > > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > >
> > > > > > > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > >
> > > > > > > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > >
> > > > > > > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > >>
> > > > > > > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > > > >>>>
> > > > > > > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > > > > > > >> too hard to implement.
> > > > > > > > > > > > > >>
> > > > > > > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > > > > > > >> scale well.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > > > > > > io_uring and AF_XDP:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > > > > > > 2) both use ring for communication
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > > > > > > perform transmission for us.
> > > > > > > > > > > >
> > > > > > > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > > > > > > cost.
> > > > > > > > > > >
> > > > > > > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > > > > > > >
> > > > > > > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > > > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > > > > > > seems expensive.
> > > > > > > > > >
> > > > > > > > > > Vhost seems to be a shortcut for this.
> > > > > > > > >
> > > > > > > > > I'm not sure how exactly you're thinking of using io_uring.
> > > > > > > > >
> > > > > > > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > > > > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > > > > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > > > > > > umem.
> > > > > > > >
> > > > > > > > So there would be a translation from GPA to HVA (unless io_uring
> > > > > > > > support 2 stages) which needs to go via qemu memory core. And this
> > > > > > > > part seems to be very expensive according to my test in the past.
> > > > > > >
> > > > > > > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > > > > > > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > > > > > > happening. So the GPA to HVA translation will happen anyway in device
> > > > > > > emulation.
> > > > > >
> > > > > > Just to make sure we're on the same page.
> > > > > >
> > > > > > I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > > > > > QEMU netdev, it would be very hard to achieve that if we stick to
> > > > > > using the Qemu memory core translations which need to take care about
> > > > > > too much extra stuff. That's why I suggest using vhost in io threads
> > > > > > which only cares about ram so the translation could be very fast.
> > > > >
> > > > > What does using "vhost in io threads" mean?
> > > >
> > > > It means a vhost userspace dataplane that is implemented via io threads.
> > >
> > > AFAIK this does not exist today. QEMU's built-in devices that use
> > > IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> > > vhost-user, or vDPA but not built-in devices that use IOThreads. The
> > > built-in devices implement VirtioDeviceClass callbacks directly and
> > > use AioContext APIs to run in IOThreads.
> >
> > Yes.
> >
> > >
> > > Do you have an idea for using vhost code for built-in devices? Maybe
> > > it's fastest if you explain your idea and its advantages instead of me
> > > guessing.
> >
> > It's something like I'd proposed in [1]:
> >
> > 1) a vhost that is implemented via IOThreads
> > 2) memory translation is done via vhost memory table/IOTLB
> >
> > The advantages are:
> >
> > 1) No 3rd application like DPDK application
> > 2) Attack surface were reduced
> > 3) Better understanding/interactions with device model for things like
> > RSS and IOMMU
> >
> > There could be some dis-advantages but it's not obvious to me :)
>
> Why is QEMU's native device emulation API not the natural choice for
> writing built-in devices? I don't understand why the vhost interface
> is desirable for built-in devices.

Unless the memory helpers (like address translations) were optimized
fully to satisfy this 10M+ PPS.

Not sure if this is too hard, but last time I benchmark, perf told me
most of the time spent in the translation.

Using a vhost is a workaround since its memory model is much more
simpler so it can skip lots of memory sections like I/O and ROM etc.

Thanks

>
> >
> > It's something like linking SPDK/DPDK to Qemu.
>
> Sergio Lopez tried loading vhost-user devices as shared libraries that
> run in the QEMU process. It worked as an experiment but wasn't pursued
> further.
>
> I think that might make sense in specific cases where there is an
> existing vhost-user codebase that needs to run as part of QEMU.
>
> In this case the AF_XDP code is new, so it's not a case of moving
> existing code into QEMU.
>
> >
> > >
> > > > > > > Regarding pinning - I wonder if that's something that can be refined
> > > > > > > in the kernel by adding an AF_XDP flag that enables on-demand pinning
> > > > > > > of umem. That way only rx and tx buffers that are currently in use
> > > > > > > will be pinned. The disadvantage is the runtime overhead to pin/unpin
> > > > > > > pages. I'm not sure whether it's possible to implement this, I haven't
> > > > > > > checked the kernel code.
> > > > > >
> > > > > > It requires the device to do page faults which is not commonly
> > > > > > supported nowadays.
> > > > >
> > > > > I don't understand this comment. AF_XDP processes each rx/tx
> > > > > descriptor. At that point it can getuserpages() or similar in order to
> > > > > pin the page. When the memory is no longer needed, it can put those
> > > > > pages. No fault mechanism is needed. What am I missing?
> > > >
> > > > Ok, I think I kind of get you, you mean doing pinning while processing
> > > > rx/tx buffers? It's not easy since GUP itself is not very fast, it may
> > > > hit PPS for sure.
> > >
> > > Yes. It's not as fast as permanently pinning rx/tx buffers, but it
> > > supports unpinned guest RAM.
> >
> > Right, it's a balance between pin and PPS. PPS seems to be more
> > important in this case.
> >
> > >
> > > There are variations on this approach, like keeping a certain amount
> > > of pages pinned after they have been used so the cost of
> > > pinning/unpinning can be avoided when the same pages are reused in the
> > > future, but I don't know how effective that is in practice.
> > >
> > > Is there a more efficient approach without relying on hardware page
> > > fault support?
> >
> > I guess so, I see some slides that say device page fault is very slow.
> >
> > >
> > > My understanding is that hardware page fault support is not yet
> > > deployed. We'd be left with pinning guest RAM permanently or using a
> > > runtime pinning/unpinning approach like I've described.
> >
> > Probably.
> >
> > Thanks
> >
> > >
> > > Stefan
> > >
> >
>

On 7/7/23 03:43, Jason Wang wrote:
> On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>
>> On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
>>>
>>> On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>
>>>> On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
>>>>>
>>>>> On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>
>>>>>> On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>
>>>>>>> On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>>>
>>>>>>>> On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>
>>>>>>>>> On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>> On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 6/27/23 04:54, Jason Wang wrote:
>>>>>>>>>>>>>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 6/26/23 08:32, Jason Wang wrote:
>>>>>>>>>>>>>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>>>>>>>>>> It is noticeably more performant than a tap with vhost=on in terms of PPS.
>>>>>>>>>>>>>>>> So, that might be one case.  Taking into account that just rcu lock and
>>>>>>>>>>>>>>>> unlock in virtio-net code takes more time than a packet copy, some batching
>>>>>>>>>>>>>>>> on QEMU side should improve performance significantly.  And it shouldn't be
>>>>>>>>>>>>>>>> too hard to implement.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Performance over virtual interfaces may potentially be improved by creating
>>>>>>>>>>>>>>>> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
>>>>>>>>>>>>>>>> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
>>>>>>>>>>>>>>>> scale well.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Interestingly, actually, there are a lot of "duplication" between
>>>>>>>>>>>>>>> io_uring and AF_XDP:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 1) both have similar memory model (user register)
>>>>>>>>>>>>>>> 2) both use ring for communication
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I wonder if we can let io_uring talks directly to AF_XDP.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Well, if we submit poll() in QEMU main loop via io_uring, then we can
>>>>>>>>>>>>>> avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
>>>>>>>>>>>>>> virtual interfaces.  io_uring thread in the kernel will be able to
>>>>>>>>>>>>>> perform transmission for us.
>>>>>>>>>>>>>
>>>>>>>>>>>>> It would be nice if we can use iothread/vhost other than the main loop
>>>>>>>>>>>>> even if io_uring can use kthreads. We can avoid the memory translation
>>>>>>>>>>>>> cost.
>>>>>>>>>>>>
>>>>>>>>>>>> The QEMU event loop (AioContext) has io_uring code
>>>>>>>>>>>> (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
>>>>>>>>>>>> on patches to re-enable it and will probably send them in July. The
>>>>>>>>>>>> patches also add an API to submit arbitrary io_uring operations so
>>>>>>>>>>>> that you can do stuff besides file descriptor monitoring. Both the
>>>>>>>>>>>> main loop and IOThreads will be able to use io_uring on Linux hosts.
>>>>>>>>>>>
>>>>>>>>>>> Just to make sure I understand. If we still need a copy from guest to
>>>>>>>>>>> io_uring buffer, we still need to go via memory API for GPA which
>>>>>>>>>>> seems expensive.
>>>>>>>>>>>
>>>>>>>>>>> Vhost seems to be a shortcut for this.
>>>>>>>>>>
>>>>>>>>>> I'm not sure how exactly you're thinking of using io_uring.
>>>>>>>>>>
>>>>>>>>>> Simply using io_uring for the event loop (file descriptor monitoring)
>>>>>>>>>> doesn't involve an extra buffer, but the packet payload still needs to
>>>>>>>>>> reside in AF_XDP umem, so there is a copy between guest memory and
>>>>>>>>>> umem.
>>>>>>>>>
>>>>>>>>> So there would be a translation from GPA to HVA (unless io_uring
>>>>>>>>> support 2 stages) which needs to go via qemu memory core. And this
>>>>>>>>> part seems to be very expensive according to my test in the past.
>>>>>>>>
>>>>>>>> Yes, but in the current approach where AF_XDP is implemented as a QEMU
>>>>>>>> netdev, there is already QEMU device emulation (e.g. virtio-net)
>>>>>>>> happening. So the GPA to HVA translation will happen anyway in device
>>>>>>>> emulation.
>>>>>>>
>>>>>>> Just to make sure we're on the same page.
>>>>>>>
>>>>>>> I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
>>>>>>> QEMU netdev, it would be very hard to achieve that if we stick to
>>>>>>> using the Qemu memory core translations which need to take care about
>>>>>>> too much extra stuff. That's why I suggest using vhost in io threads
>>>>>>> which only cares about ram so the translation could be very fast.
>>>>>>
>>>>>> What does using "vhost in io threads" mean?
>>>>>
>>>>> It means a vhost userspace dataplane that is implemented via io threads.
>>>>
>>>> AFAIK this does not exist today. QEMU's built-in devices that use
>>>> IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
>>>> vhost-user, or vDPA but not built-in devices that use IOThreads. The
>>>> built-in devices implement VirtioDeviceClass callbacks directly and
>>>> use AioContext APIs to run in IOThreads.
>>>
>>> Yes.
>>>
>>>>
>>>> Do you have an idea for using vhost code for built-in devices? Maybe
>>>> it's fastest if you explain your idea and its advantages instead of me
>>>> guessing.
>>>
>>> It's something like I'd proposed in [1]:
>>>
>>> 1) a vhost that is implemented via IOThreads
>>> 2) memory translation is done via vhost memory table/IOTLB
>>>
>>> The advantages are:
>>>
>>> 1) No 3rd application like DPDK application
>>> 2) Attack surface were reduced
>>> 3) Better understanding/interactions with device model for things like
>>> RSS and IOMMU
>>>
>>> There could be some dis-advantages but it's not obvious to me :)
>>
>> Why is QEMU's native device emulation API not the natural choice for
>> writing built-in devices? I don't understand why the vhost interface
>> is desirable for built-in devices.
> 
> Unless the memory helpers (like address translations) were optimized
> fully to satisfy this 10M+ PPS.
> 
> Not sure if this is too hard, but last time I benchmark, perf told me
> most of the time spent in the translation.
> 
> Using a vhost is a workaround since its memory model is much more
> simpler so it can skip lots of memory sections like I/O and ROM etc.

So, we can have a thread running as part of QEMU process that implements
vhost functionality for a virtio-net device.  And this thread has an
optimized way to access memory.  What prevents current virtio-net emulation
code accessing memory in the same optimized way?  i.e. we likely don't
actually need to implement the whole vhost-virtio communication protocol
in order to have faster memory access from the device emulation code.
I mean, if vhost can access device memory faster, why device itself can't?

With that we could probably split the "datapath" part of the virtio-net
emulation into a separate thread driven by iothread loop.

Then add batch API for communication with a network backend (af-xdp) to
avoid per-packet calls.

These are 3 more or less independent tasks that should allow the similar
performance to a full fledged vhost control and dataplane implementation
inside QEMU.

Or am I missing something? (Probably)

> 
> Thanks
> 
>>
>>>
>>> It's something like linking SPDK/DPDK to Qemu.
>>
>> Sergio Lopez tried loading vhost-user devices as shared libraries that
>> run in the QEMU process. It worked as an experiment but wasn't pursued
>> further.
>>
>> I think that might make sense in specific cases where there is an
>> existing vhost-user codebase that needs to run as part of QEMU.
>>
>> In this case the AF_XDP code is new, so it's not a case of moving
>> existing code into QEMU.
>>
>>>
>>>>
>>>>>>>> Regarding pinning - I wonder if that's something that can be refined
>>>>>>>> in the kernel by adding an AF_XDP flag that enables on-demand pinning
>>>>>>>> of umem. That way only rx and tx buffers that are currently in use
>>>>>>>> will be pinned. The disadvantage is the runtime overhead to pin/unpin
>>>>>>>> pages. I'm not sure whether it's possible to implement this, I haven't
>>>>>>>> checked the kernel code.
>>>>>>>
>>>>>>> It requires the device to do page faults which is not commonly
>>>>>>> supported nowadays.
>>>>>>
>>>>>> I don't understand this comment. AF_XDP processes each rx/tx
>>>>>> descriptor. At that point it can getuserpages() or similar in order to
>>>>>> pin the page. When the memory is no longer needed, it can put those
>>>>>> pages. No fault mechanism is needed. What am I missing?
>>>>>
>>>>> Ok, I think I kind of get you, you mean doing pinning while processing
>>>>> rx/tx buffers? It's not easy since GUP itself is not very fast, it may
>>>>> hit PPS for sure.
>>>>
>>>> Yes. It's not as fast as permanently pinning rx/tx buffers, but it
>>>> supports unpinned guest RAM.
>>>
>>> Right, it's a balance between pin and PPS. PPS seems to be more
>>> important in this case.
>>>
>>>>
>>>> There are variations on this approach, like keeping a certain amount
>>>> of pages pinned after they have been used so the cost of
>>>> pinning/unpinning can be avoided when the same pages are reused in the
>>>> future, but I don't know how effective that is in practice.
>>>>
>>>> Is there a more efficient approach without relying on hardware page
>>>> fault support?
>>>
>>> I guess so, I see some slides that say device page fault is very slow.
>>>
>>>>
>>>> My understanding is that hardware page fault support is not yet
>>>> deployed. We'd be left with pinning guest RAM permanently or using a
>>>> runtime pinning/unpinning approach like I've described.
>>>
>>> Probably.
>>>
>>> Thanks
>>>
>>>>
>>>> Stefan
>>>>
>>>
>>
>

On Fri, Jul 7, 2023 at 7:21 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>
> On 7/7/23 03:43, Jason Wang wrote:
> > On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>
> >> On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
> >>>
> >>> On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>
> >>>> On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>
> >>>>> On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>
> >>>>>> On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>
> >>>>>>> On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>
> >>>>>>>> On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>
> >>>>>>>>> On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>
> >>>>>>>>>> On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On 6/27/23 04:54, Jason Wang wrote:
> >>>>>>>>>>>>>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On 6/26/23 08:32, Jason Wang wrote:
> >>>>>>>>>>>>>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> >>>>>>>>>>>>>>>> So, that might be one case.  Taking into account that just rcu lock and
> >>>>>>>>>>>>>>>> unlock in virtio-net code takes more time than a packet copy, some batching
> >>>>>>>>>>>>>>>> on QEMU side should improve performance significantly.  And it shouldn't be
> >>>>>>>>>>>>>>>> too hard to implement.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Performance over virtual interfaces may potentially be improved by creating
> >>>>>>>>>>>>>>>> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> >>>>>>>>>>>>>>>> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> >>>>>>>>>>>>>>>> scale well.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Interestingly, actually, there are a lot of "duplication" between
> >>>>>>>>>>>>>>> io_uring and AF_XDP:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> 1) both have similar memory model (user register)
> >>>>>>>>>>>>>>> 2) both use ring for communication
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> I wonder if we can let io_uring talks directly to AF_XDP.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Well, if we submit poll() in QEMU main loop via io_uring, then we can
> >>>>>>>>>>>>>> avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> >>>>>>>>>>>>>> virtual interfaces.  io_uring thread in the kernel will be able to
> >>>>>>>>>>>>>> perform transmission for us.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> It would be nice if we can use iothread/vhost other than the main loop
> >>>>>>>>>>>>> even if io_uring can use kthreads. We can avoid the memory translation
> >>>>>>>>>>>>> cost.
> >>>>>>>>>>>>
> >>>>>>>>>>>> The QEMU event loop (AioContext) has io_uring code
> >>>>>>>>>>>> (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> >>>>>>>>>>>> on patches to re-enable it and will probably send them in July. The
> >>>>>>>>>>>> patches also add an API to submit arbitrary io_uring operations so
> >>>>>>>>>>>> that you can do stuff besides file descriptor monitoring. Both the
> >>>>>>>>>>>> main loop and IOThreads will be able to use io_uring on Linux hosts.
> >>>>>>>>>>>
> >>>>>>>>>>> Just to make sure I understand. If we still need a copy from guest to
> >>>>>>>>>>> io_uring buffer, we still need to go via memory API for GPA which
> >>>>>>>>>>> seems expensive.
> >>>>>>>>>>>
> >>>>>>>>>>> Vhost seems to be a shortcut for this.
> >>>>>>>>>>
> >>>>>>>>>> I'm not sure how exactly you're thinking of using io_uring.
> >>>>>>>>>>
> >>>>>>>>>> Simply using io_uring for the event loop (file descriptor monitoring)
> >>>>>>>>>> doesn't involve an extra buffer, but the packet payload still needs to
> >>>>>>>>>> reside in AF_XDP umem, so there is a copy between guest memory and
> >>>>>>>>>> umem.
> >>>>>>>>>
> >>>>>>>>> So there would be a translation from GPA to HVA (unless io_uring
> >>>>>>>>> support 2 stages) which needs to go via qemu memory core. And this
> >>>>>>>>> part seems to be very expensive according to my test in the past.
> >>>>>>>>
> >>>>>>>> Yes, but in the current approach where AF_XDP is implemented as a QEMU
> >>>>>>>> netdev, there is already QEMU device emulation (e.g. virtio-net)
> >>>>>>>> happening. So the GPA to HVA translation will happen anyway in device
> >>>>>>>> emulation.
> >>>>>>>
> >>>>>>> Just to make sure we're on the same page.
> >>>>>>>
> >>>>>>> I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> >>>>>>> QEMU netdev, it would be very hard to achieve that if we stick to
> >>>>>>> using the Qemu memory core translations which need to take care about
> >>>>>>> too much extra stuff. That's why I suggest using vhost in io threads
> >>>>>>> which only cares about ram so the translation could be very fast.
> >>>>>>
> >>>>>> What does using "vhost in io threads" mean?
> >>>>>
> >>>>> It means a vhost userspace dataplane that is implemented via io threads.
> >>>>
> >>>> AFAIK this does not exist today. QEMU's built-in devices that use
> >>>> IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> >>>> vhost-user, or vDPA but not built-in devices that use IOThreads. The
> >>>> built-in devices implement VirtioDeviceClass callbacks directly and
> >>>> use AioContext APIs to run in IOThreads.
> >>>
> >>> Yes.
> >>>
> >>>>
> >>>> Do you have an idea for using vhost code for built-in devices? Maybe
> >>>> it's fastest if you explain your idea and its advantages instead of me
> >>>> guessing.
> >>>
> >>> It's something like I'd proposed in [1]:
> >>>
> >>> 1) a vhost that is implemented via IOThreads
> >>> 2) memory translation is done via vhost memory table/IOTLB
> >>>
> >>> The advantages are:
> >>>
> >>> 1) No 3rd application like DPDK application
> >>> 2) Attack surface were reduced
> >>> 3) Better understanding/interactions with device model for things like
> >>> RSS and IOMMU
> >>>
> >>> There could be some dis-advantages but it's not obvious to me :)
> >>
> >> Why is QEMU's native device emulation API not the natural choice for
> >> writing built-in devices? I don't understand why the vhost interface
> >> is desirable for built-in devices.
> >
> > Unless the memory helpers (like address translations) were optimized
> > fully to satisfy this 10M+ PPS.
> >
> > Not sure if this is too hard, but last time I benchmark, perf told me
> > most of the time spent in the translation.
> >
> > Using a vhost is a workaround since its memory model is much more
> > simpler so it can skip lots of memory sections like I/O and ROM etc.
>
> So, we can have a thread running as part of QEMU process that implements
> vhost functionality for a virtio-net device.  And this thread has an
> optimized way to access memory.  What prevents current virtio-net emulation
> code accessing memory in the same optimized way?

Current emulation using memory core accessors which needs to take care
of a lot of stuff like MMIO or even P2P. Such kind of stuff is not
considered since day0 of vhost. You can do some experiment on this e.g
just dropping packets after fetching it from the TX ring.

> i.e. we likely don't
> actually need to implement the whole vhost-virtio communication protocol
> in order to have faster memory access from the device emulation code.
> I mean, if vhost can access device memory faster, why device itself can't?

I'm not saying it can't but it would end up with something similar to
vhost. And that's why I'm saying using vhost is a shortcut (at least
for a POC).

Thanks

>
> With that we could probably split the "datapath" part of the virtio-net
> emulation into a separate thread driven by iothread loop.
>
> Then add batch API for communication with a network backend (af-xdp) to
> avoid per-packet calls.
>
> These are 3 more or less independent tasks that should allow the similar
> performance to a full fledged vhost control and dataplane implementation
> inside QEMU.
>
> Or am I missing something? (Probably)
>
> >
> > Thanks
> >
> >>
> >>>
> >>> It's something like linking SPDK/DPDK to Qemu.
> >>
> >> Sergio Lopez tried loading vhost-user devices as shared libraries that
> >> run in the QEMU process. It worked as an experiment but wasn't pursued
> >> further.
> >>
> >> I think that might make sense in specific cases where there is an
> >> existing vhost-user codebase that needs to run as part of QEMU.
> >>
> >> In this case the AF_XDP code is new, so it's not a case of moving
> >> existing code into QEMU.
> >>
> >>>
> >>>>
> >>>>>>>> Regarding pinning - I wonder if that's something that can be refined
> >>>>>>>> in the kernel by adding an AF_XDP flag that enables on-demand pinning
> >>>>>>>> of umem. That way only rx and tx buffers that are currently in use
> >>>>>>>> will be pinned. The disadvantage is the runtime overhead to pin/unpin
> >>>>>>>> pages. I'm not sure whether it's possible to implement this, I haven't
> >>>>>>>> checked the kernel code.
> >>>>>>>
> >>>>>>> It requires the device to do page faults which is not commonly
> >>>>>>> supported nowadays.
> >>>>>>
> >>>>>> I don't understand this comment. AF_XDP processes each rx/tx
> >>>>>> descriptor. At that point it can getuserpages() or similar in order to
> >>>>>> pin the page. When the memory is no longer needed, it can put those
> >>>>>> pages. No fault mechanism is needed. What am I missing?
> >>>>>
> >>>>> Ok, I think I kind of get you, you mean doing pinning while processing
> >>>>> rx/tx buffers? It's not easy since GUP itself is not very fast, it may
> >>>>> hit PPS for sure.
> >>>>
> >>>> Yes. It's not as fast as permanently pinning rx/tx buffers, but it
> >>>> supports unpinned guest RAM.
> >>>
> >>> Right, it's a balance between pin and PPS. PPS seems to be more
> >>> important in this case.
> >>>
> >>>>
> >>>> There are variations on this approach, like keeping a certain amount
> >>>> of pages pinned after they have been used so the cost of
> >>>> pinning/unpinning can be avoided when the same pages are reused in the
> >>>> future, but I don't know how effective that is in practice.
> >>>>
> >>>> Is there a more efficient approach without relying on hardware page
> >>>> fault support?
> >>>
> >>> I guess so, I see some slides that say device page fault is very slow.
> >>>
> >>>>
> >>>> My understanding is that hardware page fault support is not yet
> >>>> deployed. We'd be left with pinning guest RAM permanently or using a
> >>>> runtime pinning/unpinning approach like I've described.
> >>>
> >>> Probably.
> >>>
> >>> Thanks
> >>>
> >>>>
> >>>> Stefan
> >>>>
> >>>
> >>
> >
>

On 7/10/23 05:51, Jason Wang wrote:
> On Fri, Jul 7, 2023 at 7:21 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>>
>> On 7/7/23 03:43, Jason Wang wrote:
>>> On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>
>>>> On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
>>>>>
>>>>> On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>
>>>>>> On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>
>>>>>>> On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>>>
>>>>>>>> On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>
>>>>>>>>> On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>> On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 6/27/23 04:54, Jason Wang wrote:
>>>>>>>>>>>>>>>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On 6/26/23 08:32, Jason Wang wrote:
>>>>>>>>>>>>>>>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
>>>>>>>>>>>>>>>>>> It is noticeably more performant than a tap with vhost=on in terms of PPS.
>>>>>>>>>>>>>>>>>> So, that might be one case.  Taking into account that just rcu lock and
>>>>>>>>>>>>>>>>>> unlock in virtio-net code takes more time than a packet copy, some batching
>>>>>>>>>>>>>>>>>> on QEMU side should improve performance significantly.  And it shouldn't be
>>>>>>>>>>>>>>>>>> too hard to implement.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Performance over virtual interfaces may potentially be improved by creating
>>>>>>>>>>>>>>>>>> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
>>>>>>>>>>>>>>>>>> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
>>>>>>>>>>>>>>>>>> scale well.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Interestingly, actually, there are a lot of "duplication" between
>>>>>>>>>>>>>>>>> io_uring and AF_XDP:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 1) both have similar memory model (user register)
>>>>>>>>>>>>>>>>> 2) both use ring for communication
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I wonder if we can let io_uring talks directly to AF_XDP.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Well, if we submit poll() in QEMU main loop via io_uring, then we can
>>>>>>>>>>>>>>>> avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
>>>>>>>>>>>>>>>> virtual interfaces.  io_uring thread in the kernel will be able to
>>>>>>>>>>>>>>>> perform transmission for us.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> It would be nice if we can use iothread/vhost other than the main loop
>>>>>>>>>>>>>>> even if io_uring can use kthreads. We can avoid the memory translation
>>>>>>>>>>>>>>> cost.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The QEMU event loop (AioContext) has io_uring code
>>>>>>>>>>>>>> (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
>>>>>>>>>>>>>> on patches to re-enable it and will probably send them in July. The
>>>>>>>>>>>>>> patches also add an API to submit arbitrary io_uring operations so
>>>>>>>>>>>>>> that you can do stuff besides file descriptor monitoring. Both the
>>>>>>>>>>>>>> main loop and IOThreads will be able to use io_uring on Linux hosts.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Just to make sure I understand. If we still need a copy from guest to
>>>>>>>>>>>>> io_uring buffer, we still need to go via memory API for GPA which
>>>>>>>>>>>>> seems expensive.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Vhost seems to be a shortcut for this.
>>>>>>>>>>>>
>>>>>>>>>>>> I'm not sure how exactly you're thinking of using io_uring.
>>>>>>>>>>>>
>>>>>>>>>>>> Simply using io_uring for the event loop (file descriptor monitoring)
>>>>>>>>>>>> doesn't involve an extra buffer, but the packet payload still needs to
>>>>>>>>>>>> reside in AF_XDP umem, so there is a copy between guest memory and
>>>>>>>>>>>> umem.
>>>>>>>>>>>
>>>>>>>>>>> So there would be a translation from GPA to HVA (unless io_uring
>>>>>>>>>>> support 2 stages) which needs to go via qemu memory core. And this
>>>>>>>>>>> part seems to be very expensive according to my test in the past.
>>>>>>>>>>
>>>>>>>>>> Yes, but in the current approach where AF_XDP is implemented as a QEMU
>>>>>>>>>> netdev, there is already QEMU device emulation (e.g. virtio-net)
>>>>>>>>>> happening. So the GPA to HVA translation will happen anyway in device
>>>>>>>>>> emulation.
>>>>>>>>>
>>>>>>>>> Just to make sure we're on the same page.
>>>>>>>>>
>>>>>>>>> I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
>>>>>>>>> QEMU netdev, it would be very hard to achieve that if we stick to
>>>>>>>>> using the Qemu memory core translations which need to take care about
>>>>>>>>> too much extra stuff. That's why I suggest using vhost in io threads
>>>>>>>>> which only cares about ram so the translation could be very fast.
>>>>>>>>
>>>>>>>> What does using "vhost in io threads" mean?
>>>>>>>
>>>>>>> It means a vhost userspace dataplane that is implemented via io threads.
>>>>>>
>>>>>> AFAIK this does not exist today. QEMU's built-in devices that use
>>>>>> IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
>>>>>> vhost-user, or vDPA but not built-in devices that use IOThreads. The
>>>>>> built-in devices implement VirtioDeviceClass callbacks directly and
>>>>>> use AioContext APIs to run in IOThreads.
>>>>>
>>>>> Yes.
>>>>>
>>>>>>
>>>>>> Do you have an idea for using vhost code for built-in devices? Maybe
>>>>>> it's fastest if you explain your idea and its advantages instead of me
>>>>>> guessing.
>>>>>
>>>>> It's something like I'd proposed in [1]:
>>>>>
>>>>> 1) a vhost that is implemented via IOThreads
>>>>> 2) memory translation is done via vhost memory table/IOTLB
>>>>>
>>>>> The advantages are:
>>>>>
>>>>> 1) No 3rd application like DPDK application
>>>>> 2) Attack surface were reduced
>>>>> 3) Better understanding/interactions with device model for things like
>>>>> RSS and IOMMU
>>>>>
>>>>> There could be some dis-advantages but it's not obvious to me :)
>>>>
>>>> Why is QEMU's native device emulation API not the natural choice for
>>>> writing built-in devices? I don't understand why the vhost interface
>>>> is desirable for built-in devices.
>>>
>>> Unless the memory helpers (like address translations) were optimized
>>> fully to satisfy this 10M+ PPS.
>>>
>>> Not sure if this is too hard, but last time I benchmark, perf told me
>>> most of the time spent in the translation.
>>>
>>> Using a vhost is a workaround since its memory model is much more
>>> simpler so it can skip lots of memory sections like I/O and ROM etc.
>>
>> So, we can have a thread running as part of QEMU process that implements
>> vhost functionality for a virtio-net device.  And this thread has an
>> optimized way to access memory.  What prevents current virtio-net emulation
>> code accessing memory in the same optimized way?
> 
> Current emulation using memory core accessors which needs to take care
> of a lot of stuff like MMIO or even P2P. Such kind of stuff is not
> considered since day0 of vhost. You can do some experiment on this e.g
> just dropping packets after fetching it from the TX ring.

If I'm reading that right, virtio implementation is using address space
caching by utilizing a memory listener and pre-translated addresses of
interesting memory regions.  Then it's performing address_space_read_cached,
which is bypassing all the memory address translation logic on a cache hit.
That sounds pretty similar to how memory table is prepared for vhost.

> 
>> i.e. we likely don't
>> actually need to implement the whole vhost-virtio communication protocol
>> in order to have faster memory access from the device emulation code.
>> I mean, if vhost can access device memory faster, why device itself can't?
> 
> I'm not saying it can't but it would end up with something similar to
> vhost. And that's why I'm saying using vhost is a shortcut (at least
> for a POC).
> 
> Thanks
> 
>>
>> With that we could probably split the "datapath" part of the virtio-net
>> emulation into a separate thread driven by iothread loop.
>>
>> Then add batch API for communication with a network backend (af-xdp) to
>> avoid per-packet calls.
>>
>> These are 3 more or less independent tasks that should allow the similar
>> performance to a full fledged vhost control and dataplane implementation
>> inside QEMU.
>>
>> Or am I missing something? (Probably)
>>
>>>
>>> Thanks
>>>
>>>>
>>>>>
>>>>> It's something like linking SPDK/DPDK to Qemu.
>>>>
>>>> Sergio Lopez tried loading vhost-user devices as shared libraries that
>>>> run in the QEMU process. It worked as an experiment but wasn't pursued
>>>> further.
>>>>
>>>> I think that might make sense in specific cases where there is an
>>>> existing vhost-user codebase that needs to run as part of QEMU.
>>>>
>>>> In this case the AF_XDP code is new, so it's not a case of moving
>>>> existing code into QEMU.
>>>>
>>>>>
>>>>>>
>>>>>>>>>> Regarding pinning - I wonder if that's something that can be refined
>>>>>>>>>> in the kernel by adding an AF_XDP flag that enables on-demand pinning
>>>>>>>>>> of umem. That way only rx and tx buffers that are currently in use
>>>>>>>>>> will be pinned. The disadvantage is the runtime overhead to pin/unpin
>>>>>>>>>> pages. I'm not sure whether it's possible to implement this, I haven't
>>>>>>>>>> checked the kernel code.
>>>>>>>>>
>>>>>>>>> It requires the device to do page faults which is not commonly
>>>>>>>>> supported nowadays.
>>>>>>>>
>>>>>>>> I don't understand this comment. AF_XDP processes each rx/tx
>>>>>>>> descriptor. At that point it can getuserpages() or similar in order to
>>>>>>>> pin the page. When the memory is no longer needed, it can put those
>>>>>>>> pages. No fault mechanism is needed. What am I missing?
>>>>>>>
>>>>>>> Ok, I think I kind of get you, you mean doing pinning while processing
>>>>>>> rx/tx buffers? It's not easy since GUP itself is not very fast, it may
>>>>>>> hit PPS for sure.
>>>>>>
>>>>>> Yes. It's not as fast as permanently pinning rx/tx buffers, but it
>>>>>> supports unpinned guest RAM.
>>>>>
>>>>> Right, it's a balance between pin and PPS. PPS seems to be more
>>>>> important in this case.
>>>>>
>>>>>>
>>>>>> There are variations on this approach, like keeping a certain amount
>>>>>> of pages pinned after they have been used so the cost of
>>>>>> pinning/unpinning can be avoided when the same pages are reused in the
>>>>>> future, but I don't know how effective that is in practice.
>>>>>>
>>>>>> Is there a more efficient approach without relying on hardware page
>>>>>> fault support?
>>>>>
>>>>> I guess so, I see some slides that say device page fault is very slow.
>>>>>
>>>>>>
>>>>>> My understanding is that hardware page fault support is not yet
>>>>>> deployed. We'd be left with pinning guest RAM permanently or using a
>>>>>> runtime pinning/unpinning approach like I've described.
>>>>>
>>>>> Probably.
>>>>>
>>>>> Thanks
>>>>>
>>>>>>
>>>>>> Stefan
>>>>>>
>>>>>
>>>>
>>>
>>
>

On Thu, 6 Jul 2023 at 21:43, Jason Wang <jasowang@redhat.com> wrote:
>
> On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >
> > On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
> > >
> > > On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > >
> > > > On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> > > > >
> > > > > On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > >
> > > > > > On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > >
> > > > > > > On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > >
> > > > > > > > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > >
> > > > > > > > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > > >
> > > > > > > > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > > > > >>>>
> > > > > > > > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > > > > > > > >> too hard to implement.
> > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > > > > > > > >> scale well.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > > > > > > > io_uring and AF_XDP:
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > > > > > > > 2) both use ring for communication
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > > > > > > > perform transmission for us.
> > > > > > > > > > > > >
> > > > > > > > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > > > > > > > cost.
> > > > > > > > > > > >
> > > > > > > > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > > > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > > > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > > > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > > > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > > > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > > > > > > > >
> > > > > > > > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > > > > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > > > > > > > seems expensive.
> > > > > > > > > > >
> > > > > > > > > > > Vhost seems to be a shortcut for this.
> > > > > > > > > >
> > > > > > > > > > I'm not sure how exactly you're thinking of using io_uring.
> > > > > > > > > >
> > > > > > > > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > > > > > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > > > > > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > > > > > > > umem.
> > > > > > > > >
> > > > > > > > > So there would be a translation from GPA to HVA (unless io_uring
> > > > > > > > > support 2 stages) which needs to go via qemu memory core. And this
> > > > > > > > > part seems to be very expensive according to my test in the past.
> > > > > > > >
> > > > > > > > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > > > > > > > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > > > > > > > happening. So the GPA to HVA translation will happen anyway in device
> > > > > > > > emulation.
> > > > > > >
> > > > > > > Just to make sure we're on the same page.
> > > > > > >
> > > > > > > I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > > > > > > QEMU netdev, it would be very hard to achieve that if we stick to
> > > > > > > using the Qemu memory core translations which need to take care about
> > > > > > > too much extra stuff. That's why I suggest using vhost in io threads
> > > > > > > which only cares about ram so the translation could be very fast.
> > > > > >
> > > > > > What does using "vhost in io threads" mean?
> > > > >
> > > > > It means a vhost userspace dataplane that is implemented via io threads.
> > > >
> > > > AFAIK this does not exist today. QEMU's built-in devices that use
> > > > IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> > > > vhost-user, or vDPA but not built-in devices that use IOThreads. The
> > > > built-in devices implement VirtioDeviceClass callbacks directly and
> > > > use AioContext APIs to run in IOThreads.
> > >
> > > Yes.
> > >
> > > >
> > > > Do you have an idea for using vhost code for built-in devices? Maybe
> > > > it's fastest if you explain your idea and its advantages instead of me
> > > > guessing.
> > >
> > > It's something like I'd proposed in [1]:
> > >
> > > 1) a vhost that is implemented via IOThreads
> > > 2) memory translation is done via vhost memory table/IOTLB
> > >
> > > The advantages are:
> > >
> > > 1) No 3rd application like DPDK application
> > > 2) Attack surface were reduced
> > > 3) Better understanding/interactions with device model for things like
> > > RSS and IOMMU
> > >
> > > There could be some dis-advantages but it's not obvious to me :)
> >
> > Why is QEMU's native device emulation API not the natural choice for
> > writing built-in devices? I don't understand why the vhost interface
> > is desirable for built-in devices.
>
> Unless the memory helpers (like address translations) were optimized
> fully to satisfy this 10M+ PPS.
>
> Not sure if this is too hard, but last time I benchmark, perf told me
> most of the time spent in the translation.
>
> Using a vhost is a workaround since its memory model is much more
> simpler so it can skip lots of memory sections like I/O and ROM etc.

I see, that sounds like a question of optimization. Most DMA transfers
will be to/from guest RAM and it seems like QEMU's memory API could be
optimized for that case. PIO/MMIO dispatch could use a different API
from DMA transfers, if necessary.

I don't think there is a fundamental reason why QEMU's own device
emulation code cannot translate memory as fast as vhost devices can.

Stefan

On Mon, 10 Jul 2023 at 06:55, Ilya Maximets <i.maximets@ovn.org> wrote:
>
> On 7/10/23 05:51, Jason Wang wrote:
> > On Fri, Jul 7, 2023 at 7:21 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>
> >> On 7/7/23 03:43, Jason Wang wrote:
> >>> On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>
> >>>> On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>
> >>>>> On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>
> >>>>>> On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>
> >>>>>>> On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>
> >>>>>>>> On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>
> >>>>>>>>> On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>
> >>>>>>>>>> On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On 6/27/23 04:54, Jason Wang wrote:
> >>>>>>>>>>>>>>>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On 6/26/23 08:32, Jason Wang wrote:
> >>>>>>>>>>>>>>>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>>>> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> >>>>>>>>>>>>>>>>>> So, that might be one case.  Taking into account that just rcu lock and
> >>>>>>>>>>>>>>>>>> unlock in virtio-net code takes more time than a packet copy, some batching
> >>>>>>>>>>>>>>>>>> on QEMU side should improve performance significantly.  And it shouldn't be
> >>>>>>>>>>>>>>>>>> too hard to implement.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Performance over virtual interfaces may potentially be improved by creating
> >>>>>>>>>>>>>>>>>> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> >>>>>>>>>>>>>>>>>> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> >>>>>>>>>>>>>>>>>> scale well.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Interestingly, actually, there are a lot of "duplication" between
> >>>>>>>>>>>>>>>>> io_uring and AF_XDP:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> 1) both have similar memory model (user register)
> >>>>>>>>>>>>>>>>> 2) both use ring for communication
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I wonder if we can let io_uring talks directly to AF_XDP.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Well, if we submit poll() in QEMU main loop via io_uring, then we can
> >>>>>>>>>>>>>>>> avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> >>>>>>>>>>>>>>>> virtual interfaces.  io_uring thread in the kernel will be able to
> >>>>>>>>>>>>>>>> perform transmission for us.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> It would be nice if we can use iothread/vhost other than the main loop
> >>>>>>>>>>>>>>> even if io_uring can use kthreads. We can avoid the memory translation
> >>>>>>>>>>>>>>> cost.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> The QEMU event loop (AioContext) has io_uring code
> >>>>>>>>>>>>>> (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> >>>>>>>>>>>>>> on patches to re-enable it and will probably send them in July. The
> >>>>>>>>>>>>>> patches also add an API to submit arbitrary io_uring operations so
> >>>>>>>>>>>>>> that you can do stuff besides file descriptor monitoring. Both the
> >>>>>>>>>>>>>> main loop and IOThreads will be able to use io_uring on Linux hosts.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Just to make sure I understand. If we still need a copy from guest to
> >>>>>>>>>>>>> io_uring buffer, we still need to go via memory API for GPA which
> >>>>>>>>>>>>> seems expensive.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Vhost seems to be a shortcut for this.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I'm not sure how exactly you're thinking of using io_uring.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Simply using io_uring for the event loop (file descriptor monitoring)
> >>>>>>>>>>>> doesn't involve an extra buffer, but the packet payload still needs to
> >>>>>>>>>>>> reside in AF_XDP umem, so there is a copy between guest memory and
> >>>>>>>>>>>> umem.
> >>>>>>>>>>>
> >>>>>>>>>>> So there would be a translation from GPA to HVA (unless io_uring
> >>>>>>>>>>> support 2 stages) which needs to go via qemu memory core. And this
> >>>>>>>>>>> part seems to be very expensive according to my test in the past.
> >>>>>>>>>>
> >>>>>>>>>> Yes, but in the current approach where AF_XDP is implemented as a QEMU
> >>>>>>>>>> netdev, there is already QEMU device emulation (e.g. virtio-net)
> >>>>>>>>>> happening. So the GPA to HVA translation will happen anyway in device
> >>>>>>>>>> emulation.
> >>>>>>>>>
> >>>>>>>>> Just to make sure we're on the same page.
> >>>>>>>>>
> >>>>>>>>> I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> >>>>>>>>> QEMU netdev, it would be very hard to achieve that if we stick to
> >>>>>>>>> using the Qemu memory core translations which need to take care about
> >>>>>>>>> too much extra stuff. That's why I suggest using vhost in io threads
> >>>>>>>>> which only cares about ram so the translation could be very fast.
> >>>>>>>>
> >>>>>>>> What does using "vhost in io threads" mean?
> >>>>>>>
> >>>>>>> It means a vhost userspace dataplane that is implemented via io threads.
> >>>>>>
> >>>>>> AFAIK this does not exist today. QEMU's built-in devices that use
> >>>>>> IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> >>>>>> vhost-user, or vDPA but not built-in devices that use IOThreads. The
> >>>>>> built-in devices implement VirtioDeviceClass callbacks directly and
> >>>>>> use AioContext APIs to run in IOThreads.
> >>>>>
> >>>>> Yes.
> >>>>>
> >>>>>>
> >>>>>> Do you have an idea for using vhost code for built-in devices? Maybe
> >>>>>> it's fastest if you explain your idea and its advantages instead of me
> >>>>>> guessing.
> >>>>>
> >>>>> It's something like I'd proposed in [1]:
> >>>>>
> >>>>> 1) a vhost that is implemented via IOThreads
> >>>>> 2) memory translation is done via vhost memory table/IOTLB
> >>>>>
> >>>>> The advantages are:
> >>>>>
> >>>>> 1) No 3rd application like DPDK application
> >>>>> 2) Attack surface were reduced
> >>>>> 3) Better understanding/interactions with device model for things like
> >>>>> RSS and IOMMU
> >>>>>
> >>>>> There could be some dis-advantages but it's not obvious to me :)
> >>>>
> >>>> Why is QEMU's native device emulation API not the natural choice for
> >>>> writing built-in devices? I don't understand why the vhost interface
> >>>> is desirable for built-in devices.
> >>>
> >>> Unless the memory helpers (like address translations) were optimized
> >>> fully to satisfy this 10M+ PPS.
> >>>
> >>> Not sure if this is too hard, but last time I benchmark, perf told me
> >>> most of the time spent in the translation.
> >>>
> >>> Using a vhost is a workaround since its memory model is much more
> >>> simpler so it can skip lots of memory sections like I/O and ROM etc.
> >>
> >> So, we can have a thread running as part of QEMU process that implements
> >> vhost functionality for a virtio-net device.  And this thread has an
> >> optimized way to access memory.  What prevents current virtio-net emulation
> >> code accessing memory in the same optimized way?
> >
> > Current emulation using memory core accessors which needs to take care
> > of a lot of stuff like MMIO or even P2P. Such kind of stuff is not
> > considered since day0 of vhost. You can do some experiment on this e.g
> > just dropping packets after fetching it from the TX ring.
>
> If I'm reading that right, virtio implementation is using address space
> caching by utilizing a memory listener and pre-translated addresses of
> interesting memory regions.  Then it's performing address_space_read_cached,
> which is bypassing all the memory address translation logic on a cache hit.
> That sounds pretty similar to how memory table is prepared for vhost.

Exactly, but only for the vring memory structures (avail, used, and
descriptor rings in the Split Virtqueue Layout).

The packet headers and payloads are still translated using the
uncached virtqueue_pop() -> dma_memory_map() -> address_space_map()
API.

Running a tx packet drop benchmark as Jason suggested and checking if
memory translation is a bottleneck seems worthwhile. Improving
dma_memory_map() performance would speed up all built-in QEMU devices.

Jason: When you noticed this bottleneck, were you using a normal
virtio-net-pci device without vIOMMU?

Stefan

On Mon, Jul 10, 2023 at 6:55 PM Ilya Maximets <i.maximets@ovn.org> wrote:
>
> On 7/10/23 05:51, Jason Wang wrote:
> > On Fri, Jul 7, 2023 at 7:21 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>
> >> On 7/7/23 03:43, Jason Wang wrote:
> >>> On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>
> >>>> On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>
> >>>>> On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>
> >>>>>> On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>
> >>>>>>> On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>
> >>>>>>>> On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>
> >>>>>>>>> On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>
> >>>>>>>>>> On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On 6/27/23 04:54, Jason Wang wrote:
> >>>>>>>>>>>>>>>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On 6/26/23 08:32, Jason Wang wrote:
> >>>>>>>>>>>>>>>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> >>>>>>>>>>>>>>>>>> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> >>>>>>>>>>>>>>>>>> So, that might be one case.  Taking into account that just rcu lock and
> >>>>>>>>>>>>>>>>>> unlock in virtio-net code takes more time than a packet copy, some batching
> >>>>>>>>>>>>>>>>>> on QEMU side should improve performance significantly.  And it shouldn't be
> >>>>>>>>>>>>>>>>>> too hard to implement.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Performance over virtual interfaces may potentially be improved by creating
> >>>>>>>>>>>>>>>>>> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> >>>>>>>>>>>>>>>>>> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> >>>>>>>>>>>>>>>>>> scale well.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Interestingly, actually, there are a lot of "duplication" between
> >>>>>>>>>>>>>>>>> io_uring and AF_XDP:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> 1) both have similar memory model (user register)
> >>>>>>>>>>>>>>>>> 2) both use ring for communication
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I wonder if we can let io_uring talks directly to AF_XDP.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Well, if we submit poll() in QEMU main loop via io_uring, then we can
> >>>>>>>>>>>>>>>> avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> >>>>>>>>>>>>>>>> virtual interfaces.  io_uring thread in the kernel will be able to
> >>>>>>>>>>>>>>>> perform transmission for us.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> It would be nice if we can use iothread/vhost other than the main loop
> >>>>>>>>>>>>>>> even if io_uring can use kthreads. We can avoid the memory translation
> >>>>>>>>>>>>>>> cost.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> The QEMU event loop (AioContext) has io_uring code
> >>>>>>>>>>>>>> (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> >>>>>>>>>>>>>> on patches to re-enable it and will probably send them in July. The
> >>>>>>>>>>>>>> patches also add an API to submit arbitrary io_uring operations so
> >>>>>>>>>>>>>> that you can do stuff besides file descriptor monitoring. Both the
> >>>>>>>>>>>>>> main loop and IOThreads will be able to use io_uring on Linux hosts.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Just to make sure I understand. If we still need a copy from guest to
> >>>>>>>>>>>>> io_uring buffer, we still need to go via memory API for GPA which
> >>>>>>>>>>>>> seems expensive.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Vhost seems to be a shortcut for this.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I'm not sure how exactly you're thinking of using io_uring.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Simply using io_uring for the event loop (file descriptor monitoring)
> >>>>>>>>>>>> doesn't involve an extra buffer, but the packet payload still needs to
> >>>>>>>>>>>> reside in AF_XDP umem, so there is a copy between guest memory and
> >>>>>>>>>>>> umem.
> >>>>>>>>>>>
> >>>>>>>>>>> So there would be a translation from GPA to HVA (unless io_uring
> >>>>>>>>>>> support 2 stages) which needs to go via qemu memory core. And this
> >>>>>>>>>>> part seems to be very expensive according to my test in the past.
> >>>>>>>>>>
> >>>>>>>>>> Yes, but in the current approach where AF_XDP is implemented as a QEMU
> >>>>>>>>>> netdev, there is already QEMU device emulation (e.g. virtio-net)
> >>>>>>>>>> happening. So the GPA to HVA translation will happen anyway in device
> >>>>>>>>>> emulation.
> >>>>>>>>>
> >>>>>>>>> Just to make sure we're on the same page.
> >>>>>>>>>
> >>>>>>>>> I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> >>>>>>>>> QEMU netdev, it would be very hard to achieve that if we stick to
> >>>>>>>>> using the Qemu memory core translations which need to take care about
> >>>>>>>>> too much extra stuff. That's why I suggest using vhost in io threads
> >>>>>>>>> which only cares about ram so the translation could be very fast.
> >>>>>>>>
> >>>>>>>> What does using "vhost in io threads" mean?
> >>>>>>>
> >>>>>>> It means a vhost userspace dataplane that is implemented via io threads.
> >>>>>>
> >>>>>> AFAIK this does not exist today. QEMU's built-in devices that use
> >>>>>> IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> >>>>>> vhost-user, or vDPA but not built-in devices that use IOThreads. The
> >>>>>> built-in devices implement VirtioDeviceClass callbacks directly and
> >>>>>> use AioContext APIs to run in IOThreads.
> >>>>>
> >>>>> Yes.
> >>>>>
> >>>>>>
> >>>>>> Do you have an idea for using vhost code for built-in devices? Maybe
> >>>>>> it's fastest if you explain your idea and its advantages instead of me
> >>>>>> guessing.
> >>>>>
> >>>>> It's something like I'd proposed in [1]:
> >>>>>
> >>>>> 1) a vhost that is implemented via IOThreads
> >>>>> 2) memory translation is done via vhost memory table/IOTLB
> >>>>>
> >>>>> The advantages are:
> >>>>>
> >>>>> 1) No 3rd application like DPDK application
> >>>>> 2) Attack surface were reduced
> >>>>> 3) Better understanding/interactions with device model for things like
> >>>>> RSS and IOMMU
> >>>>>
> >>>>> There could be some dis-advantages but it's not obvious to me :)
> >>>>
> >>>> Why is QEMU's native device emulation API not the natural choice for
> >>>> writing built-in devices? I don't understand why the vhost interface
> >>>> is desirable for built-in devices.
> >>>
> >>> Unless the memory helpers (like address translations) were optimized
> >>> fully to satisfy this 10M+ PPS.
> >>>
> >>> Not sure if this is too hard, but last time I benchmark, perf told me
> >>> most of the time spent in the translation.
> >>>
> >>> Using a vhost is a workaround since its memory model is much more
> >>> simpler so it can skip lots of memory sections like I/O and ROM etc.
> >>
> >> So, we can have a thread running as part of QEMU process that implements
> >> vhost functionality for a virtio-net device.  And this thread has an
> >> optimized way to access memory.  What prevents current virtio-net emulation
> >> code accessing memory in the same optimized way?
> >
> > Current emulation using memory core accessors which needs to take care
> > of a lot of stuff like MMIO or even P2P. Such kind of stuff is not
> > considered since day0 of vhost. You can do some experiment on this e.g
> > just dropping packets after fetching it from the TX ring.
>
> If I'm reading that right, virtio implementation is using address space
> caching by utilizing a memory listener and pre-translated addresses of
> interesting memory regions.  Then it's performing address_space_read_cached,
> which is bypassing all the memory address translation logic on a cache hit.
> That sounds pretty similar to how memory table is prepared for vhost.

It's only done for virtqueue metadata (desc, driver and device area),
we still need to do dma map for the packet buffer itself.

Thanks

>
> >
> >> i.e. we likely don't
> >> actually need to implement the whole vhost-virtio communication protocol
> >> in order to have faster memory access from the device emulation code.
> >> I mean, if vhost can access device memory faster, why device itself can't?
> >
> > I'm not saying it can't but it would end up with something similar to
> > vhost. And that's why I'm saying using vhost is a shortcut (at least
> > for a POC).
> >
> > Thanks
> >
> >>
> >> With that we could probably split the "datapath" part of the virtio-net
> >> emulation into a separate thread driven by iothread loop.
> >>
> >> Then add batch API for communication with a network backend (af-xdp) to
> >> avoid per-packet calls.
> >>
> >> These are 3 more or less independent tasks that should allow the similar
> >> performance to a full fledged vhost control and dataplane implementation
> >> inside QEMU.
> >>
> >> Or am I missing something? (Probably)
> >>
> >>>
> >>> Thanks
> >>>
> >>>>
> >>>>>
> >>>>> It's something like linking SPDK/DPDK to Qemu.
> >>>>
> >>>> Sergio Lopez tried loading vhost-user devices as shared libraries that
> >>>> run in the QEMU process. It worked as an experiment but wasn't pursued
> >>>> further.
> >>>>
> >>>> I think that might make sense in specific cases where there is an
> >>>> existing vhost-user codebase that needs to run as part of QEMU.
> >>>>
> >>>> In this case the AF_XDP code is new, so it's not a case of moving
> >>>> existing code into QEMU.
> >>>>
> >>>>>
> >>>>>>
> >>>>>>>>>> Regarding pinning - I wonder if that's something that can be refined
> >>>>>>>>>> in the kernel by adding an AF_XDP flag that enables on-demand pinning
> >>>>>>>>>> of umem. That way only rx and tx buffers that are currently in use
> >>>>>>>>>> will be pinned. The disadvantage is the runtime overhead to pin/unpin
> >>>>>>>>>> pages. I'm not sure whether it's possible to implement this, I haven't
> >>>>>>>>>> checked the kernel code.
> >>>>>>>>>
> >>>>>>>>> It requires the device to do page faults which is not commonly
> >>>>>>>>> supported nowadays.
> >>>>>>>>
> >>>>>>>> I don't understand this comment. AF_XDP processes each rx/tx
> >>>>>>>> descriptor. At that point it can getuserpages() or similar in order to
> >>>>>>>> pin the page. When the memory is no longer needed, it can put those
> >>>>>>>> pages. No fault mechanism is needed. What am I missing?
> >>>>>>>
> >>>>>>> Ok, I think I kind of get you, you mean doing pinning while processing
> >>>>>>> rx/tx buffers? It's not easy since GUP itself is not very fast, it may
> >>>>>>> hit PPS for sure.
> >>>>>>
> >>>>>> Yes. It's not as fast as permanently pinning rx/tx buffers, but it
> >>>>>> supports unpinned guest RAM.
> >>>>>
> >>>>> Right, it's a balance between pin and PPS. PPS seems to be more
> >>>>> important in this case.
> >>>>>
> >>>>>>
> >>>>>> There are variations on this approach, like keeping a certain amount
> >>>>>> of pages pinned after they have been used so the cost of
> >>>>>> pinning/unpinning can be avoided when the same pages are reused in the
> >>>>>> future, but I don't know how effective that is in practice.
> >>>>>>
> >>>>>> Is there a more efficient approach without relying on hardware page
> >>>>>> fault support?
> >>>>>
> >>>>> I guess so, I see some slides that say device page fault is very slow.
> >>>>>
> >>>>>>
> >>>>>> My understanding is that hardware page fault support is not yet
> >>>>>> deployed. We'd be left with pinning guest RAM permanently or using a
> >>>>>> runtime pinning/unpinning approach like I've described.
> >>>>>
> >>>>> Probably.
> >>>>>
> >>>>> Thanks
> >>>>>
> >>>>>>
> >>>>>> Stefan
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>
> >
>

On Mon, Jul 10, 2023 at 11:21 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Mon, 10 Jul 2023 at 06:55, Ilya Maximets <i.maximets@ovn.org> wrote:
> >
> > On 7/10/23 05:51, Jason Wang wrote:
> > > On Fri, Jul 7, 2023 at 7:21 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > >>
> > >> On 7/7/23 03:43, Jason Wang wrote:
> > >>> On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >>>>
> > >>>> On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
> > >>>>>
> > >>>>> On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >>>>>>
> > >>>>>> On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> > >>>>>>>
> > >>>>>>> On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >>>>>>>>
> > >>>>>>>> On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> > >>>>>>>>>
> > >>>>>>>>> On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >>>>>>>>>>
> > >>>>>>>>>> On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > >>>>>>>>>>>
> > >>>>>>>>>>> On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> On 6/27/23 04:54, Jason Wang wrote:
> > >>>>>>>>>>>>>>>>> On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>> On 6/26/23 08:32, Jason Wang wrote:
> > >>>>>>>>>>>>>>>>>>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > >>>>>>>>>>>>>>>>>> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > >>>>>>>>>>>>>>>>>> So, that might be one case.  Taking into account that just rcu lock and
> > >>>>>>>>>>>>>>>>>> unlock in virtio-net code takes more time than a packet copy, some batching
> > >>>>>>>>>>>>>>>>>> on QEMU side should improve performance significantly.  And it shouldn't be
> > >>>>>>>>>>>>>>>>>> too hard to implement.
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>> Performance over virtual interfaces may potentially be improved by creating
> > >>>>>>>>>>>>>>>>>> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > >>>>>>>>>>>>>>>>>> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > >>>>>>>>>>>>>>>>>> scale well.
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> Interestingly, actually, there are a lot of "duplication" between
> > >>>>>>>>>>>>>>>>> io_uring and AF_XDP:
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> 1) both have similar memory model (user register)
> > >>>>>>>>>>>>>>>>> 2) both use ring for communication
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> I wonder if we can let io_uring talks directly to AF_XDP.
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > >>>>>>>>>>>>>>>> avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > >>>>>>>>>>>>>>>> virtual interfaces.  io_uring thread in the kernel will be able to
> > >>>>>>>>>>>>>>>> perform transmission for us.
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> It would be nice if we can use iothread/vhost other than the main loop
> > >>>>>>>>>>>>>>> even if io_uring can use kthreads. We can avoid the memory translation
> > >>>>>>>>>>>>>>> cost.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> The QEMU event loop (AioContext) has io_uring code
> > >>>>>>>>>>>>>> (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > >>>>>>>>>>>>>> on patches to re-enable it and will probably send them in July. The
> > >>>>>>>>>>>>>> patches also add an API to submit arbitrary io_uring operations so
> > >>>>>>>>>>>>>> that you can do stuff besides file descriptor monitoring. Both the
> > >>>>>>>>>>>>>> main loop and IOThreads will be able to use io_uring on Linux hosts.
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Just to make sure I understand. If we still need a copy from guest to
> > >>>>>>>>>>>>> io_uring buffer, we still need to go via memory API for GPA which
> > >>>>>>>>>>>>> seems expensive.
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Vhost seems to be a shortcut for this.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> I'm not sure how exactly you're thinking of using io_uring.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Simply using io_uring for the event loop (file descriptor monitoring)
> > >>>>>>>>>>>> doesn't involve an extra buffer, but the packet payload still needs to
> > >>>>>>>>>>>> reside in AF_XDP umem, so there is a copy between guest memory and
> > >>>>>>>>>>>> umem.
> > >>>>>>>>>>>
> > >>>>>>>>>>> So there would be a translation from GPA to HVA (unless io_uring
> > >>>>>>>>>>> support 2 stages) which needs to go via qemu memory core. And this
> > >>>>>>>>>>> part seems to be very expensive according to my test in the past.
> > >>>>>>>>>>
> > >>>>>>>>>> Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > >>>>>>>>>> netdev, there is already QEMU device emulation (e.g. virtio-net)
> > >>>>>>>>>> happening. So the GPA to HVA translation will happen anyway in device
> > >>>>>>>>>> emulation.
> > >>>>>>>>>
> > >>>>>>>>> Just to make sure we're on the same page.
> > >>>>>>>>>
> > >>>>>>>>> I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > >>>>>>>>> QEMU netdev, it would be very hard to achieve that if we stick to
> > >>>>>>>>> using the Qemu memory core translations which need to take care about
> > >>>>>>>>> too much extra stuff. That's why I suggest using vhost in io threads
> > >>>>>>>>> which only cares about ram so the translation could be very fast.
> > >>>>>>>>
> > >>>>>>>> What does using "vhost in io threads" mean?
> > >>>>>>>
> > >>>>>>> It means a vhost userspace dataplane that is implemented via io threads.
> > >>>>>>
> > >>>>>> AFAIK this does not exist today. QEMU's built-in devices that use
> > >>>>>> IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> > >>>>>> vhost-user, or vDPA but not built-in devices that use IOThreads. The
> > >>>>>> built-in devices implement VirtioDeviceClass callbacks directly and
> > >>>>>> use AioContext APIs to run in IOThreads.
> > >>>>>
> > >>>>> Yes.
> > >>>>>
> > >>>>>>
> > >>>>>> Do you have an idea for using vhost code for built-in devices? Maybe
> > >>>>>> it's fastest if you explain your idea and its advantages instead of me
> > >>>>>> guessing.
> > >>>>>
> > >>>>> It's something like I'd proposed in [1]:
> > >>>>>
> > >>>>> 1) a vhost that is implemented via IOThreads
> > >>>>> 2) memory translation is done via vhost memory table/IOTLB
> > >>>>>
> > >>>>> The advantages are:
> > >>>>>
> > >>>>> 1) No 3rd application like DPDK application
> > >>>>> 2) Attack surface were reduced
> > >>>>> 3) Better understanding/interactions with device model for things like
> > >>>>> RSS and IOMMU
> > >>>>>
> > >>>>> There could be some dis-advantages but it's not obvious to me :)
> > >>>>
> > >>>> Why is QEMU's native device emulation API not the natural choice for
> > >>>> writing built-in devices? I don't understand why the vhost interface
> > >>>> is desirable for built-in devices.
> > >>>
> > >>> Unless the memory helpers (like address translations) were optimized
> > >>> fully to satisfy this 10M+ PPS.
> > >>>
> > >>> Not sure if this is too hard, but last time I benchmark, perf told me
> > >>> most of the time spent in the translation.
> > >>>
> > >>> Using a vhost is a workaround since its memory model is much more
> > >>> simpler so it can skip lots of memory sections like I/O and ROM etc.
> > >>
> > >> So, we can have a thread running as part of QEMU process that implements
> > >> vhost functionality for a virtio-net device.  And this thread has an
> > >> optimized way to access memory.  What prevents current virtio-net emulation
> > >> code accessing memory in the same optimized way?
> > >
> > > Current emulation using memory core accessors which needs to take care
> > > of a lot of stuff like MMIO or even P2P. Such kind of stuff is not
> > > considered since day0 of vhost. You can do some experiment on this e.g
> > > just dropping packets after fetching it from the TX ring.
> >
> > If I'm reading that right, virtio implementation is using address space
> > caching by utilizing a memory listener and pre-translated addresses of
> > interesting memory regions.  Then it's performing address_space_read_cached,
> > which is bypassing all the memory address translation logic on a cache hit.
> > That sounds pretty similar to how memory table is prepared for vhost.
>
> Exactly, but only for the vring memory structures (avail, used, and
> descriptor rings in the Split Virtqueue Layout).

Yes. It should speed up somehow.

>
> The packet headers and payloads are still translated using the
> uncached virtqueue_pop() -> dma_memory_map() -> address_space_map()
> API.
>
> Running a tx packet drop benchmark as Jason suggested and checking if
> memory translation is a bottleneck seems worthwhile. Improving
> dma_memory_map() performance would speed up all built-in QEMU devices.

+1

>
> Jason: When you noticed this bottleneck, were you using a normal
> virtio-net-pci device without vIOMMU?

Normal virtio-net-pci device without vIOMMU.

Thanks

>
> Stefan
>

On Mon, Jul 10, 2023 at 11:14 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Thu, 6 Jul 2023 at 21:43, Jason Wang <jasowang@redhat.com> wrote:
> >
> > On Fri, Jul 7, 2023 at 3:08 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > >
> > > On Wed, 5 Jul 2023 at 02:02, Jason Wang <jasowang@redhat.com> wrote:
> > > >
> > > > On Mon, Jul 3, 2023 at 5:03 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > >
> > > > > On Fri, 30 Jun 2023 at 09:41, Jason Wang <jasowang@redhat.com> wrote:
> > > > > >
> > > > > > On Thu, Jun 29, 2023 at 8:36 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > >
> > > > > > > On Thu, 29 Jun 2023 at 07:26, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > >
> > > > > > > > On Wed, Jun 28, 2023 at 4:25 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > >
> > > > > > > > > On Wed, 28 Jun 2023 at 10:19, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > >
> > > > > > > > > > On Wed, Jun 28, 2023 at 4:15 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > On Wed, 28 Jun 2023 at 09:59, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > On Wed, Jun 28, 2023 at 3:46 PM Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Wed, 28 Jun 2023 at 05:28, Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On Wed, Jun 28, 2023 at 6:45 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > On 6/27/23 04:54, Jason Wang wrote:
> > > > > > > > > > > > > > > > On Mon, Jun 26, 2023 at 9:17 PM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > >> On 6/26/23 08:32, Jason Wang wrote:
> > > > > > > > > > > > > > > >>> On Sun, Jun 25, 2023 at 3:06 PM Jason Wang <jasowang@redhat.com> wrote:
> > > > > > > > > > > > > > > >>>>
> > > > > > > > > > > > > > > >>>> On Fri, Jun 23, 2023 at 5:58 AM Ilya Maximets <i.maximets@ovn.org> wrote:
> > > > > > > > > > > > > > > >> It is noticeably more performant than a tap with vhost=on in terms of PPS.
> > > > > > > > > > > > > > > >> So, that might be one case.  Taking into account that just rcu lock and
> > > > > > > > > > > > > > > >> unlock in virtio-net code takes more time than a packet copy, some batching
> > > > > > > > > > > > > > > >> on QEMU side should improve performance significantly.  And it shouldn't be
> > > > > > > > > > > > > > > >> too hard to implement.
> > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > >> Performance over virtual interfaces may potentially be improved by creating
> > > > > > > > > > > > > > > >> a kernel thread for async Tx.  Similarly to what io_uring allows.  Currently
> > > > > > > > > > > > > > > >> Tx on non-zero-copy interfaces is synchronous, and that doesn't allow to
> > > > > > > > > > > > > > > >> scale well.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Interestingly, actually, there are a lot of "duplication" between
> > > > > > > > > > > > > > > > io_uring and AF_XDP:
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > 1) both have similar memory model (user register)
> > > > > > > > > > > > > > > > 2) both use ring for communication
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > I wonder if we can let io_uring talks directly to AF_XDP.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Well, if we submit poll() in QEMU main loop via io_uring, then we can
> > > > > > > > > > > > > > > avoid cost of the synchronous Tx for non-zero-copy modes, i.e. for
> > > > > > > > > > > > > > > virtual interfaces.  io_uring thread in the kernel will be able to
> > > > > > > > > > > > > > > perform transmission for us.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > It would be nice if we can use iothread/vhost other than the main loop
> > > > > > > > > > > > > > even if io_uring can use kthreads. We can avoid the memory translation
> > > > > > > > > > > > > > cost.
> > > > > > > > > > > > >
> > > > > > > > > > > > > The QEMU event loop (AioContext) has io_uring code
> > > > > > > > > > > > > (utils/fdmon-io_uring.c) but it's disabled at the moment. I'm working
> > > > > > > > > > > > > on patches to re-enable it and will probably send them in July. The
> > > > > > > > > > > > > patches also add an API to submit arbitrary io_uring operations so
> > > > > > > > > > > > > that you can do stuff besides file descriptor monitoring. Both the
> > > > > > > > > > > > > main loop and IOThreads will be able to use io_uring on Linux hosts.
> > > > > > > > > > > >
> > > > > > > > > > > > Just to make sure I understand. If we still need a copy from guest to
> > > > > > > > > > > > io_uring buffer, we still need to go via memory API for GPA which
> > > > > > > > > > > > seems expensive.
> > > > > > > > > > > >
> > > > > > > > > > > > Vhost seems to be a shortcut for this.
> > > > > > > > > > >
> > > > > > > > > > > I'm not sure how exactly you're thinking of using io_uring.
> > > > > > > > > > >
> > > > > > > > > > > Simply using io_uring for the event loop (file descriptor monitoring)
> > > > > > > > > > > doesn't involve an extra buffer, but the packet payload still needs to
> > > > > > > > > > > reside in AF_XDP umem, so there is a copy between guest memory and
> > > > > > > > > > > umem.
> > > > > > > > > >
> > > > > > > > > > So there would be a translation from GPA to HVA (unless io_uring
> > > > > > > > > > support 2 stages) which needs to go via qemu memory core. And this
> > > > > > > > > > part seems to be very expensive according to my test in the past.
> > > > > > > > >
> > > > > > > > > Yes, but in the current approach where AF_XDP is implemented as a QEMU
> > > > > > > > > netdev, there is already QEMU device emulation (e.g. virtio-net)
> > > > > > > > > happening. So the GPA to HVA translation will happen anyway in device
> > > > > > > > > emulation.
> > > > > > > >
> > > > > > > > Just to make sure we're on the same page.
> > > > > > > >
> > > > > > > > I meant, AF_XDP can do more than e.g 10Mpps. So if we still use the
> > > > > > > > QEMU netdev, it would be very hard to achieve that if we stick to
> > > > > > > > using the Qemu memory core translations which need to take care about
> > > > > > > > too much extra stuff. That's why I suggest using vhost in io threads
> > > > > > > > which only cares about ram so the translation could be very fast.
> > > > > > >
> > > > > > > What does using "vhost in io threads" mean?
> > > > > >
> > > > > > It means a vhost userspace dataplane that is implemented via io threads.
> > > > >
> > > > > AFAIK this does not exist today. QEMU's built-in devices that use
> > > > > IOThreads don't use vhost code. QEMU vhost code is for vhost kernel,
> > > > > vhost-user, or vDPA but not built-in devices that use IOThreads. The
> > > > > built-in devices implement VirtioDeviceClass callbacks directly and
> > > > > use AioContext APIs to run in IOThreads.
> > > >
> > > > Yes.
> > > >
> > > > >
> > > > > Do you have an idea for using vhost code for built-in devices? Maybe
> > > > > it's fastest if you explain your idea and its advantages instead of me
> > > > > guessing.
> > > >
> > > > It's something like I'd proposed in [1]:
> > > >
> > > > 1) a vhost that is implemented via IOThreads
> > > > 2) memory translation is done via vhost memory table/IOTLB
> > > >
> > > > The advantages are:
> > > >
> > > > 1) No 3rd application like DPDK application
> > > > 2) Attack surface were reduced
> > > > 3) Better understanding/interactions with device model for things like
> > > > RSS and IOMMU
> > > >
> > > > There could be some dis-advantages but it's not obvious to me :)
> > >
> > > Why is QEMU's native device emulation API not the natural choice for
> > > writing built-in devices? I don't understand why the vhost interface
> > > is desirable for built-in devices.
> >
> > Unless the memory helpers (like address translations) were optimized
> > fully to satisfy this 10M+ PPS.
> >
> > Not sure if this is too hard, but last time I benchmark, perf told me
> > most of the time spent in the translation.
> >
> > Using a vhost is a workaround since its memory model is much more
> > simpler so it can skip lots of memory sections like I/O and ROM etc.
>
> I see, that sounds like a question of optimization. Most DMA transfers
> will be to/from guest RAM and it seems like QEMU's memory API could be
> optimized for that case. PIO/MMIO dispatch could use a different API
> from DMA transfers, if necessary.

Probably.

>
> I don't think there is a fundamental reason why QEMU's own device
> emulation code cannot translate memory as fast as vhost devices can.

Yes, it can do what vhost can do. Starting from a vhost may help us to
know where we could go for the optimization of the memory core.

Thanks

>
> Stefan
>