x86/EPT: adjustments for redundant function arguments
diff mbox series

Message ID 8b611419-a0c7-743f-fec4-f02a04caf114@suse.com
State New
Headers show
Series
  • x86/EPT: adjustments for redundant function arguments
Related show

Commit Message

Jan Beulich Dec. 20, 2019, 2:21 p.m. UTC
In ept_p2m_type_to_flags() passing in type and access as separate
parameters can be considered an optimization, as all callers set the
respective fields in the entry being updated before the call. Retain
this behavior but add assertions.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

Comments

George Dunlap Dec. 20, 2019, 2:26 p.m. UTC | #1
On 12/20/19 2:21 PM, Jan Beulich wrote:
> In ept_p2m_type_to_flags() passing in type and access as separate
> parameters can be considered an optimization, as all callers set the
> respective fields in the entry being updated before the call. Retain
> this behavior but add assertions.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

In what way is it an optimization?

I don't necessarily oppose this, but given that 3 of the 4 callers
literally do something like:

    ept_p2m_type_to_flags(p2m, &e, e.sa_p2mt, e.access);

It seems like just getting rid of the extraneous arguments might a be
better option.

 -George
Jan Beulich Dec. 20, 2019, 2:41 p.m. UTC | #2
On 20.12.2019 15:26, George Dunlap wrote:
> On 12/20/19 2:21 PM, Jan Beulich wrote:
>> In ept_p2m_type_to_flags() passing in type and access as separate
>> parameters can be considered an optimization, as all callers set the
>> respective fields in the entry being updated before the call. Retain
>> this behavior but add assertions.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> In what way is it an optimization?

There's no pointer de-ref needed; the values will already come in
via registers. And "can be considered" because possibly some
compilers are smart enough to eliminate the pointer de-ref again
(but then it'll still be a bitfield extract, which callers may
be able to avoid).

> I don't necessarily oppose this, but given that 3 of the 4 callers
> literally do something like:
> 
>     ept_p2m_type_to_flags(p2m, &e, e.sa_p2mt, e.access);
> 
> It seems like just getting rid of the extraneous arguments might a be
> better option.

That was my original intention as well, but iirc Andrew didn't like
it when we discussed it back then (the context here being XSA-304).

Jan
George Dunlap Dec. 20, 2019, 2:58 p.m. UTC | #3
On 12/20/19 2:41 PM, Jan Beulich wrote:
> On 20.12.2019 15:26, George Dunlap wrote:
>> On 12/20/19 2:21 PM, Jan Beulich wrote:
>>> In ept_p2m_type_to_flags() passing in type and access as separate
>>> parameters can be considered an optimization, as all callers set the
>>> respective fields in the entry being updated before the call. Retain
>>> this behavior but add assertions.
>>>
>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>
>> In what way is it an optimization?
> 
> There's no pointer de-ref needed; the values will already come in
> via registers. And "can be considered" because possibly some
> compilers are smart enough to eliminate the pointer de-ref again
> (but then it'll still be a bitfield extract, which callers may
> be able to avoid).

Right; on the whole I'd rather let compilers do this sort of
micro-optimization, and only do this "manual" sort of optimization with
some sort of benchmarks showing that is has some kind of effect.

> 
>> I don't necessarily oppose this, but given that 3 of the 4 callers
>> literally do something like:
>>
>>     ept_p2m_type_to_flags(p2m, &e, e.sa_p2mt, e.access);
>>
>> It seems like just getting rid of the extraneous arguments might a be
>> better option.
> 
> That was my original intention as well, but iirc Andrew didn't like
> it when we discussed it back then (the context here being XSA-304).

I did a quick skim through those threads and couldn't find any comment
on this issue.  Could you point me to the mail with it?  (Or Andy, would
you care to repeat your argument?)

Ultimately the patch as it stands is only making the existing code
safer, so I'm OK with giving it my Ack if you don't want to pursue the
other option; but I'd prefer trying to understand and potentially
improve things while we're at it.  (And if there *is* a good reason for
passing in parallel parameters, it would be good to record it in a
comment so we don't have this conversation again in 3 years' time.)

 - George
Jan Beulich Dec. 20, 2019, 3:02 p.m. UTC | #4
On 20.12.2019 15:58, George Dunlap wrote:
> On 12/20/19 2:41 PM, Jan Beulich wrote:
>> On 20.12.2019 15:26, George Dunlap wrote:
>>> On 12/20/19 2:21 PM, Jan Beulich wrote:
>>>> In ept_p2m_type_to_flags() passing in type and access as separate
>>>> parameters can be considered an optimization, as all callers set the
>>>> respective fields in the entry being updated before the call. Retain
>>>> this behavior but add assertions.
>>>>
>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>>
>>> In what way is it an optimization?
>>
>> There's no pointer de-ref needed; the values will already come in
>> via registers. And "can be considered" because possibly some
>> compilers are smart enough to eliminate the pointer de-ref again
>> (but then it'll still be a bitfield extract, which callers may
>> be able to avoid).
> 
> Right; on the whole I'd rather let compilers do this sort of
> micro-optimization, and only do this "manual" sort of optimization with
> some sort of benchmarks showing that is has some kind of effect.
> 
>>
>>> I don't necessarily oppose this, but given that 3 of the 4 callers
>>> literally do something like:
>>>
>>>     ept_p2m_type_to_flags(p2m, &e, e.sa_p2mt, e.access);
>>>
>>> It seems like just getting rid of the extraneous arguments might a be
>>> better option.
>>
>> That was my original intention as well, but iirc Andrew didn't like
>> it when we discussed it back then (the context here being XSA-304).
> 
> I did a quick skim through those threads and couldn't find any comment
> on this issue.  Could you point me to the mail with it?  (Or Andy, would
> you care to repeat your argument?)

I guess it may have been an irc discussion, quite possibly even
a private one between him and me.

> Ultimately the patch as it stands is only making the existing code
> safer, so I'm OK with giving it my Ack if you don't want to pursue the
> other option; but I'd prefer trying to understand and potentially
> improve things while we're at it.  (And if there *is* a good reason for
> passing in parallel parameters, it would be good to record it in a
> comment so we don't have this conversation again in 3 years' time.)

I'd be happy to go the other route - as said, that's what I had
initially.

Jan
Tian, Kevin Jan. 19, 2020, 2:09 a.m. UTC | #5
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Friday, December 20, 2019 11:02 PM
> 
> On 20.12.2019 15:58, George Dunlap wrote:
> > On 12/20/19 2:41 PM, Jan Beulich wrote:
> >> On 20.12.2019 15:26, George Dunlap wrote:
> >>> On 12/20/19 2:21 PM, Jan Beulich wrote:
> >>>> In ept_p2m_type_to_flags() passing in type and access as separate
> >>>> parameters can be considered an optimization, as all callers set the
> >>>> respective fields in the entry being updated before the call. Retain
> >>>> this behavior but add assertions.
> >>>>
> >>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> >>>
> >>> In what way is it an optimization?
> >>
> >> There's no pointer de-ref needed; the values will already come in
> >> via registers. And "can be considered" because possibly some
> >> compilers are smart enough to eliminate the pointer de-ref again
> >> (but then it'll still be a bitfield extract, which callers may
> >> be able to avoid).
> >
> > Right; on the whole I'd rather let compilers do this sort of
> > micro-optimization, and only do this "manual" sort of optimization with
> > some sort of benchmarks showing that is has some kind of effect.
> >
> >>
> >>> I don't necessarily oppose this, but given that 3 of the 4 callers
> >>> literally do something like:
> >>>
> >>>     ept_p2m_type_to_flags(p2m, &e, e.sa_p2mt, e.access);
> >>>
> >>> It seems like just getting rid of the extraneous arguments might a be
> >>> better option.
> >>
> >> That was my original intention as well, but iirc Andrew didn't like
> >> it when we discussed it back then (the context here being XSA-304).
> >
> > I did a quick skim through those threads and couldn't find any comment
> > on this issue.  Could you point me to the mail with it?  (Or Andy, would
> > you care to repeat your argument?)
> 
> I guess it may have been an irc discussion, quite possibly even
> a private one between him and me.
> 
> > Ultimately the patch as it stands is only making the existing code
> > safer, so I'm OK with giving it my Ack if you don't want to pursue the
> > other option; but I'd prefer trying to understand and potentially
> > improve things while we're at it.  (And if there *is* a good reason for
> > passing in parallel parameters, it would be good to record it in a
> > comment so we don't have this conversation again in 3 years' time.)
> 
> I'd be happy to go the other route - as said, that's what I had
> initially.
> 

Can Andrew chime in for his concern on this approach?

Thanks
Kevin
Andrew Cooper Jan. 22, 2020, 12:44 p.m. UTC | #6
On 19/01/2020 02:09, Tian, Kevin wrote:
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Friday, December 20, 2019 11:02 PM
>>
>> On 20.12.2019 15:58, George Dunlap wrote:
>>> On 12/20/19 2:41 PM, Jan Beulich wrote:
>>>> On 20.12.2019 15:26, George Dunlap wrote:
>>>>> On 12/20/19 2:21 PM, Jan Beulich wrote:
>>>>>> In ept_p2m_type_to_flags() passing in type and access as separate
>>>>>> parameters can be considered an optimization, as all callers set the
>>>>>> respective fields in the entry being updated before the call. Retain
>>>>>> this behavior but add assertions.
>>>>>>
>>>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>>>> In what way is it an optimization?
>>>> There's no pointer de-ref needed; the values will already come in
>>>> via registers. And "can be considered" because possibly some
>>>> compilers are smart enough to eliminate the pointer de-ref again
>>>> (but then it'll still be a bitfield extract, which callers may
>>>> be able to avoid).
>>> Right; on the whole I'd rather let compilers do this sort of
>>> micro-optimization, and only do this "manual" sort of optimization with
>>> some sort of benchmarks showing that is has some kind of effect.
>>>
>>>>> I don't necessarily oppose this, but given that 3 of the 4 callers
>>>>> literally do something like:
>>>>>
>>>>>     ept_p2m_type_to_flags(p2m, &e, e.sa_p2mt, e.access);
>>>>>
>>>>> It seems like just getting rid of the extraneous arguments might a be
>>>>> better option.
>>>> That was my original intention as well, but iirc Andrew didn't like
>>>> it when we discussed it back then (the context here being XSA-304).
>>> I did a quick skim through those threads and couldn't find any comment
>>> on this issue.  Could you point me to the mail with it?  (Or Andy, would
>>> you care to repeat your argument?)
>> I guess it may have been an irc discussion, quite possibly even
>> a private one between him and me.
>>
>>> Ultimately the patch as it stands is only making the existing code
>>> safer, so I'm OK with giving it my Ack if you don't want to pursue the
>>> other option; but I'd prefer trying to understand and potentially
>>> improve things while we're at it.  (And if there *is* a good reason for
>>> passing in parallel parameters, it would be good to record it in a
>>> comment so we don't have this conversation again in 3 years' time.)
>> I'd be happy to go the other route - as said, that's what I had
>> initially.
>>
> Can Andrew chime in for his concern on this approach?

The first version of the XSA-304 patches plumbed a new level parameter
down.  This is because I saw the function in this form, and thought
"right - &e won't always be related to the type/access parameters as
they are passed separately".  i.e. entry->sp couldn't be relied upon.

As far as I'm concerned, it is an obfuscation not an optimisation, and
the code would be much better with the two parameters deleted.

Of course, the reason why the function is as it is is that, despite
being static, &e is unconditionally a memory operand, making the reads
and writes on it require a semantic order WRT other function calls,
making the function very hard to optimise overall.  A better approach
would be to pass e directly, and return the new perm bits in place, and
have the caller "&= MASK; |= new_perms;" which will be far easier for
the compiler to optimise.

~Andrew

Patch
diff mbox series

--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -75,7 +75,8 @@  static void ept_p2m_type_to_flags(struct
      * D bit is set for all writable types in EPT leaf entry, except for
      * log-dirty type with PML.
      */
-    switch(type)
+    ASSERT(type == entry->sa_p2mt);
+    switch ( type )
     {
         case p2m_invalid:
         case p2m_mmio_dm:
@@ -143,9 +144,9 @@  static void ept_p2m_type_to_flags(struct
             break;
     }
 
-
     /* Then restrict with access permissions */
-    switch (access) 
+    ASSERT(access == entry->access);
+    switch ( access )
     {
         case p2m_access_n:
         case p2m_access_n2rwx: