[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pinned, non-revocable mappings of VRAM: will bad things happen?

  • To: Christian König <christian.koenig@xxxxxxx>, dri-devel@xxxxxxxxxxxxxxxxxxxxx, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>, linux-media@xxxxxxxxxxxxxxx
  • From: Demi Marie Obenour <demiobenour@xxxxxxxxx>
  • Date: Mon, 20 Apr 2026 13:03:45 -0400
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID"
  • Autocrypt: addr=demiobenour@xxxxxxxxx; keydata= xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49yB+l2nipd aq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYfbWpr/si88QKgyGSV Z7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/UorR+FaSuVwT7rqzGrTlscnT DlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7MMPCJwI8JpPlBedRpe9tfVyfu3euTPLPx wcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9Hzx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR 6h3nBc3eyuZ+q62HS1pJ5EvUT1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl 5FMWo8TCniHynNXsBtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2 Bkg1b//r6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nSm9BBff0N m0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQABzTxEZW1pIE1hcmll IE9iZW5vdXIgKGxvdmVyIG9mIGNvZGluZykgPGRlbWlvYmVub3VyQGdtYWlsLmNvbT7CwXgE EwECACIFAlp+A0oCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELKItV//nCLBhr8Q AK/xrb4wyi71xII2hkFBpT59ObLN+32FQT7R3lbZRjVFjc6yMUjOb1H/hJVxx+yo5gsSj5LS 9AwggioUSrcUKldfA/PKKai2mzTlUDxTcF3vKx6iMXKA6AqwAw4B57ZEJoMM6egm57TV19kz PMc879NV2nc6+elaKl+/kbVeD3qvBuEwsTe2Do3HAAdrfUG/j9erwIk6gha/Hp9yZlCnPTX+ VK+xifQqt8RtMqS5R/S8z0msJMI/ajNU03kFjOpqrYziv6OZLJ5cuKb3bZU5aoaRQRDzkFIR 6aqtFLTohTo20QywXwRa39uFaOT/0YMpNyel0kdOszFOykTEGI2u+kja35g9TkH90kkBTG+a EWttIht0Hy6YFmwjcAxisSakBuHnHuMSOiyRQLu43ej2+mDWgItLZ48Mu0C3IG1seeQDjEYP tqvyZ6bGkf2Vj+L6wLoLLIhRZxQOedqArIk/Sb2SzQYuxN44IDRt+3ZcDqsPppoKcxSyd1Ny 2tpvjYJXlfKmOYLhTWs8nwlAlSHX/c/jz/ywwf7eSvGknToo1Y0VpRtoxMaKW1nvH0OeCSVJ itfRP7YbiRVc2aNqWPCSgtqHAuVraBRbAFLKh9d2rKFB3BmynTUpc1BQLJP8+D5oNyb8Ts4x Xd3iV/uD8JLGJfYZIR7oGWFLP4uZ3tkneDfYzsFNBFp+A0oBEAC9ynZI9LU+uJkMeEJeJyQ/ 8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd8xD57ue0eB47bcJv VqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPpI4gfUbVEIEQuqdqQyO4GAe+M kD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalql1/iSyv1WYeC1OAs+2BLOAT2NEggSiVO txEfgewsQtCWi8H1SoirakIfo45Hz0tk/Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJ riwoaRIS8N2C8/nEM53jb1sH0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcN fRAIUrNlatj9TxwivQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6 dCxN0GNAORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog2LNtcyCj kTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZAgrrnNz0iZG2DVx46 x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJELKItV//nCLBwNIP/AiIHE8b oIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwjjVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGj gn0TPtsGzelyQHipaUzEyrsceUGWYoKXYyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8fr RHnJdBcjf112PzQSdKC6kqU0Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2 E0rW4tBtDAn2HkT9uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHM OBvy3EhzfAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVssZ/rYZ9+5 1yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aWemLLszcYz/u3XnbO vUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPthZlDnTnOT+C+OTsh8+m5tos8 HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E +MYSfkEjBz0E8CLOcAw7JIwAaeBT
  • Cc: Val Packett <val@xxxxxxxxxxxxxxxxxxxxxx>, Suwit Semal <sumit.semwal@xxxxxxxxxx>
  • Delivery-date: Mon, 20 Apr 2026 17:04:12 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 4/20/26 04:49, Christian König wrote:
> On 4/17/26 21:35, Demi Marie Obenour wrote:
>> On 4/17/26 03:53, Christian König wrote:
>>> On 4/16/26 18:13, Demi Marie Obenour wrote:
>>>> On 4/16/26 05:57, Christian König wrote:
> ...
>>>> Unless I am
>>>> mistaken, client workloads are highly non-uniform: a single game or
>>>> compute job might well use more VRAM than every other program on the
>>>> system combined.
>>>
>>> Yeah, perfectly correct.
>>>
>>>> Are these workloads impossible to make work well with pinning?
>>>
>>> No, as long as you don't know the workload beforehand, e.g. when you define 
>>> the limit.
>>>
>>> I mean that's why basically everybody avoids pinning and assigning fixed 
>>> amounts of resources.
>>>
>>> Even if you can make it work technically pinning usually results in a 
>>> rather bad end user experience.
>>>
>>> Regards,
>>> Christian.
>>
>> Do drivers and programs assume that they can access VRAM from the CPU?
> 
> Yes, and that is actually really important for performance.
> 
> That's why Alex and I came up with the idea of using the resize able BAR 
> feature to access all of VRAM on modern GPUs.
> 
> There are a couple of hacks which have been implemented over the years for 
> exotic platforms were MMIO/VRAM access was problematic. For example on a page 
> fault you use a GPU DMA engine to copy the VRAM buffer into system memory, 
> make the CPU memory access and then copy it back again on demand at the next 
> command submission.
> 
> But all of those hacks are basically just prove of concepts and result in 
> completely unusable performance.

I'm reminded of Asahi considering emulating unaligned accesses to
PCI BARs in a fault handler.

>> Are any of the following reasonable options?
>>
>> 1. Change the guest kernel to only map (and thus pin) a small subset
>>    of VRAM at any given time.  If unmapped VRAM is accessed the guest
>>    traps the page fault, evicts an old VRAM mapping, and creates a
>>    new one.
> 
> Yeah, that could potentially work.
> 
> This is basically what we do on the host kernel driver when we can't resize 
> the BAR for some reason. In that use case VRAM buffers are shuffled in and 
> out of the CPU accessible window of VRAM on demand.

How much is this going to hurt performance?
 
>> 2. Pretend that resizable BAR is not enabled, so the guest doesn't
>>    think it can map much of VRAM at once.  If resizable BAR is enabled
>>    on the host, it might be possible to split the large BAR mapping
>>    in a lot of ways.
> 
> That won't work. The userspace parts of the driver stack don't care how large 
> the BAR to access VRAM with the CPU is.
> 
> The expectation is that the kernel driver makes thing CPU accessible as 
> needed in the page fault handler.
> 
> It is still a good idea for your solution #1 to give the amount of "pin-able" 
> VRAM to the userspace stack as CPU visible VRAM limit so that test cases and 
> applications try to lower their usage of VRAM, e.g. use system memory bounce 
> buffers when possible.

That makes sense.

>> Or does Xen really need to allow the host to handle guest page faults?
>> That adds a huge amount of complexity to trusted and security-critical
>> parts of the system, so it really is a last resort.  Putting the
>> complexity in to the guest virtio-GPU driver is vastly preferable if
>> it can be made to work well.
> 
> Well the nested page fault handling KVM offers has proven to be extremely 
> useful. So when XEN can't do this it is clearly lacking an important feature.

I agree. However, it is a lot of work to implement, which is why I'm
looking for alternatives if possible.

KVM is part of the Linux kernel, so it can just call the Linux kernel
functions used to handle userspace page faults.  Xen is separate from
Linux, so it can't do that.  Instead, it will need to:

1. Determine that the fault needs to be handled by another VM, and
   the ID of the VM that needs to handle the fault.
2. Send a message to the VM asking it to handle the fault.
3. Block the vCPU until it gets a response.

Then the VM owning the memory will need to call the page fault handler
and provide the memory to Xen.  Xen then needs to:

4. Map the memory into the nested page tables of the VM that faulted.
5. Resume the vCPU.

> But I have one question: When XEN has a problem handling faults from the 
> guest on the host then how does that work for system memory mappings?
> 
> There is really no difference between VRAM and system memory in the handling 
> for the GPU driver stack.
> 
> Regards,
> Christian.

Generally, Xen makes the frontend (usually an unprivileged VM)
responsible for providing mappings to the backend (usually the host).
That is possible with system RAM but not with VRAM, because Xen has
no awareness of VRAM.  To Xen, VRAM is just a PCI BAR.

KVM runs in the same kernel as the GPU driver.  Xen doesn't, and that
is the source of the extra complexity.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.