From: Christoffer Dall <cdall@linaro.org>
To: gengdongjiu <gengdj.1984@gmail.com>
Cc: Achin Gupta <achin.gupta@arm.com>,
gengdongjiu <gengdongjiu@huawei.com>,
lersek@redhat.com, ard.biesheuvel@linaro.org,
edk2-devel@ml01.01.org, qemu-devel@nongnu.org,
zhaoshenglong@huawei.com, James Morse <james.morse@arm.com>,
xiexiuqi@huawei.com, Marc Zyngier <marc.zyngier@arm.com>,
catalin.marinas@arm.com, will.deacon@arm.com,
christoffer.dall@linaro.org, rkrcmar@redhat.com,
suzuki.poulose@arm.com, andre.przywara@arm.com,
mark.rutland@arm.com, vladimir.murzin@arm.com,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, wangxiongfeng2@huawei.com,
wuquanming@huawei.com, huangshaoyu@huawei.com,
Leif.Lindholm@linaro.com, nd@arm.com
Subject: Re: [PATCH] kvm: pass the virtual SEI syndrome to guest OS
Date: Wed, 29 Mar 2017 16:48:22 +0200 [thread overview]
Message-ID: <20170329144822.GA1020@cbox> (raw)
In-Reply-To: <CAMj-D2BT3ByY-iFrRVVK7y=G7zhRBtM031VgLn6JzwUE-WCdWQ@mail.gmail.com>
On Wed, Mar 29, 2017 at 10:36:51PM +0800, gengdongjiu wrote:
> Hi Achin,
> Thanks for your mail and answer.
>
> 2017-03-29 18:36 GMT+08:00, Achin Gupta <achin.gupta@arm.com>:
> > Hi gengdongjiu,
> >
> > On Wed, Mar 29, 2017 at 05:36:37PM +0800, gengdongjiu wrote:
> >>
> >> Hi Laszlo/Biesheuvel/Qemu developer,
> >>
> >> Now I encounter a issue and want to consult with you in ARM64 platform,
> >> as described below:
> >>
> >> when guest OS happen synchronous or asynchronous abort, kvm needs to
> >> send the error address to Qemu or UEFI through sigbus to dynamically
> >> generate APEI table. from my investigation, there are two ways:
> >>
> >> (1) Qemu get the error address, and generate the APEI table, then
> >> notify UEFI to know this generation, then inject abort error to guest OS,
> >> guest OS read the APEI table.
> >> (2) Qemu get the error address, and let UEFI to generate the APEI
> >> table, then inject abort error to guest OS, guest OS read the APEI table.
>
> The description may be not precise, I update it
>
> (1) Qemu get the error address, and generate the CPER table, then
> notify guest UEFI to place this CPER table to Guest OS memory, then
> Qemu let KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
> (2) Qemu get the error address, and let guest UEFI to directly
> generate the CPER
> table and place this table to the guest OS memory, not let Qemu gerate
> it. then KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
I don't understand how you are going to notify the guest UEFI instance
of anything or run the guest UEFI instance without going through the
guest kernel.
AFAIU, the guest UEFI instance is just a blob of software running at EL1
together with the guest kernel, and you're notification mechanism from
QEMU to the VM is pretty much limited to injecting a virtual interrupt
(of some kind) which is initially handled by the guest kernel.
> >
> > Just being pedantic! I don't think we are talking about creating the APEI
> > table
> > dynamically here. The issue is: Once KVM has received an error that is
> > destined
> > for a guest it will raise a SIGBUS to Qemu. Now before Qemu can inject the
> > error
> > into the guest OS, a CPER (Common Platform Error Record) has to be
> > generated
> > corresponding to the error source (GHES corresponding to memory subsystem,
> > processor etc) to allow the guest OS to do anything meaningful with the
> > error. So who should create the CPER is the question.
> >
> > At the EL3/EL2 interface (Secure Firmware and OS/Hypervisor), an error
> > arrives
> > at EL3 and secure firmware (at EL3 or a lower secure exception level) is
> > responsible for creating the CPER. ARM is experimenting with using a
> > Standalone
> > MM EDK2 image in the secure world to do the CPER creation. This will avoid
> > adding the same code in ARM TF in EL3 (better for security). The error will
> > then
> > be injected into the OS/Hypervisor (through SEA/SEI/SDEI) through ARM
> > Trusted
> > Firmware.
> >
> > Qemu is essentially fulfilling the role of secure firmware at the EL2/EL1
> > interface (as discussed with Christoffer below). So it should generate the
> > CPER
> > before injecting the error.
> >
> > This is corresponds to (1) above apart from notifying UEFI (I am assuming
> > you
> > mean guest UEFI). At this time, the guest OS already knows where to pick up
> > the
> > CPER from through the HEST. Qemu has to create the CPER and populate its
> > address
> > at the address exported in the HEST. Guest UEFI should not be involved in
> > this
> > flow. Its job was to create the HEST at boot and that has been done by this
> > stage.
>
> Sorry, As I understand it, after Qemu generate the CPER table, it
> should pass the CPER table to the guest UEFI, then Guest UEFI place
> this CPER table to the guest OS memory. In this flow, the Guest UEFI
> should be involved, else the Guest OS can not see the CPER table.
>
I think you need to explain the "pass the CPER table to the guest UEFI"
concept in terms of what really happens, step by step, and when you say
"then Guest UEFI place the CPER table to the guest OS memory", I'm
curious who is running what code on the hardware when doing that.
Thanks,
-Christoffer
WARNING: multiple messages have this Message-ID (diff)
From: Christoffer Dall <cdall@linaro.org>
To: gengdongjiu <gengdj.1984@gmail.com>
Cc: Achin Gupta <achin.gupta@arm.com>,
gengdongjiu <gengdongjiu@huawei.com>,
lersek@redhat.com, ard.biesheuvel@linaro.org,
edk2-devel@lists.01.org, qemu-devel@nongnu.org,
zhaoshenglong@huawei.com, James Morse <james.morse@arm.com>,
xiexiuqi@huawei.com, Marc Zyngier <marc.zyngier@arm.com>,
catalin.marinas@arm.com, will.deacon@arm.com,
christoffer.dall@linaro.org, rkrcmar@redhat.com,
suzuki.poulose@arm.com, andre.przywara@arm.com,
mark.rutland@arm.com, vladimir.murzin@arm.com,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, wangxiongfeng2@huawei.com,
wuquanming@huawei.com, huangshaoyu@huawei.com,
Leif.Lindholm@linaro.com, nd@arm.com
Subject: Re: [PATCH] kvm: pass the virtual SEI syndrome to guest OS
Date: Wed, 29 Mar 2017 16:48:22 +0200 [thread overview]
Message-ID: <20170329144822.GA1020@cbox> (raw)
In-Reply-To: <CAMj-D2BT3ByY-iFrRVVK7y=G7zhRBtM031VgLn6JzwUE-WCdWQ@mail.gmail.com>
On Wed, Mar 29, 2017 at 10:36:51PM +0800, gengdongjiu wrote:
> Hi Achin,
> Thanks for your mail and answer.
>
> 2017-03-29 18:36 GMT+08:00, Achin Gupta <achin.gupta@arm.com>:
> > Hi gengdongjiu,
> >
> > On Wed, Mar 29, 2017 at 05:36:37PM +0800, gengdongjiu wrote:
> >>
> >> Hi Laszlo/Biesheuvel/Qemu developer,
> >>
> >> Now I encounter a issue and want to consult with you in ARM64 platform,
> >> as described below:
> >>
> >> when guest OS happen synchronous or asynchronous abort, kvm needs to
> >> send the error address to Qemu or UEFI through sigbus to dynamically
> >> generate APEI table. from my investigation, there are two ways:
> >>
> >> (1) Qemu get the error address, and generate the APEI table, then
> >> notify UEFI to know this generation, then inject abort error to guest OS,
> >> guest OS read the APEI table.
> >> (2) Qemu get the error address, and let UEFI to generate the APEI
> >> table, then inject abort error to guest OS, guest OS read the APEI table.
>
> The description may be not precise, I update it
>
> (1) Qemu get the error address, and generate the CPER table, then
> notify guest UEFI to place this CPER table to Guest OS memory, then
> Qemu let KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
> (2) Qemu get the error address, and let guest UEFI to directly
> generate the CPER
> table and place this table to the guest OS memory, not let Qemu gerate
> it. then KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
I don't understand how you are going to notify the guest UEFI instance
of anything or run the guest UEFI instance without going through the
guest kernel.
AFAIU, the guest UEFI instance is just a blob of software running at EL1
together with the guest kernel, and you're notification mechanism from
QEMU to the VM is pretty much limited to injecting a virtual interrupt
(of some kind) which is initially handled by the guest kernel.
> >
> > Just being pedantic! I don't think we are talking about creating the APEI
> > table
> > dynamically here. The issue is: Once KVM has received an error that is
> > destined
> > for a guest it will raise a SIGBUS to Qemu. Now before Qemu can inject the
> > error
> > into the guest OS, a CPER (Common Platform Error Record) has to be
> > generated
> > corresponding to the error source (GHES corresponding to memory subsystem,
> > processor etc) to allow the guest OS to do anything meaningful with the
> > error. So who should create the CPER is the question.
> >
> > At the EL3/EL2 interface (Secure Firmware and OS/Hypervisor), an error
> > arrives
> > at EL3 and secure firmware (at EL3 or a lower secure exception level) is
> > responsible for creating the CPER. ARM is experimenting with using a
> > Standalone
> > MM EDK2 image in the secure world to do the CPER creation. This will avoid
> > adding the same code in ARM TF in EL3 (better for security). The error will
> > then
> > be injected into the OS/Hypervisor (through SEA/SEI/SDEI) through ARM
> > Trusted
> > Firmware.
> >
> > Qemu is essentially fulfilling the role of secure firmware at the EL2/EL1
> > interface (as discussed with Christoffer below). So it should generate the
> > CPER
> > before injecting the error.
> >
> > This is corresponds to (1) above apart from notifying UEFI (I am assuming
> > you
> > mean guest UEFI). At this time, the guest OS already knows where to pick up
> > the
> > CPER from through the HEST. Qemu has to create the CPER and populate its
> > address
> > at the address exported in the HEST. Guest UEFI should not be involved in
> > this
> > flow. Its job was to create the HEST at boot and that has been done by this
> > stage.
>
> Sorry, As I understand it, after Qemu generate the CPER table, it
> should pass the CPER table to the guest UEFI, then Guest UEFI place
> this CPER table to the guest OS memory. In this flow, the Guest UEFI
> should be involved, else the Guest OS can not see the CPER table.
>
I think you need to explain the "pass the CPER table to the guest UEFI"
concept in terms of what really happens, step by step, and when you say
"then Guest UEFI place the CPER table to the guest OS memory", I'm
curious who is running what code on the hardware when doing that.
Thanks,
-Christoffer
WARNING: multiple messages have this Message-ID (diff)
From: Christoffer Dall <cdall@linaro.org>
To: gengdongjiu <gengdj.1984@gmail.com>
Cc: Achin Gupta <achin.gupta@arm.com>,
gengdongjiu <gengdongjiu@huawei.com>,
lersek@redhat.com, ard.biesheuvel@linaro.org,
edk2-devel@lists.01.org, qemu-devel@nongnu.org,
zhaoshenglong@huawei.com, James Morse <james.morse@arm.com>,
xiexiuqi@huawei.com, Marc Zyngier <marc.zyngier@arm.com>,
catalin.marinas@arm.com, will.deacon@arm.com,
christoffer.dall@linaro.org, rkrcmar@redhat.com,
suzuki.poulose@arm.com, andre.przywara@arm.com,
mark.rutland@arm.com, vladimir.murzin@arm.com,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, wangxiongfeng2@huawei.com,
wuquanming@huawei.com, huangshaoyu@huawei.com,
Leif.Lindholm@linaro.comnd@arm.com
Subject: Re: [Qemu-devel] [PATCH] kvm: pass the virtual SEI syndrome to guest OS
Date: Wed, 29 Mar 2017 16:48:22 +0200 [thread overview]
Message-ID: <20170329144822.GA1020@cbox> (raw)
In-Reply-To: <CAMj-D2BT3ByY-iFrRVVK7y=G7zhRBtM031VgLn6JzwUE-WCdWQ@mail.gmail.com>
On Wed, Mar 29, 2017 at 10:36:51PM +0800, gengdongjiu wrote:
> Hi Achin,
> Thanks for your mail and answer.
>
> 2017-03-29 18:36 GMT+08:00, Achin Gupta <achin.gupta@arm.com>:
> > Hi gengdongjiu,
> >
> > On Wed, Mar 29, 2017 at 05:36:37PM +0800, gengdongjiu wrote:
> >>
> >> Hi Laszlo/Biesheuvel/Qemu developer,
> >>
> >> Now I encounter a issue and want to consult with you in ARM64 platform,
> >> as described below:
> >>
> >> when guest OS happen synchronous or asynchronous abort, kvm needs to
> >> send the error address to Qemu or UEFI through sigbus to dynamically
> >> generate APEI table. from my investigation, there are two ways:
> >>
> >> (1) Qemu get the error address, and generate the APEI table, then
> >> notify UEFI to know this generation, then inject abort error to guest OS,
> >> guest OS read the APEI table.
> >> (2) Qemu get the error address, and let UEFI to generate the APEI
> >> table, then inject abort error to guest OS, guest OS read the APEI table.
>
> The description may be not precise, I update it
>
> (1) Qemu get the error address, and generate the CPER table, then
> notify guest UEFI to place this CPER table to Guest OS memory, then
> Qemu let KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
> (2) Qemu get the error address, and let guest UEFI to directly
> generate the CPER
> table and place this table to the guest OS memory, not let Qemu gerate
> it. then KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
I don't understand how you are going to notify the guest UEFI instance
of anything or run the guest UEFI instance without going through the
guest kernel.
AFAIU, the guest UEFI instance is just a blob of software running at EL1
together with the guest kernel, and you're notification mechanism from
QEMU to the VM is pretty much limited to injecting a virtual interrupt
(of some kind) which is initially handled by the guest kernel.
> >
> > Just being pedantic! I don't think we are talking about creating the APEI
> > table
> > dynamically here. The issue is: Once KVM has received an error that is
> > destined
> > for a guest it will raise a SIGBUS to Qemu. Now before Qemu can inject the
> > error
> > into the guest OS, a CPER (Common Platform Error Record) has to be
> > generated
> > corresponding to the error source (GHES corresponding to memory subsystem,
> > processor etc) to allow the guest OS to do anything meaningful with the
> > error. So who should create the CPER is the question.
> >
> > At the EL3/EL2 interface (Secure Firmware and OS/Hypervisor), an error
> > arrives
> > at EL3 and secure firmware (at EL3 or a lower secure exception level) is
> > responsible for creating the CPER. ARM is experimenting with using a
> > Standalone
> > MM EDK2 image in the secure world to do the CPER creation. This will avoid
> > adding the same code in ARM TF in EL3 (better for security). The error will
> > then
> > be injected into the OS/Hypervisor (through SEA/SEI/SDEI) through ARM
> > Trusted
> > Firmware.
> >
> > Qemu is essentially fulfilling the role of secure firmware at the EL2/EL1
> > interface (as discussed with Christoffer below). So it should generate the
> > CPER
> > before injecting the error.
> >
> > This is corresponds to (1) above apart from notifying UEFI (I am assuming
> > you
> > mean guest UEFI). At this time, the guest OS already knows where to pick up
> > the
> > CPER from through the HEST. Qemu has to create the CPER and populate its
> > address
> > at the address exported in the HEST. Guest UEFI should not be involved in
> > this
> > flow. Its job was to create the HEST at boot and that has been done by this
> > stage.
>
> Sorry, As I understand it, after Qemu generate the CPER table, it
> should pass the CPER table to the guest UEFI, then Guest UEFI place
> this CPER table to the guest OS memory. In this flow, the Guest UEFI
> should be involved, else the Guest OS can not see the CPER table.
>
I think you need to explain the "pass the CPER table to the guest UEFI"
concept in terms of what really happens, step by step, and when you say
"then Guest UEFI place the CPER table to the guest OS memory", I'm
curious who is running what code on the hardware when doing that.
Thanks,
-Christoffer
WARNING: multiple messages have this Message-ID (diff)
From: Christoffer Dall <cdall@linaro.org>
To: gengdongjiu <gengdj.1984@gmail.com>
Cc: Achin Gupta <achin.gupta@arm.com>,
gengdongjiu <gengdongjiu@huawei.com>,
lersek@redhat.com, ard.biesheuvel@linaro.org,
edk2-devel@lists.01.org, qemu-devel@nongnu.org,
zhaoshenglong@huawei.com, James Morse <james.morse@arm.com>,
xiexiuqi@huawei.com, Marc Zyngier <marc.zyngier@arm.com>,
catalin.marinas@arm.com, will.deacon@arm.com,
christoffer.dall@linaro.org, rkrcmar@redhat.com,
suzuki.poulose@arm.com, andre.przywara@arm.com,
mark.rutland@arm.com, vladimir.murzin@arm.com,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, wangxiongfeng2@huawei.com,
wuquanming@huawei.com, huangshaoyu@huawei.com,
Leif.Lindholm@linaro.comnd@arm.com
Subject: Re: [PATCH] kvm: pass the virtual SEI syndrome to guest OS
Date: Wed, 29 Mar 2017 16:48:22 +0200 [thread overview]
Message-ID: <20170329144822.GA1020@cbox> (raw)
In-Reply-To: <CAMj-D2BT3ByY-iFrRVVK7y=G7zhRBtM031VgLn6JzwUE-WCdWQ@mail.gmail.com>
On Wed, Mar 29, 2017 at 10:36:51PM +0800, gengdongjiu wrote:
> Hi Achin,
> Thanks for your mail and answer.
>
> 2017-03-29 18:36 GMT+08:00, Achin Gupta <achin.gupta@arm.com>:
> > Hi gengdongjiu,
> >
> > On Wed, Mar 29, 2017 at 05:36:37PM +0800, gengdongjiu wrote:
> >>
> >> Hi Laszlo/Biesheuvel/Qemu developer,
> >>
> >> Now I encounter a issue and want to consult with you in ARM64 platform,
> >> as described below:
> >>
> >> when guest OS happen synchronous or asynchronous abort, kvm needs to
> >> send the error address to Qemu or UEFI through sigbus to dynamically
> >> generate APEI table. from my investigation, there are two ways:
> >>
> >> (1) Qemu get the error address, and generate the APEI table, then
> >> notify UEFI to know this generation, then inject abort error to guest OS,
> >> guest OS read the APEI table.
> >> (2) Qemu get the error address, and let UEFI to generate the APEI
> >> table, then inject abort error to guest OS, guest OS read the APEI table.
>
> The description may be not precise, I update it
>
> (1) Qemu get the error address, and generate the CPER table, then
> notify guest UEFI to place this CPER table to Guest OS memory, then
> Qemu let KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
> (2) Qemu get the error address, and let guest UEFI to directly
> generate the CPER
> table and place this table to the guest OS memory, not let Qemu gerate
> it. then KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
I don't understand how you are going to notify the guest UEFI instance
of anything or run the guest UEFI instance without going through the
guest kernel.
AFAIU, the guest UEFI instance is just a blob of software running at EL1
together with the guest kernel, and you're notification mechanism from
QEMU to the VM is pretty much limited to injecting a virtual interrupt
(of some kind) which is initially handled by the guest kernel.
> >
> > Just being pedantic! I don't think we are talking about creating the APEI
> > table
> > dynamically here. The issue is: Once KVM has received an error that is
> > destined
> > for a guest it will raise a SIGBUS to Qemu. Now before Qemu can inject the
> > error
> > into the guest OS, a CPER (Common Platform Error Record) has to be
> > generated
> > corresponding to the error source (GHES corresponding to memory subsystem,
> > processor etc) to allow the guest OS to do anything meaningful with the
> > error. So who should create the CPER is the question.
> >
> > At the EL3/EL2 interface (Secure Firmware and OS/Hypervisor), an error
> > arrives
> > at EL3 and secure firmware (at EL3 or a lower secure exception level) is
> > responsible for creating the CPER. ARM is experimenting with using a
> > Standalone
> > MM EDK2 image in the secure world to do the CPER creation. This will avoid
> > adding the same code in ARM TF in EL3 (better for security). The error will
> > then
> > be injected into the OS/Hypervisor (through SEA/SEI/SDEI) through ARM
> > Trusted
> > Firmware.
> >
> > Qemu is essentially fulfilling the role of secure firmware at the EL2/EL1
> > interface (as discussed with Christoffer below). So it should generate the
> > CPER
> > before injecting the error.
> >
> > This is corresponds to (1) above apart from notifying UEFI (I am assuming
> > you
> > mean guest UEFI). At this time, the guest OS already knows where to pick up
> > the
> > CPER from through the HEST. Qemu has to create the CPER and populate its
> > address
> > at the address exported in the HEST. Guest UEFI should not be involved in
> > this
> > flow. Its job was to create the HEST at boot and that has been done by this
> > stage.
>
> Sorry, As I understand it, after Qemu generate the CPER table, it
> should pass the CPER table to the guest UEFI, then Guest UEFI place
> this CPER table to the guest OS memory. In this flow, the Guest UEFI
> should be involved, else the Guest OS can not see the CPER table.
>
I think you need to explain the "pass the CPER table to the guest UEFI"
concept in terms of what really happens, step by step, and when you say
"then Guest UEFI place the CPER table to the guest OS memory", I'm
curious who is running what code on the hardware when doing that.
Thanks,
-Christoffer
WARNING: multiple messages have this Message-ID (diff)
From: cdall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] kvm: pass the virtual SEI syndrome to guest OS
Date: Wed, 29 Mar 2017 16:48:22 +0200 [thread overview]
Message-ID: <20170329144822.GA1020@cbox> (raw)
In-Reply-To: <CAMj-D2BT3ByY-iFrRVVK7y=G7zhRBtM031VgLn6JzwUE-WCdWQ@mail.gmail.com>
On Wed, Mar 29, 2017 at 10:36:51PM +0800, gengdongjiu wrote:
> Hi Achin,
> Thanks for your mail and answer.
>
> 2017-03-29 18:36 GMT+08:00, Achin Gupta <achin.gupta@arm.com>:
> > Hi gengdongjiu,
> >
> > On Wed, Mar 29, 2017 at 05:36:37PM +0800, gengdongjiu wrote:
> >>
> >> Hi Laszlo/Biesheuvel/Qemu developer,
> >>
> >> Now I encounter a issue and want to consult with you in ARM64 platform?
> >> as described below:
> >>
> >> when guest OS happen synchronous or asynchronous abort, kvm needs to
> >> send the error address to Qemu or UEFI through sigbus to dynamically
> >> generate APEI table. from my investigation, there are two ways:
> >>
> >> (1) Qemu get the error address, and generate the APEI table, then
> >> notify UEFI to know this generation, then inject abort error to guest OS,
> >> guest OS read the APEI table.
> >> (2) Qemu get the error address, and let UEFI to generate the APEI
> >> table, then inject abort error to guest OS, guest OS read the APEI table.
>
> The description may be not precise, I update it
>
> (1) Qemu get the error address, and generate the CPER table, then
> notify guest UEFI to place this CPER table to Guest OS memory, then
> Qemu let KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
> (2) Qemu get the error address, and let guest UEFI to directly
> generate the CPER
> table and place this table to the guest OS memory, not let Qemu gerate
> it. then KVM inject abort error to guest OS, guest OS read the CPER
> table.
>
I don't understand how you are going to notify the guest UEFI instance
of anything or run the guest UEFI instance without going through the
guest kernel.
AFAIU, the guest UEFI instance is just a blob of software running at EL1
together with the guest kernel, and you're notification mechanism from
QEMU to the VM is pretty much limited to injecting a virtual interrupt
(of some kind) which is initially handled by the guest kernel.
> >
> > Just being pedantic! I don't think we are talking about creating the APEI
> > table
> > dynamically here. The issue is: Once KVM has received an error that is
> > destined
> > for a guest it will raise a SIGBUS to Qemu. Now before Qemu can inject the
> > error
> > into the guest OS, a CPER (Common Platform Error Record) has to be
> > generated
> > corresponding to the error source (GHES corresponding to memory subsystem,
> > processor etc) to allow the guest OS to do anything meaningful with the
> > error. So who should create the CPER is the question.
> >
> > At the EL3/EL2 interface (Secure Firmware and OS/Hypervisor), an error
> > arrives
> > at EL3 and secure firmware (at EL3 or a lower secure exception level) is
> > responsible for creating the CPER. ARM is experimenting with using a
> > Standalone
> > MM EDK2 image in the secure world to do the CPER creation. This will avoid
> > adding the same code in ARM TF in EL3 (better for security). The error will
> > then
> > be injected into the OS/Hypervisor (through SEA/SEI/SDEI) through ARM
> > Trusted
> > Firmware.
> >
> > Qemu is essentially fulfilling the role of secure firmware at the EL2/EL1
> > interface (as discussed with Christoffer below). So it should generate the
> > CPER
> > before injecting the error.
> >
> > This is corresponds to (1) above apart from notifying UEFI (I am assuming
> > you
> > mean guest UEFI). At this time, the guest OS already knows where to pick up
> > the
> > CPER from through the HEST. Qemu has to create the CPER and populate its
> > address
> > at the address exported in the HEST. Guest UEFI should not be involved in
> > this
> > flow. Its job was to create the HEST at boot and that has been done by this
> > stage.
>
> Sorry, As I understand it, after Qemu generate the CPER table, it
> should pass the CPER table to the guest UEFI, then Guest UEFI place
> this CPER table to the guest OS memory. In this flow, the Guest UEFI
> should be involved, else the Guest OS can not see the CPER table.
>
I think you need to explain the "pass the CPER table to the guest UEFI"
concept in terms of what really happens, step by step, and when you say
"then Guest UEFI place the CPER table to the guest OS memory", I'm
curious who is running what code on the hardware when doing that.
Thanks,
-Christoffer
next prev parent reply other threads:[~2017-03-29 14:48 UTC|newest]
Thread overview: 164+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-20 7:55 [PATCH] kvm: pass the virtual SEI syndrome to guest OS Dongjiu Geng
2017-03-20 7:55 ` Dongjiu Geng
2017-03-20 7:55 ` Dongjiu Geng
2017-03-20 7:55 ` Dongjiu Geng
2017-03-20 11:24 ` Marc Zyngier
2017-03-20 11:24 ` Marc Zyngier
2017-03-20 11:24 ` Marc Zyngier
2017-03-20 12:28 ` gengdongjiu
2017-03-20 12:28 ` gengdongjiu
2017-03-20 12:28 ` gengdongjiu
2017-03-20 12:28 ` gengdongjiu
2017-03-20 13:58 ` Marc Zyngier
2017-03-20 13:58 ` Marc Zyngier
2017-03-20 13:58 ` Marc Zyngier
2017-03-20 15:08 ` James Morse
2017-03-20 15:08 ` James Morse
2017-03-20 15:08 ` James Morse
2017-03-21 6:32 ` gengdongjiu
2017-03-21 6:32 ` gengdongjiu
2017-03-21 6:32 ` gengdongjiu
2017-03-21 6:32 ` gengdongjiu
2017-03-21 11:34 ` Christoffer Dall
2017-03-21 11:34 ` Christoffer Dall
2017-03-21 11:34 ` Christoffer Dall
2017-03-21 19:11 ` James Morse
2017-03-21 19:11 ` James Morse
2017-03-21 19:11 ` James Morse
2017-03-21 19:36 ` Christoffer Dall
2017-03-21 19:39 ` Christoffer Dall
2017-03-21 19:39 ` Christoffer Dall
2017-03-21 19:39 ` Christoffer Dall
2017-03-21 22:10 ` Peter Maydell
2017-03-21 22:10 ` Peter Maydell
2017-03-21 22:10 ` Peter Maydell
2017-03-22 11:15 ` Marc Zyngier
2017-03-22 11:15 ` Marc Zyngier
2017-03-22 11:15 ` Marc Zyngier
2017-03-28 10:48 ` James Morse
2017-03-28 10:48 ` James Morse
2017-03-28 10:48 ` James Morse
2017-03-28 11:23 ` Christoffer Dall
2017-03-28 11:23 ` Christoffer Dall
2017-03-28 11:23 ` Christoffer Dall
2017-03-28 11:33 ` Peter Maydell
2017-03-28 11:33 ` Peter Maydell
2017-03-28 11:33 ` Peter Maydell
2017-03-28 13:27 ` James Morse
2017-03-28 13:27 ` James Morse
2017-03-28 13:27 ` James Morse
2017-03-28 11:54 ` Achin Gupta
2017-03-28 11:54 ` Achin Gupta
2017-03-28 11:54 ` Achin Gupta
2017-03-28 12:16 ` gengdongjiu
2017-03-28 12:16 ` gengdongjiu
2017-03-28 12:16 ` gengdongjiu
2017-03-28 13:40 ` James Morse
2017-03-28 13:40 ` James Morse
2017-03-28 13:40 ` James Morse
2017-03-29 9:36 ` gengdongjiu
2017-03-29 9:36 ` gengdongjiu
2017-03-29 9:36 ` gengdongjiu
2017-03-29 9:36 ` [Qemu-devel] " gengdongjiu
2017-03-29 9:36 ` gengdongjiu
2017-03-29 10:36 ` Achin Gupta
2017-03-29 10:36 ` Achin Gupta
2017-03-29 10:36 ` [Qemu-devel] " Achin Gupta
2017-03-29 10:36 ` Achin Gupta
2017-03-29 11:58 ` Laszlo Ersek
2017-03-29 11:58 ` Laszlo Ersek
2017-03-29 11:58 ` [Qemu-devel] " Laszlo Ersek
2017-03-29 11:58 ` [edk2] " Laszlo Ersek
2017-03-29 12:51 ` Michael S. Tsirkin
2017-03-29 12:51 ` Michael S. Tsirkin
2017-03-29 12:51 ` Michael S. Tsirkin
2017-03-29 12:51 ` [Qemu-devel] " Michael S. Tsirkin
2017-03-29 12:51 ` Michael S. Tsirkin
2017-03-29 13:36 ` Laszlo Ersek
2017-03-29 13:36 ` Laszlo Ersek
2017-03-29 13:36 ` [Qemu-devel] " Laszlo Ersek
2017-03-29 13:36 ` Laszlo Ersek
2017-03-29 13:54 ` Michael S. Tsirkin
2017-03-29 13:54 ` Michael S. Tsirkin
2017-03-29 13:54 ` Michael S. Tsirkin
2017-03-29 13:54 ` [Qemu-devel] " Michael S. Tsirkin
2017-03-29 13:54 ` Michael S. Tsirkin
2017-03-29 13:56 ` Punit Agrawal
2017-03-29 13:56 ` Punit Agrawal
2017-03-29 13:56 ` [Qemu-devel] " Punit Agrawal
2017-03-29 13:56 ` Punit Agrawal
2017-04-06 12:35 ` gengdongjiu
2017-04-06 12:35 ` gengdongjiu
2017-04-06 12:35 ` gengdongjiu
2017-04-06 12:35 ` [Qemu-devel] " gengdongjiu
2017-04-06 12:35 ` gengdongjiu
2017-04-06 18:55 ` Laszlo Ersek
2017-04-06 18:55 ` Laszlo Ersek
2017-04-06 18:55 ` [Qemu-devel] " Laszlo Ersek
2017-04-06 18:55 ` [edk2] " Laszlo Ersek
2017-04-07 2:52 ` gengdongjiu
2017-04-07 2:52 ` gengdongjiu
2017-04-07 2:52 ` [Qemu-devel] " gengdongjiu
2017-04-07 2:52 ` [edk2] " gengdongjiu
2017-04-07 9:21 ` Laszlo Ersek
2017-04-07 9:21 ` Laszlo Ersek
2017-04-07 9:21 ` [Qemu-devel] " Laszlo Ersek
2017-04-07 9:21 ` [edk2] " Laszlo Ersek
2017-04-21 13:27 ` gengdongjiu
2017-04-21 13:27 ` gengdongjiu
2017-04-21 13:27 ` [Qemu-devel] " gengdongjiu
2017-04-21 13:27 ` [edk2] " gengdongjiu
2017-04-24 11:27 ` Laszlo Ersek
2017-04-24 11:27 ` Laszlo Ersek
2017-04-24 11:27 ` [Qemu-devel] " Laszlo Ersek
2017-04-24 11:27 ` [edk2] " Laszlo Ersek
2017-03-29 14:36 ` gengdongjiu
2017-03-29 14:36 ` gengdongjiu
2017-03-29 14:36 ` gengdongjiu
2017-03-29 14:36 ` [Qemu-devel] " gengdongjiu
2017-03-29 14:36 ` gengdongjiu
2017-03-29 14:48 ` Christoffer Dall [this message]
2017-03-29 14:48 ` Christoffer Dall
2017-03-29 14:48 ` Christoffer Dall
2017-03-29 14:48 ` [Qemu-devel] " Christoffer Dall
2017-03-29 14:48 ` Christoffer Dall
2017-03-29 15:37 ` Laszlo Ersek
2017-03-29 15:37 ` Laszlo Ersek
2017-03-29 15:37 ` [Qemu-devel] " Laszlo Ersek
2017-03-29 15:37 ` [edk2] " Laszlo Ersek
2017-03-29 17:44 ` Christoffer Dall
2017-03-29 17:44 ` Christoffer Dall
2017-03-29 17:44 ` [Qemu-devel] " Christoffer Dall
2017-03-29 17:44 ` Christoffer Dall
2017-03-30 1:22 ` gengdongjiu
2017-03-30 1:22 ` gengdongjiu
2017-03-30 1:22 ` gengdongjiu
2017-03-30 1:22 ` [Qemu-devel] " gengdongjiu
2017-03-30 1:22 ` gengdongjiu
2017-03-28 12:22 ` Christoffer Dall
2017-03-28 12:22 ` Christoffer Dall
2017-03-28 12:22 ` Christoffer Dall
2017-03-28 13:24 ` Achin Gupta
2017-03-28 13:24 ` Achin Gupta
2017-03-28 13:24 ` Achin Gupta
2017-03-28 13:40 ` Christoffer Dall
2017-03-28 13:40 ` Christoffer Dall
2017-03-28 13:40 ` Christoffer Dall
2017-03-21 13:10 ` James Morse
2017-03-21 13:10 ` James Morse
2017-03-21 13:10 ` James Morse
2017-03-22 13:37 ` gengdongjiu
2017-03-22 13:37 ` gengdongjiu
2017-03-22 13:37 ` gengdongjiu
2017-03-22 18:56 ` James Morse
2017-03-22 18:56 ` James Morse
2017-03-22 18:56 ` James Morse
2017-03-21 6:07 ` gengdongjiu
2017-03-21 6:07 ` gengdongjiu
2017-03-21 6:07 ` gengdongjiu
2017-03-21 13:51 ` kbuild test robot
2017-03-21 13:51 ` kbuild test robot
2017-03-21 13:51 ` kbuild test robot
2017-03-22 3:20 ` gengdongjiu
2017-03-22 3:20 ` gengdongjiu
2017-03-22 3:20 ` gengdongjiu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170329144822.GA1020@cbox \
--to=cdall@linaro.org \
--cc=Leif.Lindholm@linaro.com \
--cc=achin.gupta@arm.com \
--cc=andre.przywara@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=christoffer.dall@linaro.org \
--cc=edk2-devel@ml01.01.org \
--cc=gengdj.1984@gmail.com \
--cc=gengdongjiu@huawei.com \
--cc=huangshaoyu@huawei.com \
--cc=james.morse@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=lersek@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=nd@arm.com \
--cc=qemu-devel@nongnu.org \
--cc=rkrcmar@redhat.com \
--cc=suzuki.poulose@arm.com \
--cc=vladimir.murzin@arm.com \
--cc=wangxiongfeng2@huawei.com \
--cc=will.deacon@arm.com \
--cc=wuquanming@huawei.com \
--cc=xiexiuqi@huawei.com \
--cc=zhaoshenglong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.