[PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Jan Beulich]

First of all a PCLMULQDQ dependency was missing entirely. Add it as well
as AESNI and SHA to SSE2, as all of them act on vectors of integers,
whereas plain SSE supports vectors of single precision floats only. This
is in line with how e.g. binutils and gcc treat them.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
-> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
with both binutils and gcc. But I think I did suggest so when the
dependencies were introduced, and this wasn't liked for a reason I
forgot.

--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -196,11 +196,12 @@ def crunch_numbers(state):
         # instructions.  Several futher instruction sets are built on core
         # %XMM support, without specific inter-dependencies.  Additionally
         # AMD has a special mis-alignment sub-mode.
-        SSE: [SSE2, SSE3, SSSE3, SSE4A, MISALIGNSSE,
-              AESNI, SHA],
+        SSE: [SSE2, SSE3, SSSE3, SSE4A, MISALIGNSSE],
 
-        # SSE2 was re-specified as core instructions for 64bit.
-        SSE2: [LM],
+        # SSE2 was re-specified as core instructions for 64bit.  Also ISA
+        # extensions dealing with vectors of integers are added here rather
+        # than to SSE.
+        SSE2: [LM, AESNI, PCLMULQDQ, SHA],
 
         # SSE4.1 explicitly depends on SSE3 and SSSE3
         SSE3: [SSE4_1],





_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Andrew Cooper]

On 14/01/2019 11:39, Jan Beulich wrote:
> First of all a PCLMULQDQ dependency was missing entirely. Add it as well
> as AESNI and SHA to SSE2, as all of them act on vectors of integers,
> whereas plain SSE supports vectors of single precision floats only. This
> is in line with how e.g. binutils and gcc treat them.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> ---
> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
> with both binutils and gcc. But I think I did suggest so when the
> dependencies were introduced, and this wasn't liked for a reason I
> forgot.

While all of this is true, there is a comment in context which explains
why the dependences are they way they are.

Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow
these latter instruction groups to function correctly.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Jan Beulich]

>>> On 14.01.19 at 13:00, <andrew.cooper3@citrix.com> wrote:
> On 14/01/2019 11:39, Jan Beulich wrote:
>> First of all a PCLMULQDQ dependency was missing entirely. Add it as well
>> as AESNI and SHA to SSE2, as all of them act on vectors of integers,
>> whereas plain SSE supports vectors of single precision floats only. This
>> is in line with how e.g. binutils and gcc treat them.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> ---
>> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
>> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
>> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
>> with both binutils and gcc. But I think I did suggest so when the
>> dependencies were introduced, and this wasn't liked for a reason I
>> forgot.
> 
> While all of this is true, there is a comment in context which explains
> why the dependences are they way they are.
> 
> Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow
> these latter instruction groups to function correctly.

You mean "Several futher instruction sets are built on core %XMM
support, without specific inter-dependencies"? This explains it at
best partly, the more that there then are exceptions to this rule
({,S}SSE3 -> SSE4.1 and SSE4.1 -> SSE4.2). Do we really have to
take a different view here than binutils and gcc (and perhaps many
others) do?

Some of Linux'es x86-specific crypto drivers make even more
interesting implications, several of which I mean to fix. But they
(imo) validly imply e.g. SSE2 when there is SSSE3, which would
mean such a driver would only work because we can't hide the
SSE2 insns when a guest config file masks off SSE2 but not
SSSE3 - until such an insn hits the emulator, where the
vcpu_has_sse2() check would make it raise #UD, just because
of our non-standard feature dependencies.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Ping: Re: [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Jan Beulich]

>>> On 14.01.19 at 13:48, <JBeulich@suse.com> wrote:
>>>> On 14.01.19 at 13:00, <andrew.cooper3@citrix.com> wrote:
>> On 14/01/2019 11:39, Jan Beulich wrote:
>>> First of all a PCLMULQDQ dependency was missing entirely. Add it as well
>>> as AESNI and SHA to SSE2, as all of them act on vectors of integers,
>>> whereas plain SSE supports vectors of single precision floats only. This
>>> is in line with how e.g. binutils and gcc treat them.
>>>
>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>> ---
>>> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
>>> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
>>> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
>>> with both binutils and gcc. But I think I did suggest so when the
>>> dependencies were introduced, and this wasn't liked for a reason I
>>> forgot.
>> 
>> While all of this is true, there is a comment in context which explains
>> why the dependences are they way they are.
>> 
>> Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow
>> these latter instruction groups to function correctly.
> 
> You mean "Several futher instruction sets are built on core %XMM
> support, without specific inter-dependencies"? This explains it at
> best partly, the more that there then are exceptions to this rule
> ({,S}SSE3 -> SSE4.1 and SSE4.1 -> SSE4.2). Do we really have to
> take a different view here than binutils and gcc (and perhaps many
> others) do?
> 
> Some of Linux'es x86-specific crypto drivers make even more
> interesting implications, several of which I mean to fix. But they
> (imo) validly imply e.g. SSE2 when there is SSSE3, which would
> mean such a driver would only work because we can't hide the
> SSE2 insns when a guest config file masks off SSE2 but not
> SSSE3 - until such an insn hits the emulator, where the
> vcpu_has_sse2() check would make it raise #UD, just because
> of our non-standard feature dependencies.

Can we try to settle this disagreement please? I can certainly
break out the change to add the PCLMULDQ dependency, but
adding it alongside AESNI and SHA to only depend on SSE
continues to seem wrong to me. I hope you understand that it
doesn't feel well to post a patch which I think (at least for now)
is not correct (as per above, at the very least potentially
misleading for guests).

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Andrew Cooper]

On 14/01/2019 12:48, Jan Beulich wrote:
>>>> On 14.01.19 at 13:00, <andrew.cooper3@citrix.com> wrote:
>> On 14/01/2019 11:39, Jan Beulich wrote:
>>> First of all a PCLMULQDQ dependency was missing entirely. Add it as well
>>> as AESNI and SHA to SSE2, as all of them act on vectors of integers,
>>> whereas plain SSE supports vectors of single precision floats only. This
>>> is in line with how e.g. binutils and gcc treat them.
>>>
>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>> ---
>>> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
>>> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
>>> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
>>> with both binutils and gcc. But I think I did suggest so when the
>>> dependencies were introduced, and this wasn't liked for a reason I
>>> forgot.
>> While all of this is true, there is a comment in context which explains
>> why the dependences are they way they are.
>>
>> Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow
>> these latter instruction groups to function correctly.
> You mean "Several futher instruction sets are built on core %XMM
> support, without specific inter-dependencies"? This explains it at
> best partly, the more that there then are exceptions to this rule
> ({,S}SSE3 -> SSE4.1 and SSE4.1 -> SSE4.2). Do we really have to
> take a different view here than binutils and gcc (and perhaps many
> others) do?
>
> Some of Linux'es x86-specific crypto drivers make even more
> interesting implications, several of which I mean to fix. But they
> (imo) validly imply e.g. SSE2 when there is SSSE3, which would
> mean such a driver would only work because we can't hide the
> SSE2 insns when a guest config file masks off SSE2 but not
> SSSE3 - until such an insn hits the emulator, where the
> vcpu_has_sse2() check would make it raise #UD, just because
> of our non-standard feature dependencies.

The dependences described here are primarily to prevent malfunctions in
Xen, rather than to provide a historically-accurate view of which
features appeared when.  Software which doesn't follow the rules cannot
be helped - its already buggy.

The question which matters here is whether the Intel/AMD SDM's allow for
any such implications.

Vol1 12.13.4 states that software wishing to use AES-NI or PCMULDQ must
first check for SSE2, and then for the individual feature bit.  I
suppose this is better evidence of a logical connection than we've used
in other bits of the dependency tree, but I see absolutely nothing
discussing the SHA instruction set.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Jan Beulich]

>>> On 30.01.19 at 21:21, <andrew.cooper3@citrix.com> wrote:
> On 14/01/2019 12:48, Jan Beulich wrote:
>>>>> On 14.01.19 at 13:00, <andrew.cooper3@citrix.com> wrote:
>>> On 14/01/2019 11:39, Jan Beulich wrote:
>>>> First of all a PCLMULQDQ dependency was missing entirely. Add it as well
>>>> as AESNI and SHA to SSE2, as all of them act on vectors of integers,
>>>> whereas plain SSE supports vectors of single precision floats only. This
>>>> is in line with how e.g. binutils and gcc treat them.
>>>>
>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>>> ---
>>>> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
>>>> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
>>>> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
>>>> with both binutils and gcc. But I think I did suggest so when the
>>>> dependencies were introduced, and this wasn't liked for a reason I
>>>> forgot.
>>> While all of this is true, there is a comment in context which explains
>>> why the dependences are they way they are.
>>>
>>> Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow
>>> these latter instruction groups to function correctly.
>> You mean "Several futher instruction sets are built on core %XMM
>> support, without specific inter-dependencies"? This explains it at
>> best partly, the more that there then are exceptions to this rule
>> ({,S}SSE3 -> SSE4.1 and SSE4.1 -> SSE4.2). Do we really have to
>> take a different view here than binutils and gcc (and perhaps many
>> others) do?
>>
>> Some of Linux'es x86-specific crypto drivers make even more
>> interesting implications, several of which I mean to fix. But they
>> (imo) validly imply e.g. SSE2 when there is SSSE3, which would
>> mean such a driver would only work because we can't hide the
>> SSE2 insns when a guest config file masks off SSE2 but not
>> SSSE3 - until such an insn hits the emulator, where the
>> vcpu_has_sse2() check would make it raise #UD, just because
>> of our non-standard feature dependencies.
> 
> The dependences described here are primarily to prevent malfunctions in
> Xen, rather than to provide a historically-accurate view of which
> features appeared when.  Software which doesn't follow the rules cannot
> be helped - its already buggy.

For this last statement - where is the "SSE2: [LM]" dependency formally
spelled out? The fact that it's used for the UNIX floating point ABI of
x86-64 is not relevant: There could sensibly be a 64-bit processor
without any floating point support, I think.

> The question which matters here is whether the Intel/AMD SDM's allow for
> any such implications.
> 
> Vol1 12.13.4 states that software wishing to use AES-NI or PCMULDQ must
> first check for SSE2, and then for the individual feature bit.  I
> suppose this is better evidence of a logical connection than we've used
> in other bits of the dependency tree, but I see absolutely nothing
> discussing the SHA instruction set.

So if I left SHA alone but moved AESNI, you'd be fine with the change?
I could at least see this as an intermediate step. I should say though
that SHA has always been giving the impression of a "bad child" to me,
so I wouldn't be surprised of this was just a doc omission (seeing that
there isn't even a section about that entire extension in chapter 12).

Furthermore, you didn't even comment on the SSE3 etc aspect.
Section 12.4.2, just like 12.13.4, refers to 11.6.2, i.e. (according to
your interpretation above) implies SSE2. While 12.12.2 implies SSE3
and SSSE3, 12.12.3 implies SSSE3 and SSE4.1 but not SSE3, and
12.7.2 does not suggest to check for SSE3. I have to admit that
I'd rather consider this as doc shortcomings.

An SSE4.2 check alone is (imo correctly) suggested for CRC32 and
POPCNT, which would seem to mean we should drop its SSE4.1
dependency.

Otoh these documented needs to check for multiple bits could as
well be interpreted as meaning there's no connection at all, in
which case the SSE4.1 and SSE4.2 dependencies we currently
have should all be reduced to dependencies upon SSE (as
expressing the presence of XMM registers).

Getting this into consistent shape might save some discussions
on the AVX512 series (where, depending on the outcome here,
I may need to make further adjustments). One additional question
there would then be whether to take AVX512BW as indication of
full 64-bit mask registers (AVX512F only needs 16-bit wide ones),
as is implied e.g. by gcc.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Andrew Cooper]

On 31/01/2019 10:06, Jan Beulich wrote:
>>>> On 30.01.19 at 21:21, <andrew.cooper3@citrix.com> wrote:
>> On 14/01/2019 12:48, Jan Beulich wrote:
>>>>>> On 14.01.19 at 13:00, <andrew.cooper3@citrix.com> wrote:
>>>> On 14/01/2019 11:39, Jan Beulich wrote:
>>>>> First of all a PCLMULQDQ dependency was missing entirely. Add it as well
>>>>> as AESNI and SHA to SSE2, as all of them act on vectors of integers,
>>>>> whereas plain SSE supports vectors of single precision floats only. This
>>>>> is in line with how e.g. binutils and gcc treat them.
>>>>>
>>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>>>> ---
>>>>> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
>>>>> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
>>>>> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
>>>>> with both binutils and gcc. But I think I did suggest so when the
>>>>> dependencies were introduced, and this wasn't liked for a reason I
>>>>> forgot.
>>>> While all of this is true, there is a comment in context which explains
>>>> why the dependences are they way they are.
>>>>
>>>> Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow
>>>> these latter instruction groups to function correctly.
>>> You mean "Several futher instruction sets are built on core %XMM
>>> support, without specific inter-dependencies"? This explains it at
>>> best partly, the more that there then are exceptions to this rule
>>> ({,S}SSE3 -> SSE4.1 and SSE4.1 -> SSE4.2). Do we really have to
>>> take a different view here than binutils and gcc (and perhaps many
>>> others) do?
>>>
>>> Some of Linux'es x86-specific crypto drivers make even more
>>> interesting implications, several of which I mean to fix. But they
>>> (imo) validly imply e.g. SSE2 when there is SSSE3, which would
>>> mean such a driver would only work because we can't hide the
>>> SSE2 insns when a guest config file masks off SSE2 but not
>>> SSSE3 - until such an insn hits the emulator, where the
>>> vcpu_has_sse2() check would make it raise #UD, just because
>>> of our non-standard feature dependencies.
>> The dependences described here are primarily to prevent malfunctions in
>> Xen, rather than to provide a historically-accurate view of which
>> features appeared when.  Software which doesn't follow the rules cannot
>> be helped - its already buggy.
> For this last statement - where is the "SSE2: [LM]" dependency formally
> spelled out? The fact that it's used for the UNIX floating point ABI of
> x86-64 is not relevant: There could sensibly be a 64-bit processor
> without any floating point support, I think.

The base AMD64 spec, which mandates SSE2 in compliant implementations. 
It is the reason why you don't need a feature check to use the fence
instructions.

>> The question which matters here is whether the Intel/AMD SDM's allow for
>> any such implications.
>>
>> Vol1 12.13.4 states that software wishing to use AES-NI or PCMULDQ must
>> first check for SSE2, and then for the individual feature bit.  I
>> suppose this is better evidence of a logical connection than we've used
>> in other bits of the dependency tree, but I see absolutely nothing
>> discussing the SHA instruction set.
> So if I left SHA alone but moved AESNI, you'd be fine with the change?
> I could at least see this as an intermediate step. I should say though
> that SHA has always been giving the impression of a "bad child" to me,
> so I wouldn't be surprised of this was just a doc omission (seeing that
> there isn't even a section about that entire extension in chapter 12).

I did find that omission curious while looking.

> Furthermore, you didn't even comment on the SSE3 etc aspect.
> Section 12.4.2, just like 12.13.4, refers to 11.6.2, i.e. (according to
> your interpretation above) implies SSE2. While 12.12.2 implies SSE3
> and SSSE3, 12.12.3 implies SSSE3 and SSE4.1 but not SSE3, and
> 12.7.2 does not suggest to check for SSE3. I have to admit that
> I'd rather consider this as doc shortcomings.

You do realise that you argued the contrary when I originally
implemented this, most notably in v4
https://patchwork.kernel.org/patch/8651441/ , and made me change the
logic to how it currently is?

It looks to me as if you now prefer v3 of my original patch.

> An SSE4.2 check alone is (imo correctly) suggested for CRC32 and
> POPCNT, which would seem to mean we should drop its SSE4.1
> dependency.
>
> Otoh these documented needs to check for multiple bits could as
> well be interpreted as meaning there's no connection at all, in
> which case the SSE4.1 and SSE4.2 dependencies we currently
> have should all be reduced to dependencies upon SSE (as
> expressing the presence of XMM registers).
>
> Getting this into consistent shape might save some discussions
> on the AVX512 series (where, depending on the outcome here,
> I may need to make further adjustments). One additional question
> there would then be whether to take AVX512BW as indication of
> full 64-bit mask registers (AVX512F only needs 16-bit wide ones),
> as is implied e.g. by gcc.

I don't have a problem in principle with changing dependences.

One risk however is the forwards compatibility of VMs migrating to newer
versions of Xen - we must take care to not make features accidentally
disappear in newer builds of Xen running on the same hardware. 
(Accepting that we may deliberately need to make features disappear if
mistakes in the dependency logic are discovered.)

I would however like to first get a clear understand and agreement on
our expectations, to try and avoid problems like this in the future.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

[Jan Beulich]

>>> On 31.01.19 at 14:36, <andrew.cooper3@citrix.com> wrote:
> On 31/01/2019 10:06, Jan Beulich wrote:
>>>>> On 30.01.19 at 21:21, <andrew.cooper3@citrix.com> wrote:
>>> On 14/01/2019 12:48, Jan Beulich wrote:
>>>>>>> On 14.01.19 at 13:00, <andrew.cooper3@citrix.com> wrote:
>>>>> On 14/01/2019 11:39, Jan Beulich wrote:
>>>>>> First of all a PCLMULQDQ dependency was missing entirely. Add it as well
>>>>>> as AESNI and SHA to SSE2, as all of them act on vectors of integers,
>>>>>> whereas plain SSE supports vectors of single precision floats only. This
>>>>>> is in line with how e.g. binutils and gcc treat them.
>>>>>>
>>>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>>>>> ---
>>>>>> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also
>>>>>> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2
>>>>>> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line
>>>>>> with both binutils and gcc. But I think I did suggest so when the
>>>>>> dependencies were introduced, and this wasn't liked for a reason I
>>>>>> forgot.
>>>>> While all of this is true, there is a comment in context which explains
>>>>> why the dependences are they way they are.
>>>>>
>>>>> Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow
>>>>> these latter instruction groups to function correctly.
>>>> You mean "Several futher instruction sets are built on core %XMM
>>>> support, without specific inter-dependencies"? This explains it at
>>>> best partly, the more that there then are exceptions to this rule
>>>> ({,S}SSE3 -> SSE4.1 and SSE4.1 -> SSE4.2). Do we really have to
>>>> take a different view here than binutils and gcc (and perhaps many
>>>> others) do?
>>>>
>>>> Some of Linux'es x86-specific crypto drivers make even more
>>>> interesting implications, several of which I mean to fix. But they
>>>> (imo) validly imply e.g. SSE2 when there is SSSE3, which would
>>>> mean such a driver would only work because we can't hide the
>>>> SSE2 insns when a guest config file masks off SSE2 but not
>>>> SSSE3 - until such an insn hits the emulator, where the
>>>> vcpu_has_sse2() check would make it raise #UD, just because
>>>> of our non-standard feature dependencies.
>>> The dependences described here are primarily to prevent malfunctions in
>>> Xen, rather than to provide a historically-accurate view of which
>>> features appeared when.  Software which doesn't follow the rules cannot
>>> be helped - its already buggy.
>> For this last statement - where is the "SSE2: [LM]" dependency formally
>> spelled out? The fact that it's used for the UNIX floating point ABI of
>> x86-64 is not relevant: There could sensibly be a 64-bit processor
>> without any floating point support, I think.
> 
> The base AMD64 spec, which mandates SSE2 in compliant implementations. 

Would you mind pointing out which document you refer to here?
I've just gone and searched the first two volumes of the PM for#
all mentions of SSE2, and I couldn't find what you say above.

> It is the reason why you don't need a feature check to use the fence
> instructions.

I understand that's what we imply it to mean.

>>> The question which matters here is whether the Intel/AMD SDM's allow for
>>> any such implications.
>>>
>>> Vol1 12.13.4 states that software wishing to use AES-NI or PCMULDQ must
>>> first check for SSE2, and then for the individual feature bit.  I
>>> suppose this is better evidence of a logical connection than we've used
>>> in other bits of the dependency tree, but I see absolutely nothing
>>> discussing the SHA instruction set.
>> So if I left SHA alone but moved AESNI, you'd be fine with the change?
>> I could at least see this as an intermediate step. I should say though
>> that SHA has always been giving the impression of a "bad child" to me,
>> so I wouldn't be surprised of this was just a doc omission (seeing that
>> there isn't even a section about that entire extension in chapter 12).
> 
> I did find that omission curious while looking.
> 
>> Furthermore, you didn't even comment on the SSE3 etc aspect.
>> Section 12.4.2, just like 12.13.4, refers to 11.6.2, i.e. (according to
>> your interpretation above) implies SSE2. While 12.12.2 implies SSE3
>> and SSSE3, 12.12.3 implies SSSE3 and SSE4.1 but not SSE3, and
>> 12.7.2 does not suggest to check for SSE3. I have to admit that
>> I'd rather consider this as doc shortcomings.
> 
> You do realise that you argued the contrary when I originally
> implemented this, most notably in v4
> https://patchwork.kernel.org/patch/8651441/ , and made me change the
> logic to how it currently is?

Well, part of it is that I look at some of the dependencies differently
now that I've implemented test harness extensions for AES, SHA,
and PCLMUL. Specifically before this I didn't pay much attention to
the vector element types/sizes these extensions act on.

> It looks to me as if you now prefer v3 of my original patch.

That's perhaps a little less "in the middle" than what we currently
have, but it's still not quite there, in particular because of ...

>> An SSE4.2 check alone is (imo correctly) suggested for CRC32 and
>> POPCNT, which would seem to mean we should drop its SSE4.1
>> dependency.

... this.

>> Otoh these documented needs to check for multiple bits could as
>> well be interpreted as meaning there's no connection at all, in
>> which case the SSE4.1 and SSE4.2 dependencies we currently
>> have should all be reduced to dependencies upon SSE (as
>> expressing the presence of XMM registers).

Therefore I'm now leaning towards truly making register existence
the only prereq, albeit even that may be considered still too much
(because of CRC32, POPCNT, and FISTTP, none of which requires
XMM registers, and which Intel suggests are fine to use in the
absence of SSE being available), so perhaps we may even need to
drop a few dependencies altogether.

>> Getting this into consistent shape might save some discussions
>> on the AVX512 series (where, depending on the outcome here,
>> I may need to make further adjustments). One additional question
>> there would then be whether to take AVX512BW as indication of
>> full 64-bit mask registers (AVX512F only needs 16-bit wide ones),
>> as is implied e.g. by gcc.
> 
> I don't have a problem in principle with changing dependences.
> 
> One risk however is the forwards compatibility of VMs migrating to newer
> versions of Xen - we must take care to not make features accidentally
> disappear in newer builds of Xen running on the same hardware. 
> (Accepting that we may deliberately need to make features disappear if
> mistakes in the dependency logic are discovered.)

So would the missing PCLMULQDQ dependency not already fall in the
category of risking a feature to disappear (once the dependency was
added) during migration?

> I would however like to first get a clear understand and agreement on
> our expectations, to try and avoid problems like this in the future.

+1 - hence this discussion.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel