From: Ram Pai <linuxram@us.ibm.com>
To: "Cédric Le Goater" <clg@kaod.org>
Cc: aik@ozlabs.ru, andmike@linux.ibm.com, groug@kaod.org,
kvm-ppc@vger.kernel.org, clg@fr.ibm.com,
sukadev@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com, david@gibson.dropbear.id.au
Subject: RE: [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM.
Date: Sat, 29 Feb 2020 14:51:40 -0800 [thread overview]
Message-ID: <20200229225140.GA5618@oc0525413822.ibm.com> (raw)
In-Reply-To: <1e28fb80-7bae-8d80-1a72-f616af030aab@kaod.org>
On Sat, Feb 29, 2020 at 09:27:54AM +0100, Cédric Le Goater wrote:
> On 2/29/20 8:54 AM, Ram Pai wrote:
> > XIVE is not correctly enabled for Secure VM in the KVM Hypervisor yet.
> >
> > Hence Secure VM, must always default to XICS interrupt controller.
>
> have you tried XIVE emulation 'kernel-irqchip=off' ?
yes and it hangs. I think that option, continues to enable some variant
of XIVE in the VM. There are some known deficiencies between KVM
and the ultravisor negotiation, resulting in a hang in the SVM.
>
> > If XIVE is requested through kernel command line option "xive=on",
> > override and turn it off.
>
> This is incorrect. It is negotiated through CAS depending on the FW
> capabilities and the KVM capabilities.
Yes I understand, qemu/KVM have predetermined a set of capabilties that
it can offer to the VM. The kernel within the VM has a list of
capabilties it needs to operate correctly. So both negotiate and
determine something mutually ammicable.
Here I am talking about the list of capabilities that the kernel is
trying to determine, it needs to operate correctly. "xive=on" is one of
those capabilities the kernel is told by the VM-adminstrator, to enable.
Unfortunately if the VM-administrtor blindly requests to enable it, the
kernel must override it, if it knows that will be switching the VM into
a SVM soon. No point negotiating a capability with Qemu; through CAS,
if it knows it cannot handle that capability.
>
> > If XIVE is the only supported platform interrupt controller; specified
> > through qemu option "ic-mode=xive", simply abort. Otherwise default to
> > XICS.
>
>
> I don't think it is a good approach to downgrade the guest kernel
> capabilities this way.
>
> PAPR has specified the CAS negotiation process for this purpose. It
> comes in two parts under KVM. First the KVM hypervisor advertises or
> not a capability to QEMU. The second is the CAS negotiation process
> between QEMU and the guest OS.
Unfortunately, this is not viable. At the time the hypervisor
advertises its capabilities to qemu, the hypervisor has no idea whether
that VM will switch into a SVM or not. The decision to switch into a
SVM is taken by the kernel running in the VM. This happens much later,
after the hypervisor has already conveyed its capabilties to the qemu, and
qemu has than instantiated the VM.
As a result, CAS in prom_init is the only place where this negotiation
can take place.
>
> The SVM specifications might not be complete yet and if some features
> are incompatible, I think we should modify the capabilities advertised
> by the hypervisor : no XIVE in case of SVM. QEMU will automatically
> use the fallback path and emulate the XIVE device, same as setting
> 'kernel-irqchip=off'.
As mentioned above, this would be an excellent approach, if the
Hypervisor was aware of the VM's intent to switch into a SVM. Neither
the hypervisor knows, nor the qemu. Only the kernel running within the
VM knows about it.
Do you still think, my approach is wrong?
RP
WARNING: multiple messages have this Message-ID (diff)
From: Ram Pai <linuxram@us.ibm.com>
To: "Cédric Le Goater" <clg@kaod.org>
Cc: aik@ozlabs.ru, andmike@linux.ibm.com, groug@kaod.org,
kvm-ppc@vger.kernel.org, clg@fr.ibm.com,
sukadev@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com, david@gibson.dropbear.id.au
Subject: RE: [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM.
Date: Sat, 29 Feb 2020 22:51:40 +0000 [thread overview]
Message-ID: <20200229225140.GA5618@oc0525413822.ibm.com> (raw)
In-Reply-To: <1e28fb80-7bae-8d80-1a72-f616af030aab@kaod.org>
On Sat, Feb 29, 2020 at 09:27:54AM +0100, Cédric Le Goater wrote:
> On 2/29/20 8:54 AM, Ram Pai wrote:
> > XIVE is not correctly enabled for Secure VM in the KVM Hypervisor yet.
> >
> > Hence Secure VM, must always default to XICS interrupt controller.
>
> have you tried XIVE emulation 'kernel-irqchip=off' ?
yes and it hangs. I think that option, continues to enable some variant
of XIVE in the VM. There are some known deficiencies between KVM
and the ultravisor negotiation, resulting in a hang in the SVM.
>
> > If XIVE is requested through kernel command line option "xive=on",
> > override and turn it off.
>
> This is incorrect. It is negotiated through CAS depending on the FW
> capabilities and the KVM capabilities.
Yes I understand, qemu/KVM have predetermined a set of capabilties that
it can offer to the VM. The kernel within the VM has a list of
capabilties it needs to operate correctly. So both negotiate and
determine something mutually ammicable.
Here I am talking about the list of capabilities that the kernel is
trying to determine, it needs to operate correctly. "xive=on" is one of
those capabilities the kernel is told by the VM-adminstrator, to enable.
Unfortunately if the VM-administrtor blindly requests to enable it, the
kernel must override it, if it knows that will be switching the VM into
a SVM soon. No point negotiating a capability with Qemu; through CAS,
if it knows it cannot handle that capability.
>
> > If XIVE is the only supported platform interrupt controller; specified
> > through qemu option "ic-mode=xive", simply abort. Otherwise default to
> > XICS.
>
>
> I don't think it is a good approach to downgrade the guest kernel
> capabilities this way.
>
> PAPR has specified the CAS negotiation process for this purpose. It
> comes in two parts under KVM. First the KVM hypervisor advertises or
> not a capability to QEMU. The second is the CAS negotiation process
> between QEMU and the guest OS.
Unfortunately, this is not viable. At the time the hypervisor
advertises its capabilities to qemu, the hypervisor has no idea whether
that VM will switch into a SVM or not. The decision to switch into a
SVM is taken by the kernel running in the VM. This happens much later,
after the hypervisor has already conveyed its capabilties to the qemu, and
qemu has than instantiated the VM.
As a result, CAS in prom_init is the only place where this negotiation
can take place.
>
> The SVM specifications might not be complete yet and if some features
> are incompatible, I think we should modify the capabilities advertised
> by the hypervisor : no XIVE in case of SVM. QEMU will automatically
> use the fallback path and emulate the XIVE device, same as setting
> 'kernel-irqchip=off'.
As mentioned above, this would be an excellent approach, if the
Hypervisor was aware of the VM's intent to switch into a SVM. Neither
the hypervisor knows, nor the qemu. Only the kernel running within the
VM knows about it.
Do you still think, my approach is wrong?
RP
next prev parent reply other threads:[~2020-02-29 22:53 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-29 7:54 [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM Ram Pai
2020-02-29 7:54 ` Ram Pai
2020-02-29 8:27 ` Cédric Le Goater
2020-02-29 8:27 ` Cédric Le Goater
2020-02-29 22:51 ` Ram Pai [this message]
2020-02-29 22:51 ` Ram Pai
2020-03-02 7:34 ` Cédric Le Goater
2020-03-02 7:34 ` Cédric Le Goater
2020-03-02 20:54 ` Greg Kurz
2020-03-02 20:54 ` Greg Kurz
2020-03-02 23:32 ` David Gibson
2020-03-02 23:32 ` David Gibson
2020-03-03 6:50 ` Cédric Le Goater
2020-03-03 6:50 ` Cédric Le Goater
2020-03-03 17:02 ` Ram Pai
2020-03-03 17:02 ` Ram Pai
2020-03-03 17:45 ` Greg Kurz
2020-03-03 17:45 ` Greg Kurz
2020-03-03 18:56 ` Ram Pai
2020-03-03 18:56 ` Ram Pai
2020-03-04 10:59 ` Greg Kurz
2020-03-04 10:59 ` Greg Kurz
2020-03-04 15:13 ` Ram Pai
2020-03-04 15:13 ` Ram Pai
2020-03-04 15:37 ` Ram Pai
2020-03-04 15:37 ` Ram Pai
2020-03-04 15:56 ` Cédric Le Goater
2020-03-04 15:56 ` Cédric Le Goater
2020-03-04 23:55 ` David Gibson
2020-03-04 23:55 ` David Gibson
2020-03-05 7:15 ` Cédric Le Goater
2020-03-05 7:15 ` Cédric Le Goater
2020-03-05 15:15 ` Ram Pai
2020-03-05 15:15 ` Ram Pai
2020-03-05 15:36 ` Cédric Le Goater
2020-03-05 15:36 ` Cédric Le Goater
2020-03-03 19:18 ` [EXTERNAL] " Cédric Le Goater
2020-03-03 19:18 ` Cédric Le Goater
2020-03-04 8:34 ` Greg Kurz
2020-03-04 8:34 ` Greg Kurz
2020-03-03 19:08 ` Cédric Le Goater
2020-03-03 19:08 ` Cédric Le Goater
2020-03-03 20:29 ` Ram Pai
2020-03-03 20:29 ` Ram Pai
2020-03-05 11:41 ` Cédric Le Goater
2020-03-05 11:41 ` Cédric Le Goater
-- strict thread matches above, loose matches on Subject: below --
2020-02-29 7:27 Ram Pai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200229225140.GA5618@oc0525413822.ibm.com \
--to=linuxram@us.ibm.com \
--cc=aik@ozlabs.ru \
--cc=andmike@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=clg@fr.ibm.com \
--cc=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=groug@kaod.org \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sukadev@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.