From: David Gibson <david@gibson.dropbear.id.au>
To: Ram Pai <linuxram@us.ibm.com>
Cc: aik@ozlabs.ru, andmike@linux.ibm.com, groug@kaod.org,
kvm-ppc@vger.kernel.org, clg@fr.ibm.com,
sukadev@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com
Subject: Re: [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM.
Date: Tue, 3 Mar 2020 10:32:40 +1100 [thread overview]
Message-ID: <20200302233240.GB35885@umbus.fritz.box> (raw)
In-Reply-To: <1582962844-26333-1-git-send-email-linuxram@us.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 2353 bytes --]
On Fri, Feb 28, 2020 at 11:54:04PM -0800, Ram Pai wrote:
> XIVE is not correctly enabled for Secure VM in the KVM Hypervisor yet.
>
> Hence Secure VM, must always default to XICS interrupt controller.
>
> If XIVE is requested through kernel command line option "xive=on",
> override and turn it off.
>
> If XIVE is the only supported platform interrupt controller; specified
> through qemu option "ic-mode=xive", simply abort. Otherwise default to
> XICS.
Uh... the discussion thread here seems to have gotten oddly off
track. So, to try to clean up some misunderstandings on both sides:
1) The guest is the main thing that knows that it will be in secure
mode, so it's reasonable for it to conditionally use XIVE based
on that.
2) The mechanism by which we do it here isn't quite right. Here the
guest is checking itself that the host only allows XIVE, but we
can't do XIVE and is panic()ing. Instead, in the SVM case we
should force support->xive to false, and send that in the CAS
request to the host. We expect the host to just terminate
us because of the mismatch, but this will interact better with
host side options setting policy for panic states and the like.
Essentially an SVM kernel should behave like an old kernel with
no XIVE support at all, at least w.r.t. the CAS irq mode flags.
3) Although there are means by which the hypervisor can kind of know
a guest is in secure mode, there's not really an "svm=on" option
on the host side. For the most part secure mode is based on
discussion directly between the guest and the ultravisor with
almost no hypervisor intervention.
4) I'm guessing the problem with XIVE in SVM mode is that XIVE needs
to write to event queues in guest memory, which would have to be
explicitly shared for secure mode. That's true whether it's KVM
or qemu accessing the guest memory, so kernel_irqchip=on/off is
entirely irrelevant.
5) All the above said, having to use XICS is pretty crappy. You
should really get working on XIVE support for secure VMs.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: David Gibson <david@gibson.dropbear.id.au>
To: Ram Pai <linuxram@us.ibm.com>
Cc: aik@ozlabs.ru, andmike@linux.ibm.com, groug@kaod.org,
kvm-ppc@vger.kernel.org, clg@fr.ibm.com,
sukadev@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com
Subject: Re: [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM.
Date: Mon, 02 Mar 2020 23:32:40 +0000 [thread overview]
Message-ID: <20200302233240.GB35885@umbus.fritz.box> (raw)
In-Reply-To: <1582962844-26333-1-git-send-email-linuxram@us.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 2353 bytes --]
On Fri, Feb 28, 2020 at 11:54:04PM -0800, Ram Pai wrote:
> XIVE is not correctly enabled for Secure VM in the KVM Hypervisor yet.
>
> Hence Secure VM, must always default to XICS interrupt controller.
>
> If XIVE is requested through kernel command line option "xive=on",
> override and turn it off.
>
> If XIVE is the only supported platform interrupt controller; specified
> through qemu option "ic-mode=xive", simply abort. Otherwise default to
> XICS.
Uh... the discussion thread here seems to have gotten oddly off
track. So, to try to clean up some misunderstandings on both sides:
1) The guest is the main thing that knows that it will be in secure
mode, so it's reasonable for it to conditionally use XIVE based
on that.
2) The mechanism by which we do it here isn't quite right. Here the
guest is checking itself that the host only allows XIVE, but we
can't do XIVE and is panic()ing. Instead, in the SVM case we
should force support->xive to false, and send that in the CAS
request to the host. We expect the host to just terminate
us because of the mismatch, but this will interact better with
host side options setting policy for panic states and the like.
Essentially an SVM kernel should behave like an old kernel with
no XIVE support at all, at least w.r.t. the CAS irq mode flags.
3) Although there are means by which the hypervisor can kind of know
a guest is in secure mode, there's not really an "svm=on" option
on the host side. For the most part secure mode is based on
discussion directly between the guest and the ultravisor with
almost no hypervisor intervention.
4) I'm guessing the problem with XIVE in SVM mode is that XIVE needs
to write to event queues in guest memory, which would have to be
explicitly shared for secure mode. That's true whether it's KVM
or qemu accessing the guest memory, so kernel_irqchip=on/off is
entirely irrelevant.
5) All the above said, having to use XICS is pretty crappy. You
should really get working on XIVE support for secure VMs.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-03-02 23:34 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-29 7:54 [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM Ram Pai
2020-02-29 7:54 ` Ram Pai
2020-02-29 8:27 ` Cédric Le Goater
2020-02-29 8:27 ` Cédric Le Goater
2020-02-29 22:51 ` Ram Pai
2020-02-29 22:51 ` Ram Pai
2020-03-02 7:34 ` Cédric Le Goater
2020-03-02 7:34 ` Cédric Le Goater
2020-03-02 20:54 ` Greg Kurz
2020-03-02 20:54 ` Greg Kurz
2020-03-02 23:32 ` David Gibson [this message]
2020-03-02 23:32 ` David Gibson
2020-03-03 6:50 ` Cédric Le Goater
2020-03-03 6:50 ` Cédric Le Goater
2020-03-03 17:02 ` Ram Pai
2020-03-03 17:02 ` Ram Pai
2020-03-03 17:45 ` Greg Kurz
2020-03-03 17:45 ` Greg Kurz
2020-03-03 18:56 ` Ram Pai
2020-03-03 18:56 ` Ram Pai
2020-03-04 10:59 ` Greg Kurz
2020-03-04 10:59 ` Greg Kurz
2020-03-04 15:13 ` Ram Pai
2020-03-04 15:13 ` Ram Pai
2020-03-04 15:37 ` Ram Pai
2020-03-04 15:37 ` Ram Pai
2020-03-04 15:56 ` Cédric Le Goater
2020-03-04 15:56 ` Cédric Le Goater
2020-03-04 23:55 ` David Gibson
2020-03-04 23:55 ` David Gibson
2020-03-05 7:15 ` Cédric Le Goater
2020-03-05 7:15 ` Cédric Le Goater
2020-03-05 15:15 ` Ram Pai
2020-03-05 15:15 ` Ram Pai
2020-03-05 15:36 ` Cédric Le Goater
2020-03-05 15:36 ` Cédric Le Goater
2020-03-03 19:18 ` [EXTERNAL] " Cédric Le Goater
2020-03-03 19:18 ` Cédric Le Goater
2020-03-04 8:34 ` Greg Kurz
2020-03-04 8:34 ` Greg Kurz
2020-03-03 19:08 ` Cédric Le Goater
2020-03-03 19:08 ` Cédric Le Goater
2020-03-03 20:29 ` Ram Pai
2020-03-03 20:29 ` Ram Pai
2020-03-05 11:41 ` Cédric Le Goater
2020-03-05 11:41 ` Cédric Le Goater
-- strict thread matches above, loose matches on Subject: below --
2020-02-29 7:27 Ram Pai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200302233240.GB35885@umbus.fritz.box \
--to=david@gibson.dropbear.id.au \
--cc=aik@ozlabs.ru \
--cc=andmike@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=clg@fr.ibm.com \
--cc=groug@kaod.org \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
--cc=sukadev@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.