From: Marc Zyngier <marc.zyngier@arm.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: <linux-arm-kernel@lists.infradead.org>,
<kvmarm@lists.cs.columbia.edu>, <kvm@vger.kernel.org>,
Christoffer Dall <christoffer.dall@linaro.org>,
Eric Auger <eric.auger@redhat.com>,
Shanker Donthineni <shankerd@codeaurora.org>,
Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>,
Andre Przywara <Andre.Przywara@arm.com>
Subject: Re: [PATCH v4 25/26] KVM: arm/arm64: GICv4: Prevent heterogenous systems from using GICv4
Date: Fri, 27 Oct 2017 09:31:12 +0100 [thread overview]
Message-ID: <86mv4d9elr.fsf@arm.com> (raw)
In-Reply-To: <20171027080421.m3ruegg6liflcvro@salmiak> (Mark Rutland's message of "Fri, 27 Oct 2017 09:04:21 +0100")
On Fri, Oct 27 2017 at 9:04:21 am BST, Mark Rutland <mark.rutland@arm.com> wrote:
> On Fri, Oct 27, 2017 at 08:59:23AM +0100, Marc Zyngier wrote:
>> On Fri, Oct 27 2017 at 8:37:28 am BST, Mark Rutland <mark.rutland@arm.com> wrote:
>> > On Fri, Oct 27, 2017 at 07:57:12AM +0100, Marc Zyngier wrote:
>> >> On Thu, Oct 26 2017 at 4:48:39 pm BST, Mark Rutland <mark.rutland@arm.com> wrote:
>> >> > On Fri, Oct 06, 2017 at 04:34:00PM +0100, Marc Zyngier wrote:
>> >
>> >> >> @@ -485,8 +495,21 @@ int vgic_v3_probe(const struct gic_kvm_info *info)
>> >> >> kvm_vgic_global_state.can_emulate_gicv2 = false;
>> >> >> kvm_vgic_global_state.ich_vtr_el2 = ich_vtr_el2;
>> >> >>
>> >> >> - /* GICv4 support? */
>> >> >> + /*
>> >> >> + * GICv4 support? We need to check on all CPUs in case of some
>> >> >> + * extremely creative form of big-little brain damage...
>> >> >> + */
>> >> >> if (info->has_v4) {
>> >> >> + int cpu;
>> >> >> +
>> >> >> + for_each_online_cpu(cpu) {
>> >> >> + bool enable;
>> >> >> +
>> >> >> + smp_call_function_single(cpu, vgic_check_v4_cpuif,
>> >> >> + &enable, 1);
>> >> >> + gicv4_enable = gicv4_enable && enable;
>> >> >> + }
>> >> >
>> >> > With maxcpus=N on the command line, CPUs can be brought online late, so we
>> >> > might need this in a hotplug callback (and/or in the arm64 cpufeature
>> >> > framework) to handle that case.
>> >>
>> >> I'm afraid that won't be enough. If the CPU is brought up once we've
>> >> already started a VM, we're screwed, as we cannot retroactively decide
>> >> to drop GICv4 on the floor and nuke the guest. Or did you have something
>> >> more radical in mind? Panic?
>> >
>> > If you teach the arm64 cpufeature framework about this, it can abort bringing a
>> > !GICv4 CPU online late.
>>
>> You wish.
>>
>> There is all kind of difficulties with that. This requires checking an
>> EL2 register (ICH_VTR_EL2) when we've not initialised KVM yet (so no HYP
>> call facility). We could make it an additional hyp-stub feature, but
>> that feels pretty involved.
>
> Aargh; I'd assumed we could probe this from EL1 somewhow.
>
>> Effectively, GICv4 support having it supported on the redistributors,
>> the ITSs, and the CPUs. The cpufeature framework only addresses the
>> first one. So unless the solution encompasses all the elements in the
>> chain, any checking feels pretty pointless.
>
> Sure thing. :/
How are we taking this further?
I can drop this altogether (after all, you will get what you deserve if
you design a broken system). The alternative would be to add a hotplug
notifier here, and spit out a warning if we're going to be in
trouble. We still run into the risk of messing with a VM that's already
been started before the non-v4 CPU.
Thoughts anyone?
M.
--
Jazz is not dead. It just smells funny.
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <marc.zyngier@arm.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
Christoffer Dall <christoffer.dall@linaro.org>,
Eric Auger <eric.auger@redhat.com>,
Shanker Donthineni <shankerd@codeaurora.org>,
Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>,
Andre Przywara <Andre.Przywara@arm.com>
Subject: Re: [PATCH v4 25/26] KVM: arm/arm64: GICv4: Prevent heterogenous systems from using GICv4
Date: Fri, 27 Oct 2017 09:31:12 +0100 [thread overview]
Message-ID: <86mv4d9elr.fsf@arm.com> (raw)
In-Reply-To: <20171027080421.m3ruegg6liflcvro@salmiak> (Mark Rutland's message of "Fri, 27 Oct 2017 09:04:21 +0100")
On Fri, Oct 27 2017 at 9:04:21 am BST, Mark Rutland <mark.rutland@arm.com> wrote:
> On Fri, Oct 27, 2017 at 08:59:23AM +0100, Marc Zyngier wrote:
>> On Fri, Oct 27 2017 at 8:37:28 am BST, Mark Rutland <mark.rutland@arm.com> wrote:
>> > On Fri, Oct 27, 2017 at 07:57:12AM +0100, Marc Zyngier wrote:
>> >> On Thu, Oct 26 2017 at 4:48:39 pm BST, Mark Rutland <mark.rutland@arm.com> wrote:
>> >> > On Fri, Oct 06, 2017 at 04:34:00PM +0100, Marc Zyngier wrote:
>> >
>> >> >> @@ -485,8 +495,21 @@ int vgic_v3_probe(const struct gic_kvm_info *info)
>> >> >> kvm_vgic_global_state.can_emulate_gicv2 = false;
>> >> >> kvm_vgic_global_state.ich_vtr_el2 = ich_vtr_el2;
>> >> >>
>> >> >> - /* GICv4 support? */
>> >> >> + /*
>> >> >> + * GICv4 support? We need to check on all CPUs in case of some
>> >> >> + * extremely creative form of big-little brain damage...
>> >> >> + */
>> >> >> if (info->has_v4) {
>> >> >> + int cpu;
>> >> >> +
>> >> >> + for_each_online_cpu(cpu) {
>> >> >> + bool enable;
>> >> >> +
>> >> >> + smp_call_function_single(cpu, vgic_check_v4_cpuif,
>> >> >> + &enable, 1);
>> >> >> + gicv4_enable = gicv4_enable && enable;
>> >> >> + }
>> >> >
>> >> > With maxcpus=N on the command line, CPUs can be brought online late, so we
>> >> > might need this in a hotplug callback (and/or in the arm64 cpufeature
>> >> > framework) to handle that case.
>> >>
>> >> I'm afraid that won't be enough. If the CPU is brought up once we've
>> >> already started a VM, we're screwed, as we cannot retroactively decide
>> >> to drop GICv4 on the floor and nuke the guest. Or did you have something
>> >> more radical in mind? Panic?
>> >
>> > If you teach the arm64 cpufeature framework about this, it can abort bringing a
>> > !GICv4 CPU online late.
>>
>> You wish.
>>
>> There is all kind of difficulties with that. This requires checking an
>> EL2 register (ICH_VTR_EL2) when we've not initialised KVM yet (so no HYP
>> call facility). We could make it an additional hyp-stub feature, but
>> that feels pretty involved.
>
> Aargh; I'd assumed we could probe this from EL1 somewhow.
>
>> Effectively, GICv4 support having it supported on the redistributors,
>> the ITSs, and the CPUs. The cpufeature framework only addresses the
>> first one. So unless the solution encompasses all the elements in the
>> chain, any checking feels pretty pointless.
>
> Sure thing. :/
How are we taking this further?
I can drop this altogether (after all, you will get what you deserve if
you design a broken system). The alternative would be to add a hotplug
notifier here, and spit out a warning if we're going to be in
trouble. We still run into the risk of messing with a VM that's already
been started before the non-v4 CPU.
Thoughts anyone?
M.
--
Jazz is not dead. It just smells funny.
WARNING: multiple messages have this Message-ID (diff)
From: marc.zyngier@arm.com (Marc Zyngier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 25/26] KVM: arm/arm64: GICv4: Prevent heterogenous systems from using GICv4
Date: Fri, 27 Oct 2017 09:31:12 +0100 [thread overview]
Message-ID: <86mv4d9elr.fsf@arm.com> (raw)
In-Reply-To: <20171027080421.m3ruegg6liflcvro@salmiak> (Mark Rutland's message of "Fri, 27 Oct 2017 09:04:21 +0100")
On Fri, Oct 27 2017 at 9:04:21 am BST, Mark Rutland <mark.rutland@arm.com> wrote:
> On Fri, Oct 27, 2017 at 08:59:23AM +0100, Marc Zyngier wrote:
>> On Fri, Oct 27 2017 at 8:37:28 am BST, Mark Rutland <mark.rutland@arm.com> wrote:
>> > On Fri, Oct 27, 2017 at 07:57:12AM +0100, Marc Zyngier wrote:
>> >> On Thu, Oct 26 2017 at 4:48:39 pm BST, Mark Rutland <mark.rutland@arm.com> wrote:
>> >> > On Fri, Oct 06, 2017 at 04:34:00PM +0100, Marc Zyngier wrote:
>> >
>> >> >> @@ -485,8 +495,21 @@ int vgic_v3_probe(const struct gic_kvm_info *info)
>> >> >> kvm_vgic_global_state.can_emulate_gicv2 = false;
>> >> >> kvm_vgic_global_state.ich_vtr_el2 = ich_vtr_el2;
>> >> >>
>> >> >> - /* GICv4 support? */
>> >> >> + /*
>> >> >> + * GICv4 support? We need to check on all CPUs in case of some
>> >> >> + * extremely creative form of big-little brain damage...
>> >> >> + */
>> >> >> if (info->has_v4) {
>> >> >> + int cpu;
>> >> >> +
>> >> >> + for_each_online_cpu(cpu) {
>> >> >> + bool enable;
>> >> >> +
>> >> >> + smp_call_function_single(cpu, vgic_check_v4_cpuif,
>> >> >> + &enable, 1);
>> >> >> + gicv4_enable = gicv4_enable && enable;
>> >> >> + }
>> >> >
>> >> > With maxcpus=N on the command line, CPUs can be brought online late, so we
>> >> > might need this in a hotplug callback (and/or in the arm64 cpufeature
>> >> > framework) to handle that case.
>> >>
>> >> I'm afraid that won't be enough. If the CPU is brought up once we've
>> >> already started a VM, we're screwed, as we cannot retroactively decide
>> >> to drop GICv4 on the floor and nuke the guest. Or did you have something
>> >> more radical in mind? Panic?
>> >
>> > If you teach the arm64 cpufeature framework about this, it can abort bringing a
>> > !GICv4 CPU online late.
>>
>> You wish.
>>
>> There is all kind of difficulties with that. This requires checking an
>> EL2 register (ICH_VTR_EL2) when we've not initialised KVM yet (so no HYP
>> call facility). We could make it an additional hyp-stub feature, but
>> that feels pretty involved.
>
> Aargh; I'd assumed we could probe this from EL1 somewhow.
>
>> Effectively, GICv4 support having it supported on the redistributors,
>> the ITSs, and the CPUs. The cpufeature framework only addresses the
>> first one. So unless the solution encompasses all the elements in the
>> chain, any checking feels pretty pointless.
>
> Sure thing. :/
How are we taking this further?
I can drop this altogether (after all, you will get what you deserve if
you design a broken system). The alternative would be to add a hotplug
notifier here, and spit out a warning if we're going to be in
trouble. We still run into the risk of messing with a VM that's already
been started before the non-v4 CPU.
Thoughts anyone?
M.
--
Jazz is not dead. It just smells funny.
next prev parent reply other threads:[~2017-10-27 8:31 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-06 15:33 [PATCH v4 00/26] KVM/ARM: Add support for GICv4 Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 01/26] KVM: arm/arm64: register irq bypass consumer on ARM/ARM64 Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 02/26] KVM: arm/arm64: vgic: restructure kvm_vgic_(un)map_phys_irq Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 14:44 ` Christoffer Dall
2017-10-25 14:44 ` Christoffer Dall
2017-10-26 13:05 ` Marc Zyngier
2017-10-26 13:05 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 03/26] KVM: arm: Select ARM_GIC_V3 and ARM_GIC_V3_ITS Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 04/26] KVM: arm/arm64: vgic: Move kvm_vgic_destroy call around Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 05/26] KVM: arm/arm64: vITS: Add MSI translation helpers Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 06/26] KVM: arm/arm64: vITS: Add a helper to update the affinity of an LPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 14:50 ` Christoffer Dall
2017-10-25 14:50 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 07/26] KVM: arm/arm64: GICv4: Add property field and per-VM predicate Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 14:54 ` Christoffer Dall
2017-10-25 14:54 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 08/26] KVM: arm/arm64: GICv4: Add init/teardown of the per-VM vPE irq domain Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 15:46 ` Christoffer Dall
2017-10-25 15:46 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 09/26] KVM: arm/arm64: GICv4: Wire mapping/unmapping of VLPIs in VFIO irq bypass Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 15:58 ` Christoffer Dall
2017-10-25 15:58 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 10/26] KVM: arm/arm64: GICv4: Handle INT command applied to a VLPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 11/26] KVM: arm/arm64: GICv4: Unmap VLPI when freeing an LPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 12/26] KVM: arm/arm64: GICv4: Propagate affinity changes to the physical ITS Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 16:22 ` Christoffer Dall
2017-10-25 16:22 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 13/26] KVM: arm/arm64: GICv4: Handle CLEAR applied to a VLPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 14/26] KVM: arm/arm64: GICv4: Handle MOVALL applied to a vPE Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 16:27 ` Christoffer Dall
2017-10-25 16:27 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 15/26] KVM: arm/arm64: GICv4: Propagate property updates to VLPIs Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 16/26] KVM: arm/arm64: GICv4: Handle INVALL applied to a vPE Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 17/26] KVM: arm/arm64: GICv4: Propagate VLPI properties at map time Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 16:48 ` Christoffer Dall
2017-10-25 16:48 ` Christoffer Dall
2017-10-25 17:01 ` Marc Zyngier
2017-10-25 17:01 ` Marc Zyngier
2017-10-26 8:21 ` Marc Zyngier
2017-10-26 8:21 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 18/26] KVM: arm/arm64: GICv4: Use pending_last as a scheduling hint Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 19/26] KVM: arm/arm64: GICv4: Add doorbell interrupt handling Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-26 14:28 ` Christoffer Dall
2017-10-26 14:28 ` Christoffer Dall
2017-10-26 15:25 ` Christoffer Dall
2017-10-26 15:25 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 20/26] KVM: arm/arm64: GICv4: Use the doorbell interrupt as an unblocking source Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 21/26] KVM: arm/arm64: GICv4: Hook vPE scheduling into vgic flush/sync Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-26 15:24 ` Christoffer Dall
2017-10-26 15:24 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 22/26] KVM: arm/arm64: GICv4: Enable virtual cpuif if VLPIs can be delivered Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 23/26] KVM: arm/arm64: GICv4: Prevent a VM using GICv4 from being saved Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-26 15:28 ` Christoffer Dall
2017-10-26 15:28 ` Christoffer Dall
2017-10-27 13:56 ` Marc Zyngier
2017-10-27 13:56 ` Marc Zyngier
2017-10-30 6:48 ` Christoffer Dall
2017-10-30 6:48 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 24/26] KVM: arm/arm64: GICv4: Enable VLPI support Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:34 ` [PATCH v4 25/26] KVM: arm/arm64: GICv4: Prevent heterogenous systems from using GICv4 Marc Zyngier
2017-10-06 15:34 ` Marc Zyngier
2017-10-26 15:31 ` Christoffer Dall
2017-10-26 15:31 ` Christoffer Dall
2017-10-26 15:48 ` Mark Rutland
2017-10-26 15:48 ` Mark Rutland
2017-10-27 6:57 ` Marc Zyngier
2017-10-27 6:57 ` Marc Zyngier
2017-10-27 6:57 ` Marc Zyngier
2017-10-27 7:37 ` Mark Rutland
2017-10-27 7:37 ` Mark Rutland
2017-10-27 7:59 ` Marc Zyngier
2017-10-27 7:59 ` Marc Zyngier
2017-10-27 7:59 ` Marc Zyngier
2017-10-27 8:04 ` Mark Rutland
2017-10-27 8:04 ` Mark Rutland
2017-10-27 8:31 ` Marc Zyngier [this message]
2017-10-27 8:31 ` Marc Zyngier
2017-10-27 8:31 ` Marc Zyngier
2017-10-29 2:16 ` Christoffer Dall
2017-10-29 2:16 ` Christoffer Dall
2017-10-06 15:34 ` [PATCH v4 26/26] KVM: arm/arm64: GICv4: Theory of operations Marc Zyngier
2017-10-06 15:34 ` Marc Zyngier
2017-10-26 15:32 ` Christoffer Dall
2017-10-26 15:32 ` Christoffer Dall
2017-10-08 16:45 ` [PATCH v4 00/26] KVM/ARM: Add support for GICv4 Shanker Donthineni
2017-10-08 16:45 ` Shanker Donthineni
2017-10-09 17:52 ` Konrad Rzeszutek Wilk
2017-10-09 17:52 ` Konrad Rzeszutek Wilk
2017-10-09 18:02 ` Marc Zyngier
2017-10-09 18:02 ` Marc Zyngier
2017-10-19 15:48 ` [PATCH v4 27/26] KVM: arm/arm64: GICv4: Prevent userspace from changing doorbell affinity Marc Zyngier
2017-10-19 15:48 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86mv4d9elr.fsf@arm.com \
--to=marc.zyngier@arm.com \
--cc=Andre.Przywara@arm.com \
--cc=christoffer.dall@linaro.org \
--cc=eric.auger@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=shankerd@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.