Re: [PATCH v2 1/2] KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs

From: Reiji Watanabe <reijiw@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
	Linux ARM <linux-arm-kernel@lists.infradead.org>,
	James Morse <james.morse@arm.com>,
	Alexandru Elisei <alexandru.elisei@arm.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Will Deacon <will@kernel.org>, Peter Shier <pshier@google.com>,
	Ricardo Koller <ricarkol@google.com>,
	Oliver Upton <oupton@google.com>,
	Jing Zhang <jingzhangos@google.com>,
	Raghavendra Rao Anata <rananta@google.com>
Subject: Re: [PATCH v2 1/2] KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs
Date: Wed, 9 Feb 2022 21:31:49 -0800	[thread overview]
Message-ID: <CAAeT=FwF=agQH-2u0fzGL4eUzz5-=6M=zwXiaxyucPf+n_ihxQ@mail.gmail.com> (raw)
In-Reply-To: <875ypo5jqi.wl-maz@kernel.org>

Hi Marc,

On Wed, Feb 9, 2022 at 4:04 AM Marc Zyngier <maz@kernel.org> wrote:
>
> Hi Reiji,
>
> On Wed, 09 Feb 2022 05:32:36 +0000,
> Reiji Watanabe <reijiw@google.com> wrote:
> >
> > Hi Marc,
> >
> > On Tue, Feb 8, 2022 at 6:41 AM Marc Zyngier <maz@kernel.org> wrote:
> > >
> > > In [1], I suggested another approach that didn't require extra state,
> > > and moved the existing checks under the kvm lock. What was wrong with
> > > that approach?
> >
> > With that approach, even for a vcpu that has a broken set of features,
> > which leads kvm_reset_vcpu() to fail for the vcpu, the vcpu->arch.features
> > are checked by other vCPUs' vcpu_allowed_register_width() until the
> > vcpu->arch.target is set to -1.
> > Due to this, I would think some or possibly all vCPUs' kvm_reset_vcpu()
> > may or may not fail (e.g. if userspace tries to configure vCPU#0 with
> > 32bit EL1, and vCPU#1 and #2 with 64 bit EL1, KVM_ARM_VCPU_INIT
> > for either vCPU#0, or both vCPU#1 and #2 should fail.  But, with that
> > approach, it doesn't always work that way.  Instead, KVM_ARM_VCPU_INIT
> > for all vCPUs could fail or KVM_ARM_VCPU_INIT for vCPU#0 and #1 could
> > fail while the one for CPU#2 works).
> > Also, even after the first KVM_RUN for vCPUs are already done,
> > (the first) KVM_ARM_VCPU_INIT for another vCPU could cause the
> > kvm_reset_vcpu() for those vCPUs to fail.
> >
> > I would think those behaviors are odd, and I wanted to avoid them.
>
> OK, fair enough. But then you need to remove most of the uses of
> KVM_ARM_VCPU_EL1_32BIT so that it is only used as a userspace
> interface and

Yes, I will.

> maybe not carried as part of the vcpu feature flag anymore.

At the first call of kvm_reset_vcpu() for the guest, the new kvm
flag is not set yet. So, KVM_ARM_VCPU_EL1_32BIT will be needed
by the function (unless we pass the flag as an argument for the
function or by any other way).

> Also, we really should turn all these various bits in the kvm struct
> into a set of flags. I have a patch posted there[1] for this, feel
> free to pick it up.

Thank you for the suggestion. But, kvm->arch.el1_reg_width is not
a binary because it needs to indicate an uninitialized state.  So, it
won't fit perfectly with kvm->arch.flags, which is introduced by [1]
as it is. Of course it's feasible by using 2 bits of the flags though...

Thanks,
Reiji

>
> Thanks,
>
>         M.
>
> [1] https://lore.kernel.org/r/20211004174849.2831548-2-maz@kernel.org
>
> --
> Without deviation from the norm, progress is not possible.