From: Reiji Watanabe <reijiw@google.com>
To: Oliver Upton <oupton@google.com>
Cc: Marc Zyngier <maz@kernel.org>,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Will Deacon <will@kernel.org>, Andrew Jones <drjones@redhat.com>,
Fuad Tabba <tabba@google.com>,
Peng Liang <liangpeng10@huawei.com>,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>,
Jing Zhang <jingzhangos@google.com>,
Raghavendra Rao Anata <rananta@google.com>
Subject: Re: [PATCH v6 11/25] KVM: arm64: Add remaining ID registers to id_reg_desc_table
Date: Thu, 24 Mar 2022 13:23:42 -0700 [thread overview]
Message-ID: <CAAeT=FwkXSpwtCOrggwg=V72TYCRb24rqHYVUGd+gTEA-jN66w@mail.gmail.com> (raw)
In-Reply-To: <Yjt6qvYliEDqzF9j@google.com>
Hi Oliver,
On Wed, Mar 23, 2022 at 12:53 PM Oliver Upton <oupton@google.com> wrote:
>
> Hi Reiji,
>
> On Thu, Mar 10, 2022 at 08:47:57PM -0800, Reiji Watanabe wrote:
> > Add hidden or reserved ID registers, and remaining ID registers,
> > which don't require special handling, to id_reg_desc_table.
> > Add 'flags' field to id_reg_desc, which is used to indicates hiddden
> > or reserved registers. Since now id_reg_desc_init() is called even
> > for hidden/reserved registers, change it to not do anything for them.
> >
> > Signed-off-by: Reiji Watanabe <reijiw@google.com>
>
> I think there is a very important detail of the series that probably
> should be highlighted. We are only allowing AArch64 feature registers to
> be configurable, right? AArch32 feature registers remain visible with
> their default values passed through to the guest. If you've already
> stated this as a precondition elsewhere then my apologies for the noise.
>
> I don't know if adding support for this to AArch32 registers is
> necessarily the right step forward, either. 32 bit support is working
> just fine and IMO its OK to limit new KVM features to AArch64-only so
> long as it doesn't break 32 bit support. Marc of course is the authority
> on that, though :-)
>
> If for any reason a guest uses a feature present in the AArch32 feature
> register but hidden from the AArch64 register, we could be in a
> particularly difficult position. Especially if we enabled traps based on
> the AArch64 value and UNDEF the guest.
>
> One hack we could do is skip trap configuration if AArch32 is visible at
> either EL1 or EL0, but that may not be the most elegant solution.
> Otherwise, if we are AArch64-only at every EL then the definition of the
> AArch32 feature registers is architecturally UNKNOWN, so we can dodge
> the problem altogether. What are your thoughts?
Thank you so much for your review, Oliver!
For aarch32 guests (when KVM_ARM_VCPU_EL1_32BIT is configured),
yes, the current series is problematic as you mentioned...
I am thinking of disallowing configuring ID registers (keep ID
registers immutable) for the aarch32 guests for now at least.
(will document that)
For aarch64 guests that support EL0 aarch32, it would generally
be a userspace bug if userspace sets inconsistent values in 32bit
and 64bit ID registers. KVM doesn't provide a complete consistency
checking for ID registers, but this could be added later as needed.
It might be a good idea to skip trap configuration to avoid being
affected by the issue. On the other hand, this might provide a
good opportunity to detect such userspace issue. As this could
happen only with new userspace code that changes ID registers,
I might rather prefer the latter?
Thanks,
Reiji
WARNING: multiple messages have this Message-ID (diff)
From: Reiji Watanabe <reijiw@google.com>
To: Oliver Upton <oupton@google.com>
Cc: kvm@vger.kernel.org, Marc Zyngier <maz@kernel.org>,
Peter Shier <pshier@google.com>, Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
kvmarm@lists.cs.columbia.edu,
Linux ARM <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v6 11/25] KVM: arm64: Add remaining ID registers to id_reg_desc_table
Date: Thu, 24 Mar 2022 13:23:42 -0700 [thread overview]
Message-ID: <CAAeT=FwkXSpwtCOrggwg=V72TYCRb24rqHYVUGd+gTEA-jN66w@mail.gmail.com> (raw)
In-Reply-To: <Yjt6qvYliEDqzF9j@google.com>
Hi Oliver,
On Wed, Mar 23, 2022 at 12:53 PM Oliver Upton <oupton@google.com> wrote:
>
> Hi Reiji,
>
> On Thu, Mar 10, 2022 at 08:47:57PM -0800, Reiji Watanabe wrote:
> > Add hidden or reserved ID registers, and remaining ID registers,
> > which don't require special handling, to id_reg_desc_table.
> > Add 'flags' field to id_reg_desc, which is used to indicates hiddden
> > or reserved registers. Since now id_reg_desc_init() is called even
> > for hidden/reserved registers, change it to not do anything for them.
> >
> > Signed-off-by: Reiji Watanabe <reijiw@google.com>
>
> I think there is a very important detail of the series that probably
> should be highlighted. We are only allowing AArch64 feature registers to
> be configurable, right? AArch32 feature registers remain visible with
> their default values passed through to the guest. If you've already
> stated this as a precondition elsewhere then my apologies for the noise.
>
> I don't know if adding support for this to AArch32 registers is
> necessarily the right step forward, either. 32 bit support is working
> just fine and IMO its OK to limit new KVM features to AArch64-only so
> long as it doesn't break 32 bit support. Marc of course is the authority
> on that, though :-)
>
> If for any reason a guest uses a feature present in the AArch32 feature
> register but hidden from the AArch64 register, we could be in a
> particularly difficult position. Especially if we enabled traps based on
> the AArch64 value and UNDEF the guest.
>
> One hack we could do is skip trap configuration if AArch32 is visible at
> either EL1 or EL0, but that may not be the most elegant solution.
> Otherwise, if we are AArch64-only at every EL then the definition of the
> AArch32 feature registers is architecturally UNKNOWN, so we can dodge
> the problem altogether. What are your thoughts?
Thank you so much for your review, Oliver!
For aarch32 guests (when KVM_ARM_VCPU_EL1_32BIT is configured),
yes, the current series is problematic as you mentioned...
I am thinking of disallowing configuring ID registers (keep ID
registers immutable) for the aarch32 guests for now at least.
(will document that)
For aarch64 guests that support EL0 aarch32, it would generally
be a userspace bug if userspace sets inconsistent values in 32bit
and 64bit ID registers. KVM doesn't provide a complete consistency
checking for ID registers, but this could be added later as needed.
It might be a good idea to skip trap configuration to avoid being
affected by the issue. On the other hand, this might provide a
good opportunity to detect such userspace issue. As this could
happen only with new userspace code that changes ID registers,
I might rather prefer the latter?
Thanks,
Reiji
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Reiji Watanabe <reijiw@google.com>
To: Oliver Upton <oupton@google.com>
Cc: Marc Zyngier <maz@kernel.org>,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Will Deacon <will@kernel.org>, Andrew Jones <drjones@redhat.com>,
Fuad Tabba <tabba@google.com>,
Peng Liang <liangpeng10@huawei.com>,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>,
Jing Zhang <jingzhangos@google.com>,
Raghavendra Rao Anata <rananta@google.com>
Subject: Re: [PATCH v6 11/25] KVM: arm64: Add remaining ID registers to id_reg_desc_table
Date: Thu, 24 Mar 2022 13:23:42 -0700 [thread overview]
Message-ID: <CAAeT=FwkXSpwtCOrggwg=V72TYCRb24rqHYVUGd+gTEA-jN66w@mail.gmail.com> (raw)
In-Reply-To: <Yjt6qvYliEDqzF9j@google.com>
Hi Oliver,
On Wed, Mar 23, 2022 at 12:53 PM Oliver Upton <oupton@google.com> wrote:
>
> Hi Reiji,
>
> On Thu, Mar 10, 2022 at 08:47:57PM -0800, Reiji Watanabe wrote:
> > Add hidden or reserved ID registers, and remaining ID registers,
> > which don't require special handling, to id_reg_desc_table.
> > Add 'flags' field to id_reg_desc, which is used to indicates hiddden
> > or reserved registers. Since now id_reg_desc_init() is called even
> > for hidden/reserved registers, change it to not do anything for them.
> >
> > Signed-off-by: Reiji Watanabe <reijiw@google.com>
>
> I think there is a very important detail of the series that probably
> should be highlighted. We are only allowing AArch64 feature registers to
> be configurable, right? AArch32 feature registers remain visible with
> their default values passed through to the guest. If you've already
> stated this as a precondition elsewhere then my apologies for the noise.
>
> I don't know if adding support for this to AArch32 registers is
> necessarily the right step forward, either. 32 bit support is working
> just fine and IMO its OK to limit new KVM features to AArch64-only so
> long as it doesn't break 32 bit support. Marc of course is the authority
> on that, though :-)
>
> If for any reason a guest uses a feature present in the AArch32 feature
> register but hidden from the AArch64 register, we could be in a
> particularly difficult position. Especially if we enabled traps based on
> the AArch64 value and UNDEF the guest.
>
> One hack we could do is skip trap configuration if AArch32 is visible at
> either EL1 or EL0, but that may not be the most elegant solution.
> Otherwise, if we are AArch64-only at every EL then the definition of the
> AArch32 feature registers is architecturally UNKNOWN, so we can dodge
> the problem altogether. What are your thoughts?
Thank you so much for your review, Oliver!
For aarch32 guests (when KVM_ARM_VCPU_EL1_32BIT is configured),
yes, the current series is problematic as you mentioned...
I am thinking of disallowing configuring ID registers (keep ID
registers immutable) for the aarch32 guests for now at least.
(will document that)
For aarch64 guests that support EL0 aarch32, it would generally
be a userspace bug if userspace sets inconsistent values in 32bit
and 64bit ID registers. KVM doesn't provide a complete consistency
checking for ID registers, but this could be added later as needed.
It might be a good idea to skip trap configuration to avoid being
affected by the issue. On the other hand, this might provide a
good opportunity to detect such userspace issue. As this could
happen only with new userspace code that changes ID registers,
I might rather prefer the latter?
Thanks,
Reiji
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-03-24 20:24 UTC|newest]
Thread overview: 144+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-11 4:47 [PATCH v6 00/25] KVM: arm64: Make CPU ID registers writable by userspace Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 01/25] KVM: arm64: Introduce a validation function for an ID register Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-22 7:42 ` Oliver Upton
2022-03-22 7:42 ` Oliver Upton
2022-03-22 7:42 ` Oliver Upton
2022-03-23 6:06 ` Reiji Watanabe
2022-03-23 6:06 ` Reiji Watanabe
2022-03-23 6:06 ` Reiji Watanabe
2022-03-23 7:05 ` Oliver Upton
2022-03-23 7:05 ` Oliver Upton
2022-03-23 7:05 ` Oliver Upton
2022-03-24 6:00 ` Reiji Watanabe
2022-03-24 6:00 ` Reiji Watanabe
2022-03-24 6:00 ` Reiji Watanabe
2022-03-24 7:37 ` Oliver Upton
2022-03-24 7:37 ` Oliver Upton
2022-03-24 7:37 ` Oliver Upton
2022-03-29 1:57 ` Reiji Watanabe
2022-03-29 1:57 ` Reiji Watanabe
2022-03-29 1:57 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 02/25] KVM: arm64: Save ID registers' sanitized value per guest Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-23 19:22 ` Oliver Upton
2022-03-23 19:22 ` Oliver Upton
2022-03-23 19:22 ` Oliver Upton
2022-03-24 16:23 ` Reiji Watanabe
2022-03-24 16:23 ` Reiji Watanabe
2022-03-24 16:23 ` Reiji Watanabe
2022-03-24 17:54 ` Oliver Upton
2022-03-24 17:54 ` Oliver Upton
2022-03-24 17:54 ` Oliver Upton
2022-03-26 2:35 ` Reiji Watanabe
2022-03-26 2:35 ` Reiji Watanabe
2022-03-26 2:35 ` Reiji Watanabe
2022-03-27 22:57 ` Oliver Upton
2022-03-27 22:57 ` Oliver Upton
2022-03-27 22:57 ` Oliver Upton
2022-03-28 0:04 ` Reiji Watanabe
2022-03-28 0:04 ` Reiji Watanabe
2022-03-28 0:04 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 03/25] KVM: arm64: Introduce struct id_reg_desc Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 04/25] KVM: arm64: Make ID_AA64PFR0_EL1 writable Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 05/25] KVM: arm64: Make ID_AA64PFR1_EL1 writable Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 06/25] KVM: arm64: Make ID_AA64ISAR0_EL1 writable Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 07/25] KVM: arm64: Make ID_AA64ISAR1_EL1 writable Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 08/25] KVM: arm64: Make ID_AA64MMFR0_EL1 writable Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 09/25] KVM: arm64: Make ID_AA64DFR0_EL1/ID_DFR0_EL1 writable Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 10/25] KVM: arm64: Make MVFR1_EL1 writable Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 11/25] KVM: arm64: Add remaining ID registers to id_reg_desc_table Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-23 19:53 ` Oliver Upton
2022-03-23 19:53 ` Oliver Upton
2022-03-23 19:53 ` Oliver Upton
2022-03-23 20:13 ` Ricardo Koller
2022-03-23 20:13 ` Ricardo Koller
2022-03-23 20:13 ` Ricardo Koller
2022-03-23 20:44 ` Oliver Upton
2022-03-23 20:44 ` Oliver Upton
2022-03-23 20:44 ` Oliver Upton
2022-03-23 22:22 ` Ricardo Koller
2022-03-23 22:22 ` Ricardo Koller
2022-03-23 22:22 ` Ricardo Koller
2022-03-23 22:25 ` Oliver Upton
2022-03-23 22:25 ` Oliver Upton
2022-03-23 22:25 ` Oliver Upton
2022-03-24 2:26 ` Oliver Upton
2022-03-24 2:26 ` Oliver Upton
2022-03-24 2:26 ` Oliver Upton
2022-03-24 20:23 ` Reiji Watanabe [this message]
2022-03-24 20:23 ` Reiji Watanabe
2022-03-24 20:23 ` Reiji Watanabe
2022-03-24 23:01 ` Oliver Upton
2022-03-24 23:01 ` Oliver Upton
2022-03-24 23:01 ` Oliver Upton
2022-03-25 5:15 ` Reiji Watanabe
2022-03-25 5:15 ` Reiji Watanabe
2022-03-25 5:15 ` Reiji Watanabe
2022-03-25 8:51 ` Oliver Upton
2022-03-25 8:51 ` Oliver Upton
2022-03-25 8:51 ` Oliver Upton
2022-03-11 4:47 ` [PATCH v6 12/25] KVM: arm64: Use id_reg_desc_table for ID registers Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` [PATCH v6 13/25] KVM: arm64: Add consistency checking for frac fields of " Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:47 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 14/25] KVM: arm64: Introduce KVM_CAP_ARM_ID_REG_CONFIGURABLE capability Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 15/25] KVM: arm64: Add kunit test for ID register validation Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 16/25] KVM: arm64: Use vcpu->arch cptr_el2 to track value of cptr_el2 for VHE Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 17/25] KVM: arm64: Use vcpu->arch.mdcr_el2 to track value of mdcr_el2 Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 18/25] KVM: arm64: Introduce framework to trap disabled features Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 19/25] KVM: arm64: Trap disabled features of ID_AA64PFR0_EL1 Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 20/25] KVM: arm64: Trap disabled features of ID_AA64PFR1_EL1 Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 21/25] KVM: arm64: Trap disabled features of ID_AA64DFR0_EL1 Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 22/25] KVM: arm64: Trap disabled features of ID_AA64MMFR1_EL1 Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 23/25] KVM: arm64: Trap disabled features of ID_AA64ISAR1_EL1 Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 24/25] KVM: arm64: Add kunit test for trap initialization Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` [PATCH v6 25/25] KVM: arm64: selftests: Introduce id_reg_test Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
2022-03-11 4:48 ` Reiji Watanabe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAeT=FwkXSpwtCOrggwg=V72TYCRb24rqHYVUGd+gTEA-jN66w@mail.gmail.com' \
--to=reijiw@google.com \
--cc=alexandru.elisei@arm.com \
--cc=drjones@redhat.com \
--cc=james.morse@arm.com \
--cc=jingzhangos@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=liangpeng10@huawei.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=rananta@google.com \
--cc=ricarkol@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.