Received: by 10.213.65.68 with SMTP id h4csp2557043imn; Mon, 9 Apr 2018 05:34:23 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+dIWE0ksAr6+DhAiNt0BUdndDvi+6esRo6blLKI7QFwrAis8CPuCcD3lkJnf4mP+Ffndp4 X-Received: by 10.101.76.129 with SMTP id m1mr24720171pgt.90.1523277263726; Mon, 09 Apr 2018 05:34:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523277263; cv=none; d=google.com; s=arc-20160816; b=snciwTnYqaGCFktROwrRYro+V8MT7vg8Oz/BcNvyuBcqluIyNo9jDFSZKZ2gOndkks fKDEUgJ1rwhkp2xsCPHUPKMLr3MimmhDd5GpAOhAWKNRzaxy30uKZIaO5kqx1vdqJngI 8XlSfk6aU6ewx5MizZNr75vI7nEB4w3gqRFK8VJQa/pOxIGBx9C82u4dYZW9aRQWn92G e6ALvD9fmMMmrnTkbWMtKs6W9ufllkfZ2DySbLbUuZnIiY/akSnOjbfaAn2MamVulCM4 GYvrm7g9NpjZzrblMOClus3jhF4GLPsS5qePFaCvGpiZOJJ3DysHgEI12nf6QEY6Urij pTmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=BeUblH31kWIAKCZ+QkFGvhjhkoXD/rH/ZzWsuKu6t2g=; b=d2XvBaJb6YJmD5Lq/ejoOI/yYRoTvDdhsb+DskuLXuj5ZRMWleVXGVRToID0LQBi9E lICACAf3G9rrXxXCizpZg0UXbP5KrqtNBgK6MgQ1bHCZdyKhBF1zY6qHrDz/wSebHwOV MTg4betu1zgXmwd0JSBXtt0wZX5yO9r8wkmxUy8foH0qQx18DQO76RgggTfMMFVr4M88 VNOj17bmKl6tVCHmLIdQomBkUvUxjhInP1O7vZvC5D//x+J6GwMyCzgFgVfSa+ifIYS/ fooZv2SvjOTbc/fbgI7iKCJeU3LBF00SXaSCXOh/EEJEjfmQ0xp++74S8tnPNTT95QbG eQww== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@christofferdall-dk.20150623.gappssmtp.com header.s=20150623 header.b=1ER7xsh7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q12-v6si202716plk.559.2018.04.09.05.33.47; Mon, 09 Apr 2018 05:34:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@christofferdall-dk.20150623.gappssmtp.com header.s=20150623 header.b=1ER7xsh7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751896AbeDIMaq (ORCPT + 99 others); Mon, 9 Apr 2018 08:30:46 -0400 Received: from mail-wm0-f52.google.com ([74.125.82.52]:33710 "EHLO mail-wm0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751548AbeDIMap (ORCPT ); Mon, 9 Apr 2018 08:30:45 -0400 Received: by mail-wm0-f52.google.com with SMTP id o23so17456563wmf.0 for ; Mon, 09 Apr 2018 05:30:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=christofferdall-dk.20150623.gappssmtp.com; s=20150623; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=BeUblH31kWIAKCZ+QkFGvhjhkoXD/rH/ZzWsuKu6t2g=; b=1ER7xsh7h1Y8Pzes134oGmVrG47EZSC2Ld02q8jWsYjrU6pYLw/CKfv9JM8yc65cNN kVNkw6GaxE40Dv1CN2GVcwoZ9Q+gcMJOAJWcQR6b96ZhVy9316hPDO805pJ7oey49B50 mc8wOutM1mEK0bmd88dKtv0LlQFXOMD7PENfcm9q7NqV62r7ybRAuAo4u9eoCb6wjbcr LAzAI6sZrfG9i1uTKqTgwrze9NRC/0mjkJVOKPorCGLBz5LkOctXDK+5Ub7ru2290plU n2jlIYOrJf8EcfeEw1sqPPLKgl6lyaEq1+jSoEFXGe6/Mr8zd3mstkUuyEJTYkWRSl9N cMew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=BeUblH31kWIAKCZ+QkFGvhjhkoXD/rH/ZzWsuKu6t2g=; b=P8ADijqeub5EUlMHQcXqmlMeKvpJyKqV2W38lezVB5WBXwV6qVx8yxVkVZxBQdqJ8I JlIJDk20RUIaDEx2w4IgxrilYu94o6ypc9KG/L2sVI3dVmYTplVOhuFI78uutJ/IukNE XLh8NJM57ajhy7FEA4Uf8hifKQlJ5S+x/B4q9OtNiuIxs8WKalA1tCpGLhI8i6faw3U4 w9XBILgBOu2L3til5o9sqFDPmN2q/DbZtZRjalnAwqULHq+V2sU6B4fQ1x2QxZnp/4nf 7+1IBCvvu0/ouTAnMoIqdf1fm1tBoqfwjyoR0rjYNwMRcSomgOxcfRESXIznKghFYK4E 2Hsg== X-Gm-Message-State: ALQs6tANWzM5hV4MLLOvpAJOoaxKFYzO+ZH30ssRmhKkA/ILyAvB1f3F nhMULuildaTLckJVzgcgU3FM2g== X-Received: by 10.80.148.229 with SMTP id t34mr22068703eda.146.1523277043509; Mon, 09 Apr 2018 05:30:43 -0700 (PDT) Received: from localhost (x50d2404e.cust.hiper.dk. [80.210.64.78]) by smtp.gmail.com with ESMTPSA id f8sm276495edn.36.2018.04.09.05.30.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Apr 2018 05:30:42 -0700 (PDT) Date: Mon, 9 Apr 2018 14:30:42 +0200 From: Christoffer Dall To: Marc Zyngier Cc: Peter Maydell , lkml - Kernel Mailing List , arm-mail-list , kvmarm@lists.cs.columbia.edu Subject: Re: [REPOST PATCH] arm/arm64: KVM: Add PSCI version selection API Message-ID: <20180409123042.GD10904@cbox> References: <20180215175803.6870-1-marc.zyngier@arm.com> <86o9k63f7a.wl-marc.zyngier@arm.com> <20180306092134.4bfbz34yhqfrfdlf@kamzik.brq.redhat.com> <8042f946-49bf-5fc1-f513-4b76ccd5f7d6@arm.com> <86169dc0-b13c-fab9-eaca-363d3873ad10@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86169dc0-b13c-fab9-eaca-363d3873ad10@arm.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 15, 2018 at 07:26:48PM +0000, Marc Zyngier wrote: > On 15/03/18 19:13, Peter Maydell wrote: > > On 15 March 2018 at 19:00, Marc Zyngier wrote: > >> On 06/03/18 09:21, Andrew Jones wrote: > >>> On Mon, Mar 05, 2018 at 04:47:55PM +0000, Peter Maydell wrote: > >>>> On 2 March 2018 at 11:11, Marc Zyngier wrote: > >>>>> On Fri, 02 Mar 2018 10:44:48 +0000, > >>>>> Auger Eric wrote: > >>>>>> I understand the get/set is called as part of the migration process. > >>>>>> So my understanding is the benefit of this series is migration fails in > >>>>>> those cases: > >>>>>> > >>>>>>> =0.2 source -> 0.1 destination > >>>>>> 0.1 source -> >=0.2 destination > >>>>> > >>>>> It also fails in the case where you migrate a 1.0 guest to something > >>>>> that cannot support it. > >>>> > >>>> I think it would be useful if we could write out the various > >>>> combinations of source, destination and what we expect/want to > >>>> have happen. My gut feeling here is that we're sacrificing > >>>> exact migration compatibility in favour of having the guest > >>>> automatically get the variant-2 mitigations, but it's not clear > >>>> to me exactly which migration combinations that's intended to > >>>> happen for. Marc? > >>>> > >>>> If this wasn't a mitigation issue the desired behaviour would be > >>>> straightforward: > >>>> * kernel should default to 0.2 on the basis that > >>>> that's what it did before > >>>> * new QEMU version should enable 1.0 by default for virt-2.12 > >>>> and 0.2 for virt-2.11 and earlier > >>>> * PSCI version info shouldn't appear in migration stream unless > >>>> it's something other than 0.2 > >>>> But that would leave some setups (which?) unnecessarily without the > >>>> mitigation, so we're not doing that. The question is, exactly > >>>> what *are* we aiming for? > >>> > >>> The reason Marc dropped this patch from the series it was first introduced > >>> in was because we didn't have the aim 100% understood. We want the > >>> mitigation by default, but also to have the least chance of migration > >>> failure, and when we must fail (because we're not doing the > >>> straightforward approach listed above, which would prevent failures), then > >>> we want to fail with the least amount of damage to the user. > >>> > >>> I experimented with a couple different approaches and provided tables[1] > >>> with my results. I even recommended an approach, but I may have changed > >>> my mind after reading Marc's follow-up[2]. The thread continues from > >>> there as well with follow-ups from Christoffer, Marc, and myself. Anyway, > >>> Marc did this repost for us to debate it and work out the best approach > >>> here. > >> It doesn't look like we've made much progress on this, which makes me > >> think that we probably don't need anything of the like. > > > > I was waiting for a better explanation from you of what we're trying to > > achieve. If you want to take the "do nothing" approach then a list > > also of what migrations succeed/fail/break in that case would also > > be useful. > > > > (I am somewhat lazily trying to avoid having to spend time reverse > > engineering the "what are we trying to do and what effects are > > we accepting" parts from the patch and the code that's already gone > > into the kernel.) > > OK, let me (re)state the problem: > > For a guest that requests PSCI 0.2 (i.e. all guests from the past 4 or 5 > years), we now silently upgrade the PSCI version to 1.0 allowing the new > SMCCC to be discovered, and the ARCH_WORKAROUND_1 service to be called. > > Things get funny, specially with migration (and the way QEMU works). > > If we "do nothing": > > (1) A guest migrating from an "old" host to a "new" host will silently > see its PSCI version upgraded. Not a big deal in my opinion, as 1.0 is a > strict superset of 0.2 (apart from the version number...). > > (2) A guest migrating from a "new" host to an "old" host will silently > loose its Spectre v2 mitigation. That's quite a big deal. > > (3, not related to migration) A guest having a hardcoded knowledge of > PSCI 0.2 will se that we've changed something, and may decide to catch > fire. Oh well. > > If we take this patch: > > (1) still exists No problem, IMHO. > > (2) will now fail to migrate. I see this as a feature. Yes, I agree. This is actually the most important reason for doing anything beyond what's already merged. > > (3) can be worked around by setting the "PSCI version pseudo register" > to 0.2. Nice to have, but we're probably not expecting this to be of major concern. I initially thought it was a nice debugging feature as well, but that may be a ridiculous point. > > These are the main things I can think of at the moment. So I think we we should merge this patch. If userspace then wants to support "migrate from explicitly set v0.2 new kernel to old kernel", then it must add specific support to filter out the register from the register list; not that I think anyone will need that or bother to implement it. In other words, I think you should merge this: Reviewed-by: Christoffer Dall