Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1055896pxb; Fri, 21 Jan 2022 08:59:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJwUIuPnCPY4wDD1+VhAfXdKPlV+iZAgn3zx5nuf9U4T++7EzSOEZrSqHlwKW1RbYoZyP9ec X-Received: by 2002:a63:c5e:: with SMTP id 30mr3505692pgm.522.1642784339875; Fri, 21 Jan 2022 08:58:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642784339; cv=none; d=google.com; s=arc-20160816; b=MLIo9ODU9XPhuGSE+l14k0WxCSNTn1OsRVs6JGpVDkij6tviorwmIA07LsaTBks5hW LtQp844HDTg+UkrMLYaar0H8o85pZNSBBMntxzf81hjcByZGX2/SyabUsOwXK8Cl2o91 u53S+I6eCMW5Lc5drAMHSYKMyuh3uQyR3yhHv9eVdiPvWOAWaF157DfMJWwhB81yXzvL NHFFEdSEj84Xx5aC4ov7agOQoCpJ1ph9yozoF+njiaj8ckx709N4QmBinok87A4V6v1s 1kgJ066UmFCnuWjxRR2AHchAqyQurVHUEOqCEPyX6W5eup709s0y9HOf8pruEx/KI123 QZyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=MF1FuGFJdpOohIJ1ssXp+qAxwbB16v8stQCdey9tRcg=; b=SK7AJOiH2/du807pWRGD5u/C19tuZjKRrFgdxaMbTyWPSbtFo3WSuUacEyK3H1uoLN 2JgkciziJKs9r58X83K25lCDcNauFhGFkQkugE6+/ztZTos3iswBYS9/KzjYe+62dUSR VXJ5HMImrSSMYJXpKY9Mb/O+wI7BZRnhNc/ZNnzVgUrIBMy8hVa2Er17zMchZUv5wEr2 7fY9Us/4NroKqqi9OQ5sTZeDcT+Rnfv2iUPlZVdAgObJ/b1OEqwqoY1jSH2sy9NaRvo0 QcLWndpPTXpyd5/W6ThRgaZuijn/l+63sG0zvd7HNWOU1UkWbVt4gwz4YAlVymcaVcto lwaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="QZBh/S5o"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p1si12850723pjn.161.2022.01.21.08.58.47; Fri, 21 Jan 2022 08:58:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="QZBh/S5o"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351164AbiASGmc (ORCPT + 99 others); Wed, 19 Jan 2022 01:42:32 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:38643 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236370AbiASGm0 (ORCPT ); Wed, 19 Jan 2022 01:42:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642574546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MF1FuGFJdpOohIJ1ssXp+qAxwbB16v8stQCdey9tRcg=; b=QZBh/S5obycedEYcYaocchDNEmgUeR43nEDnaNyTj+97rjCscl+6hH8qBqmrtIrZGvS/Xa IENGxSyS1ox7p3VrJlpChoMs3i9h4aselNMMUw+gxFTCf4B4Ulf56hBDGbJzMDml1eDe7x eLWC168nji/3dRoveVxYmSXaNGqRJWs= Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-592-90E7adCIO0-IBJXRDM1T5Q-1; Wed, 19 Jan 2022 01:42:24 -0500 X-MC-Unique: 90E7adCIO0-IBJXRDM1T5Q-1 Received: by mail-pj1-f72.google.com with SMTP id q1-20020a17090a064100b001b4d85cbaf7so2690325pje.9 for ; Tue, 18 Jan 2022 22:42:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=MF1FuGFJdpOohIJ1ssXp+qAxwbB16v8stQCdey9tRcg=; b=nWhvi7qCLXuki6k5zy/hhYyGbuV3l6cbHlxGtgYraHNhTK0/2tUB+8GL+ZfSGgy3GA SXGFZDK4x89vNvIxvdDJJbwS2gtLm4lv4PO6baQNE7Qr+UBy2wF6o7NZqpojBegGum88 CfgE+ZKldIp+reYWI+MpS7c5spZ+m56ES8MwGFz2G2ocC4J7fykuA4sKG51o+gEsuXQq fQCGYg8S+yUihJbwji3aZs50h7J3RDNTVdqlK4rVgk0i1TGa686o1OB+kOYtxS8OnOKJ eu0DAPy3w2DSkzPG6uRqcUQ6YF21D3sBlv8Y7vXGF8eT/kn9gaINQw0t6Q2ZY605kCXS UN4g== X-Gm-Message-State: AOAM531DxPbarHCYuZ6o8xmXdzs8+osg7GiFPsNFzHnXV9hKiNWFH2W8 RqAabblq067+QE2xXyarfugUduyH1eaSluTZYVaBZM3spXkI49Go+j/9/MhOprkmUf/hxDpv1ts RQh0QArnSuMtwt4NtULdCEUVB X-Received: by 2002:a17:902:ac8f:b0:14a:ac30:47d7 with SMTP id h15-20020a170902ac8f00b0014aac3047d7mr16543325plr.168.1642574543714; Tue, 18 Jan 2022 22:42:23 -0800 (PST) X-Received: by 2002:a17:902:ac8f:b0:14a:ac30:47d7 with SMTP id h15-20020a170902ac8f00b0014aac3047d7mr16543301plr.168.1642574543414; Tue, 18 Jan 2022 22:42:23 -0800 (PST) Received: from [10.72.13.227] ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id x4sm4821921pjn.56.2022.01.18.22.42.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 18 Jan 2022 22:42:22 -0800 (PST) Message-ID: <960d4166-1718-55ef-d324-507a8add7e3e@redhat.com> Date: Wed, 19 Jan 2022 14:42:15 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [RFC PATCH v3 04/11] KVM: arm64: Setup a framework for hypercall bitmap firmware registers Content-Language: en-US To: Raghavendra Rao Ananta , Marc Zyngier , Andrew Jones , James Morse , Alexandru Elisei , Suzuki K Poulose Cc: Paolo Bonzini , Catalin Marinas , Will Deacon , Peter Shier , Ricardo Koller , Oliver Upton , Reiji Watanabe , Jing Zhang , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <20220104194918.373612-1-rananta@google.com> <20220104194918.373612-5-rananta@google.com> From: Jason Wang In-Reply-To: <20220104194918.373612-5-rananta@google.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2022/1/5 上午3:49, Raghavendra Rao Ananta 写道: > KVM regularly introduces new hypercall services to the guests without > any consent from the Virtual Machine Manager (VMM). This means, the > guests can observe hypercall services in and out as they migrate > across various host kernel versions. This could be a major problem > if the guest discovered a hypercall, started using it, and after > getting migrated to an older kernel realizes that it's no longer > available. Depending on how the guest handles the change, there's > a potential chance that the guest would just panic. > > As a result, there's a need for the VMM to elect the services that > it wishes the guest to discover. VMM can elect these services based > on the kernels spread across its (migration) fleet. To remedy this, > extend the existing firmware psuedo-registers, such as > KVM_REG_ARM_PSCI_VERSION, for all the hypercall services available. Haven't gone through the series but I wonder whether it's better to have a (e)BPF filter for this like seccomp. Thanks > > These firmware registers are categorized based on the service call > owners, and unlike the existing firmware psuedo-registers, they hold > the features supported in the form of a bitmap. > > The capability, KVM_CAP_ARM_HVC_FW_REG_BMAP, is used to announce > this extension, which returns the number of psuedo-firmware > registers supported. During the VM initialization, the registers > holds an upper-limit of the features supported by the corresponding > registers. It's expected that the VMMs discover the features > provided by each register via GET_ONE_REG, and writeback the > desired values using SET_ONE_REG. KVM allows this modification > only until the VM has started. > > Older VMMs can simply ignore the capability and the hypercall services > will be exposed unconditionally to the guests, thus ensuring backward > compatibility. > > In this patch, the framework adds the register only for ARM's standard > secure services (owner value 4). Currently, this includes support only > for ARM True Random Number Generator (TRNG) service, with bit-0 of the > register representing mandatory features of v1.0. Other services are > momentarily added in the upcoming patches. > > Signed-off-by: Raghavendra Rao Ananta