Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1160425pxb; Fri, 21 Jan 2022 11:08:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJzhzDlUPVgzvZfDcO4j8dacc09gERiuE4HZuIE6qIrOT3DN1k38WmZCtvbywaPuKxkehoun X-Received: by 2002:a17:902:6544:b0:149:8222:4b62 with SMTP id d4-20020a170902654400b0014982224b62mr4950141pln.114.1642792085466; Fri, 21 Jan 2022 11:08:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642792085; cv=none; d=google.com; s=arc-20160816; b=mMMWqo/vBDO+TySCmsJ0o6vNUDcOTlhbtopwbZpcg1eteoil4Ts5+olwC/gUxE1Gf+ 8E8Dvr3yA/6dLBb/pq35JqXepmkMjXLJyG7nsgmDq7qt/2/aoWbxyy2D7vli1C/tWiUI WaDs7KwVumlQHghlOJFPZb5l03qOulvPJkAKqpWe7VY8BOIWC8GWY/fMFqo2AmksEaGi Eh5N7CDKy1xGzoBL3LbnNRogCxzBKKqD8MmeQNadFnKDLJ+vr6IpZOA3ZwIe2ktvIWHI I/51KCPQTru1CX48oMZh2wgzGIUyk6oCKzWcH/suJ10S7U8uYQvVCzxMD3c+4JTP+ceS FWEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:subject:cc:to:from:message-id :date:dkim-signature; bh=oVKQdWXY9Jp4KVrWduD6BSWJoaAqd8+57mz5HYtVwBU=; b=bsFblqKZyewllU8nc/sXJA8uSNFUlKnF0eyKZZqDwsECwnoRmYRuq+Ha7GWdscjcTG 8U+9XVh2ALg+TZR/5wIV2o+/FVX9X/iTODfiFycQ0ir2rI8kKPX7R1rlUonHTIq6Dx4y 86AMN+GsJQdtpneUvCXbwHnDiRSZUKCHFDWffwlsa86PDErPf7eZhUJwE5yzO1sfTJjy 9ogEI47JgfERm1fdlj7XOnr8JgPb7NDm9/IWiSqNWcBMEiOpT77CG48ALlL7YhQ4SBpQ JwuD/FRMZR6CsxOppOjDwN/62yd7xhpbb6nwVFaT35MIw0Pb7YfxHCELjS/wJ699reyA +lcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CDzzzwVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z11si7869564pfe.46.2022.01.21.11.07.52; Fri, 21 Jan 2022 11:08:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CDzzzwVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349531AbiASKVZ (ORCPT + 99 others); Wed, 19 Jan 2022 05:21:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240254AbiASKVY (ORCPT ); Wed, 19 Jan 2022 05:21:24 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2730CC061574; Wed, 19 Jan 2022 02:21:24 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BBD6061571; Wed, 19 Jan 2022 10:21:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2BC9AC004E1; Wed, 19 Jan 2022 10:21:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642587683; bh=cP9cLTMdUSfF40o+P6T3LFzIpDG8KykxdcBvwSmIf8o=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=CDzzzwVotsmKyOYUjqR0h8Y9SowCQOZoRlzI9UqqqOaI/AfV3HDu8bFn/q6AZ+e9Z R8s6cbEQuw2EkCkBaYnhAEj1ROLtiqTbTAB8gqa+YPB/d7oYuJ4Bdy94IqngPMcJ1J 3OJbKVBq9DD1AD2PgsFWc6pag8DABg/JYHsY+Hae72JEu4mFUC/uZg7qOO5CIp2++i t6J83yx7NxxjNPFsuTvWM9tSM//ASfPGxpLUn+huASndGzL0Gom8pGDYMoqs1aH2Nx pEUGWDkyODqJ+AcaoqRC6Ko2ZX1w8BFl17pz3CjgQ9OUxkeukHDvueRJDL48Tzvvtu HdLj31S+fGbTg== Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nA85g-001Ren-K2; Wed, 19 Jan 2022 10:21:20 +0000 Date: Wed, 19 Jan 2022 10:21:20 +0000 Message-ID: <87ee5481r3.wl-maz@kernel.org> From: Marc Zyngier To: Jason Wang Cc: Raghavendra Rao Ananta , Andrew Jones , James Morse , Alexandru Elisei , Suzuki K Poulose , Paolo Bonzini , Catalin Marinas , Will Deacon , Peter Shier , Ricardo Koller , Oliver Upton , Reiji Watanabe , Jing Zhang , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Subject: Re: [RFC PATCH v3 04/11] KVM: arm64: Setup a framework for hypercall bitmap firmware registers In-Reply-To: <960d4166-1718-55ef-d324-507a8add7e3e@redhat.com> References: <20220104194918.373612-1-rananta@google.com> <20220104194918.373612-5-rananta@google.com> <960d4166-1718-55ef-d324-507a8add7e3e@redhat.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: jasowang@redhat.com, rananta@google.com, drjones@redhat.com, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, pbonzini@redhat.com, catalin.marinas@arm.com, will@kernel.org, pshier@google.com, ricarkol@google.com, oupton@google.com, reijiw@google.com, jingzhangos@google.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kvm@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 19 Jan 2022 06:42:15 +0000, Jason Wang wrote: >=20 >=20 > =E5=9C=A8 2022/1/5 =E4=B8=8A=E5=8D=883:49, Raghavendra Rao Ananta =E5=86= =99=E9=81=93: > > KVM regularly introduces new hypercall services to the guests without > > any consent from the Virtual Machine Manager (VMM). This means, the > > guests can observe hypercall services in and out as they migrate > > across various host kernel versions. This could be a major problem > > if the guest discovered a hypercall, started using it, and after > > getting migrated to an older kernel realizes that it's no longer > > available. Depending on how the guest handles the change, there's > > a potential chance that the guest would just panic. > >=20 > > As a result, there's a need for the VMM to elect the services that > > it wishes the guest to discover. VMM can elect these services based > > on the kernels spread across its (migration) fleet. To remedy this, > > extend the existing firmware psuedo-registers, such as > > KVM_REG_ARM_PSCI_VERSION, for all the hypercall services available. >=20 >=20 >=20 > Haven't gone through the series but I wonder whether it's better to > have a (e)BPF filter for this like seccomp. No, please. This has to fit in the save/restore model, and should be under control of the VMM. If you want to filter things using seccomp, that's fine, but also that's completely orthogonal. M. --=20 Without deviation from the norm, progress is not possible.