Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp2063165iob; Fri, 29 Apr 2022 21:17:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzy6ZIsqSPzq69CHbICuUiAJolmMboSTDR/axW7U7fFeaVEcsf8JjMdIb2Pq2u/gbI69pkQ X-Received: by 2002:a63:5710:0:b0:399:365e:5dde with SMTP id l16-20020a635710000000b00399365e5ddemr1935375pgb.192.1651292240436; Fri, 29 Apr 2022 21:17:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651292240; cv=none; d=google.com; s=arc-20160816; b=h0+mMoFNsc0kMYP7fiWuSlNEmfrQQN9nAJWZPDsijb026grkVJJ6OE2SxKB9T2eaCh ImpBrprsANr6UN68k22OaIhGe1Tp/gagjZMNIHUKu2L1+2SOhTrS7LhkP+McYZkMaqL8 vADJ+EQNuzDBtQ7nblTMtsHj7+yD/vaWYKENBjrLPMz3Ly1OvUW46NIFUf4NMlYaN+jk NBgGmJ7VHizlGan0Uj0C47dk8SjTOPnbbvrBfNw9BJyIFSoJNfv8/OvdXGAfO4IAwYoz yQbEcT9zQdcUCLcE3FIfDvNH/uv4ACPS077xJSVtflPo0pCSyfEt/BX4uU0TKdwYHVPk dEXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=19w9K5HaCiHjRbqySOpO9kP4rZbUP06yF4CGml4ol5M=; b=ViqiMPN5CftpQlw8dH6cdF//ISfyi/JuV+nWMmi3L+cy0T9pABkNXzfy5tcDMF4yO1 ocJZpIR6/1ixY4xiTG5UVlOSIJxBfbU5LahqzP6cVgGWOzUEZwuMI6y0MXCy7RWBcAiU //IgNkPVhsQQxwjQ2wT3ef3LPyDJBRFnixNX2IIU8ivfCIok9KGveq2LxNSe6xCPXsVF SqtECoReRF7+d5LCcAK4EtZ9E7wLcdjyASFimHSa1aiGcb+ZHYEgtUI+nQ1kaHo58EBo CCe85sNRW3zDLw9LE4/R0fCch9mHNr7Yr2iNdc5iPdyHlJtDuevHa6ESAiGyfvuVxlMc NYdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="R4cw/wki"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r25-20020a632059000000b003a303daed2dsi8644950pgm.631.2022.04.29.21.17.04; Fri, 29 Apr 2022 21:17:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="R4cw/wki"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237384AbiD2EmP (ORCPT + 99 others); Fri, 29 Apr 2022 00:42:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230133AbiD2EmN (ORCPT ); Fri, 29 Apr 2022 00:42:13 -0400 Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7438BCB74 for ; Thu, 28 Apr 2022 21:38:56 -0700 (PDT) Received: by mail-il1-x129.google.com with SMTP id t4so3287962ilo.12 for ; Thu, 28 Apr 2022 21:38:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=19w9K5HaCiHjRbqySOpO9kP4rZbUP06yF4CGml4ol5M=; b=R4cw/wki/iFwm7iRhPkWHnMfaPMzatdA1JE/2rLEqscDUaO2QfDeIqhtdKP+gN810J k62JP5taHuF/AO7Z6pblazkYdiNJEAOdt8DzJUone1x4aEdeAmmS5gt7oL2CUun4mJaj xJkcG4G2pmga03RXtSOew01OlpATmK9VH/sm1okizbouCqWAYYvSt2nxKwm5wj2Ae2mo MFlvITdX0Zh0L1tseUkF1BqDE9Hq4ER4CuXLDk/3YzkZOYgTEZTuDnAJupmEg8DvOqVC zWlSrBKV7ME+wuo5wKE1odp102ihdkH0wZ9tpbd7GHlTeQMWlWHDrj0V8hdD9s5h7dYY XhLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=19w9K5HaCiHjRbqySOpO9kP4rZbUP06yF4CGml4ol5M=; b=0kt4913QzyT8YbVFcDmCYSDUYqZ+c60GKe3XjXMDO5kmXIiTZ4zvjNbUy2k88Xvdge /0iit9l+8rLDPchIwomxWOfqhXEQn0g7JnxCHog5ER7+dK2UcQ7Ozhu4tDItyx72F2Ku +1RfIkWqcWaC55HsJ9O69LYu//RDlET2elx6cmbht6527vVBCVn2jKiUfUp9XJsuv6x0 9tQRAvxv2m50oKMFPg8JoXY0vVqOw/R7RnnghuvLS8rXV1VAjh+WjR89nJJ1YUMVZQuP p9H0WA3ESMl9l4JhQUvq08P8PtV614KsltlubumgNwhCN0GpcLLe+XjKM5TgAoIpm9nS MG2A== X-Gm-Message-State: AOAM533GCmW+vcYBPPl0qSgmbG1J11J8sGzxNkS6Tvx2aRqZDV4fs/RX wCfLqIU9EWKZaBZOz/gWaRugfA== X-Received: by 2002:a92:c24c:0:b0:2cd:8a7d:b606 with SMTP id k12-20020a92c24c000000b002cd8a7db606mr11123474ilo.64.1651207135640; Thu, 28 Apr 2022 21:38:55 -0700 (PDT) Received: from google.com (194.225.68.34.bc.googleusercontent.com. [34.68.225.194]) by smtp.gmail.com with ESMTPSA id r7-20020a02c6c7000000b0032b3a781792sm281222jan.86.2022.04.28.21.38.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Apr 2022 21:38:54 -0700 (PDT) Date: Fri, 29 Apr 2022 04:38:50 +0000 From: Oliver Upton To: Paolo Bonzini Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Will Deacon , Marc Zyngier , Peter Gonda , Sean Christopherson Subject: Re: [PATCH for-5.18] KVM: fix bad user ABI for KVM_EXIT_SYSTEM_EVENT Message-ID: References: <20220422103013.34832-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220422103013.34832-1-pbonzini@redhat.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Paolo, On Fri, Apr 22, 2022 at 12:30:13PM +0200, Paolo Bonzini wrote: > When KVM_EXIT_SYSTEM_EVENT was introduced, it included a flags > member that at the time was unused. Unfortunately this extensibility > mechanism has several issues: > > - x86 is not writing the member, so it is not possible to use it > on x86 except for new events > > - the member is not aligned to 64 bits, so the definition of the > uAPI struct is incorrect for 32-bit userspace. This is a problem > for RISC-V, which supports CONFIG_KVM_COMPAT. > > Since padding has to be introduced, place a new field in there > that tells if the flags field is valid. To allow further extensibility, > in fact, change flags to an array of 16 values, and store how many > of the values are valid. The availability of the new ndata field > is tied to a system capability; all architectures are changed to > fill in the field. > > For compatibility with userspace that was using the flags field, > a union overlaps flags with data[0]. > > Supersedes: <20220421180443.1465634-1-pbonzini@redhat.com> > Cc: Will Deacon > Cc: Marc Zyngier > Cc: Peter Gonda > Cc: Sean Christopherson > Signed-off-by: Paolo Bonzini > --- > Documentation/virt/kvm/api.rst | 24 +++++++++++++++++------- > arch/arm64/kvm/psci.c | 3 ++- > arch/riscv/kvm/vcpu_sbi.c | 3 ++- > arch/x86/kvm/x86.c | 2 ++ > include/uapi/linux/kvm.h | 8 +++++++- > virt/kvm/kvm_main.c | 1 + > 6 files changed, 31 insertions(+), 10 deletions(-) > > diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst > index 85c7abc51af5..4a900cdbc62e 100644 > --- a/Documentation/virt/kvm/api.rst > +++ b/Documentation/virt/kvm/api.rst > @@ -5986,16 +5986,16 @@ should put the acknowledged interrupt vector into the 'epr' field. > #define KVM_SYSTEM_EVENT_RESET 2 > #define KVM_SYSTEM_EVENT_CRASH 3 > __u32 type; > - __u64 flags; > + __u32 ndata; > + __u64 data[16]; This is out of sync with the union { flags; data; } now. IMO, we should put a giant disclaimer on all of this to *not* use the flags field and instead only use data. I imagine we wont want to persist the union forever as it is quite ugly, but necessary. [...] > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index 91a6fe4e02c0..f903ab0c8d7a 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -445,7 +445,11 @@ struct kvm_run { > #define KVM_SYSTEM_EVENT_RESET 2 > #define KVM_SYSTEM_EVENT_CRASH 3 > __u32 type; > - __u64 flags; > + __u32 ndata; > + union { > + __u64 flags; > + __u64 data[16]; > + }; > } system_event; > /* KVM_EXIT_S390_STSI */ > struct { > @@ -1144,6 +1148,8 @@ struct kvm_ppc_resize_hpt { > #define KVM_CAP_S390_MEM_OP_EXTENSION 211 > #define KVM_CAP_PMU_CAPABILITY 212 > #define KVM_CAP_DISABLE_QUIRKS2 213 > +/* #define KVM_CAP_VM_TSC_CONTROL 214 */ This sticks out a bit. Couldn't the VM TSC control patch just use a different number? It seems that there will be a conflict anyway, if only to delete this comment. How do we go about getting CAP numbers for features coming in from other architectures? An eager backport (such as the Android case that made us look at a union) would wind up using the wrong capability for a feature. -- Thanks, Oliver