Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp2216104rwr; Fri, 28 Apr 2023 07:35:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4ibIEX3lIjAPsiII5ue7+vW7ie2DFPY/V10g1tkzc4RoenUCygZSGCEn2y1kcpei53ragC X-Received: by 2002:a05:6a00:2e04:b0:62a:63e6:3282 with SMTP id fc4-20020a056a002e0400b0062a63e63282mr7735428pfb.11.1682692557182; Fri, 28 Apr 2023 07:35:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682692557; cv=none; d=google.com; s=arc-20160816; b=rocdJdFvYnrbuh2/60u23gKV0R/+3sPW9eiDNkrrSaw1oOzqxE8slV1m9OXGonN9hB eesIi0WfL1V1UZPUEMSm6lOiPGT8hSja3PY0KV8oxgr6ipLXnBDhbF/7/N/v+w2m0Q3J KHhBn4mStfktp3yY50adjgjsyJzMZccbFlVjwN9fLCHWvHvBiryIF+4WL06fMjip2C9i sO7VI5fpTLf9EibXEbILb1CdKg8SQPiNlfTt2+Zg7SkWya1i5C6hkFJPzCSKqPWRIdJp /UMyB6re9XZoHD4gIXd+ETj/jaHj6nGGRX67cvIwQWyZy5q8VmB6D4DyrlI3NqJBllh+ KKnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=gnNojlXbMDN9N2lkFqtg0abQH7uELFRlQ/gsQlbk+ZM=; b=RZDHA5DtjgZAZGv6tuaWT+il7/o8bRnS4Zgu1/4fmFHIX9PmSFp8kzlbILv0ehAMwr laVbj1hgwZ2mdG0Zw/CWVbNsnCJtW8Le2jMWxhOEaTWb5MZkWx+IPZ+X3nMJSBCvfmQi OTf2Eqlb/TkyRWY35roFVoG56jgN6hM9iIVt7b8wBZkNaLN7Wxesknw8vKpeZ8aL7SCy nAQEFD6a7MDjV4l7qaBBacLRzj/MLSKAiYGJWPue775fVcLD9fzGluGGl6RIlZqcD0gJ XW7+Up5qL+TwVL3VxuM6VB5Hne/pptGG2QDDD89i/tkne0HqnYjiOOqoupNiMHQFlFRW OKEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microchip.com header.s=mchp header.b=KdV34ofT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=microchip.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a6-20020aa78e86000000b0062e024b49b8si21505869pfr.150.2023.04.28.07.35.41; Fri, 28 Apr 2023 07:35:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@microchip.com header.s=mchp header.b=KdV34ofT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=microchip.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230344AbjD1OZ5 (ORCPT + 99 others); Fri, 28 Apr 2023 10:25:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229623AbjD1OZ4 (ORCPT ); Fri, 28 Apr 2023 10:25:56 -0400 Received: from esa.microchip.iphmx.com (esa.microchip.iphmx.com [68.232.154.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A59C2719 for ; Fri, 28 Apr 2023 07:25:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=microchip.com; i=@microchip.com; q=dns/txt; s=mchp; t=1682691954; x=1714227954; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=gnNojlXbMDN9N2lkFqtg0abQH7uELFRlQ/gsQlbk+ZM=; b=KdV34ofTffWC8R+BPpjREnDf11PB06xxQM6NaQNNAIXNo81HYL2cqtxL 4Fl0uzBTc/u2eUF8Vj923My79ya+AJS8SZRj660iLmmlGsMEahDkyaCGy bYg2Wa0NAT6DnFI3JouYs18LbSet+CBnKY1Re0mw5mrZoolO3BLriDoV2 Ro9pyOCeLo0ZvgdWJVjzBAc4bCQiIcSBB6MRnorvqRF097UEhMYDU/O1Q ULnYwt/W6GzAFK5LyeEiwLOWM6Nn/enomz4DeK8uWlJu/zShTPcvRLO72 KNORII4DvvQMhI2ieGnmhvKmo+1hxTnIKJyrzfN6mDJS4alkGWKL9VPYP w==; X-IronPort-AV: E=Sophos;i="5.99,234,1677567600"; d="asc'?scan'208";a="212792438" X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN Received: from unknown (HELO email.microchip.com) ([170.129.1.10]) by esa2.microchip.iphmx.com with ESMTP/TLS/AES256-SHA256; 28 Apr 2023 07:25:53 -0700 Received: from chn-vm-ex04.mchp-main.com (10.10.85.152) by chn-vm-ex03.mchp-main.com (10.10.85.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Fri, 28 Apr 2023 07:25:51 -0700 Received: from wendy (10.10.115.15) by chn-vm-ex04.mchp-main.com (10.10.85.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Fri, 28 Apr 2023 07:25:49 -0700 Date: Fri, 28 Apr 2023 15:25:31 +0100 From: Conor Dooley To: Andrew Jones CC: Conor Dooley , Heiko =?iso-8859-1?Q?St=FCbner?= , , , , , , , , , , , , , , Subject: Re: [PATCH 4/4] RISC-V: add support for vendor-extensions via AT_BASE_PLATFORM and xthead Message-ID: <20230428-versus-shady-d20735a19d41@wendy> References: <20230424194911.264850-1-heiko.stuebner@vrull.eu> <20230424194911.264850-5-heiko.stuebner@vrull.eu> <20230426-spirits-ludicrous-a5d8275686e6@wendy> <5016896.Mh6RI2rZIc@diego> <20230427-maybe-skier-51e7cf09795c@spud> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3LKaALfH552SyaYA" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --3LKaALfH552SyaYA Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 28, 2023 at 12:28:24PM +0200, Andrew Jones wrote: > On Thu, Apr 27, 2023 at 07:28:49PM +0100, Conor Dooley wrote: > > On Thu, Apr 27, 2023 at 07:15:58PM +0200, Heiko St=FCbner wrote: > > > Am Mittwoch, 26. April 2023, 14:29:16 CEST schrieb Conor Dooley: > > > > On Mon, Apr 24, 2023 at 09:49:11PM +0200, Heiko Stuebner wrote: > > > > > From: Heiko Stuebner > ... > > > > What do you mean by virtualisation here? It's the job of the hyperv= isor > > > > etc to make sure that what it passes to its guest contains only wha= t it > > > > wants the guest to see, right? > > > > IIUC, that's another point against doing what this patch does. > > >=20 > > > I guess I'm still seeing Zbb and friends - with just computational > > > instructions as always good to have. But I guess you're right that the > > > hypervisor should be able to control itself which extensions. > >=20 > > Yah, there may not be any obvious downsides to something like Zbb, but I > > think that taking control away from the hypervisors etc isn't a good > > idea. >=20 > If there's any chance that a VM will need to migrate from a host with, > e.g. Zbb, to one without it, then the VM will need Zbb disabled from the > start. (Almost) Everything is obvious to someone :) > > Having a simple policy of blocking things that are known to misbehave > > would require less maint. than a list of things that are okay to pass > > through, but both are probably cans-of-worms. > > I think we need to think carefully about what policy is chosen here. > > Allowlist will be slower, but at least we'll not tell userspace > > something that is not usable. Blocklist will be easier to manage, but > > can only be reactive. >=20 > I have experience [trying] to maintain deny-lists for CPU features, > both for x86 Xen guests and Arm KVM guests. I don't recommend it. To > do it right, you need to be proactive, tracking upcoming CPU features > to add the ones that can't be supported by virt or aren't ready to > be supported by virt to the deny-list before somebody trips over them. > In practice, usually somebody trips over it first, causing fires which > have to be put out. If an allow-list is used, then, when a new feature > is missed, no fires are started. The worst that can happen is somebody > expected the feature and didn't see it, so they complain, at which > point you add it. Right. Blocking-unless-known is what I suggested when canvassed for an opinion last week but the complaint was that the kernel having to maintain a list would be a significant speed-bump for people. With a lighter-weight method of forwarding to userspace extensions that the kernel doesn't need to care about (no integration with =2E._has_extension[un]likely() etc) hopefully the roadblock would be a speedbump instead. I think I would rather speed-bumps & complaints about things being slow, than having to fight fires. > > Also, in a world where we do do some sort of passing, should we only > > forward the vendor extensions, or should we forward the standard ones > > too? >=20 > I guess we need to forward anything userspace can and should use. That, combined with what we have now, would mean that userspace would get told both what the kernel supports and additional other things that the kernel may not support, but userspace can use without that support being present. I think that is a reasonable thing to do, although it'd muddy the waters a bit with what the output in /proc/cpuinfo means. (I'm kinda taking the particular bit of the series in isolation, as if /proc/cpuinfo is the only place in which this information will be exposed.) > > What about supervisor mode only stuff? >=20 > That's not something userspace can use. If we want to expose which > supervisor mode features the CPU has to userspace, for information > purposes, then I think proc or sysfs would be sufficient for that. Yeah, as above I'm kinda looking at it from a really naive "only /proc/cpuinfo exists" point of view for the sake of simplicity. Depending on implementation, reporting supervisor-only stuff that the kernel supports may make life easier & there's probably some value to someone in passing that information to userspace too. > The downside of using an allow-list for what extensions get exposed > to userspace is that even extensions the kernel can't/won't use > will need a kernel patch before userspace can use them. But, as > I stated above, that downside (people complaining a feature they > expect is missing), is, IMO, better than the alternative of exposing > things that shouldn't be. Yeah, I would be in that camp too, but gotta suggest the various options for the sake of stirring discussion :) Thanks, Conor. --3LKaALfH552SyaYA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRh246EGq/8RLhDjO14tDGHoIJi0gUCZEvXWwAKCRB4tDGHoIJi 0qNHAP0c8lqCdLl8JRxRiLWW8lTRO9Rv12Dv/9leiqgd0GXaMAEAqh7oqM481ghG Ki+qZ6DT424RfarScyqP9XK5lkaEbgc= =LTNI -----END PGP SIGNATURE----- --3LKaALfH552SyaYA--