Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1825901rbb; Tue, 27 Feb 2024 02:19:53 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCU574sNXdGFrsAcyVcjoAW3qOYDsV9AfKQOA1tVxtzwxfKoqOYHNqEONtLmCTAzahqr6tVi1eOs56iZL4gKNs7ZbtgH9md0e5NGXyvFzw== X-Google-Smtp-Source: AGHT+IFjL913gKmPJmyLHeRG+kmjoLHbdpOISVCqY43CMva9CVqQbYiFy5N4eyfjpjZnP0QnmNwb X-Received: by 2002:a05:6214:5007:b0:68f:58f8:9157 with SMTP id jo7-20020a056214500700b0068f58f89157mr2064505qvb.53.1709029193388; Tue, 27 Feb 2024 02:19:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709029193; cv=pass; d=google.com; s=arc-20160816; b=oMHt4SueghmktX+8ohaHhu3vhUAuHZazZvO/Go8U4ZJRYbL5bB2KLEGqv0YjhvGmXO 5Vw+nzEBBTYZ2vke2Ulwxr2S5wUXc/mNnKKnRx1CJaHfIEt9xZ+YeOYK8wB20rH08d93 L5to9JVzvjmp2P7f5KOY80x61lba2z/P6Z8wXEdEXfeW4SSV+aJ47lKznE6aIuiK9Nc0 OHyI8u4huphk1uB+0/pCvzqz2t1iGTAHzWnot+sFUAC/O29IgmPCaVopnXP8GCu5Jghq fM2wgvEdAnwXDXfo3nDD8uxf9cQkkA2gUY1RE6AkcznBR07G5A1p3S+X9OYH9p1Wi0DH nK+A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=f0QytrjS+H5WOo/DY15VdjyrCp4SuVvTWFodb1FjHbI=; fh=MNzTkvpdRFYC1IaHnYsPBpbdcWPoR4SUZmJpyImuW4Q=; b=cNiFsW4QrfLONmcQ/lmyaSWKg6ddexMny6QJek4TbXOoyGCC5BkJDijMLw/0z96NgI zAlC/fO8tPHCQjgpzN9GK9o3/L6FIobrOODCIoYoevz2k5L6eGPDnSaphyrP4kBJry16 vkeOORQaer5mqitCaoZWmpo6suJx12Us/vWQBZJyJjxRKAIKh6ffjfy1UU3XRLV86N2K TRWOksvNQUvY+HAwsUf7daaAKTWd60u8OMVEN9ceM5lD4th4bFGKBrwOlvneeaNiLk8i WyXiP/AYpHI/9KPGRSXYOJbuRTGVpvFqoXBlT5+nCWSrg5ACX4B8kGK5GO0xMCyUngYa nWRw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@xen0n.name header.s=mail header.b=tffeR8d1; arc=pass (i=1 spf=pass spfdomain=xen0n.name dkim=pass dkdomain=xen0n.name); spf=pass (google.com: domain of linux-kernel+bounces-83020-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83020-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id gy1-20020a056214242100b0068c56e6f421si7341342qvb.196.2024.02.27.02.19.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Feb 2024 02:19:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-83020-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@xen0n.name header.s=mail header.b=tffeR8d1; arc=pass (i=1 spf=pass spfdomain=xen0n.name dkim=pass dkdomain=xen0n.name); spf=pass (google.com: domain of linux-kernel+bounces-83020-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83020-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 28E4E1C22E4B for ; Tue, 27 Feb 2024 10:19:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 949661386D1; Tue, 27 Feb 2024 10:19:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=xen0n.name header.i=@xen0n.name header.b="tffeR8d1" Received: from mailbox.box.xen0n.name (mail.xen0n.name [115.28.160.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FC621384B2; Tue, 27 Feb 2024 10:19:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.28.160.31 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709029158; cv=none; b=ffRYTdBoLVJ6led6zz6jLFRsc6fSMpyXb1IrrnZifbC5KWoTtNo6A4+lL46iiePNIqHFv78TzPI1bCkjm8APMmCQcmUSmEWhJaHHK5bAFuUVGEVZAFgXa8FsfdPM2UnOAKWxLtE6Rb7PkM8CY2hypYLiNyxgEFL1FWsDBsN/XbY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709029158; c=relaxed/simple; bh=5sc9exolwsywzwMysiUeFzXsXrPi7FzwPMd2B6e7iUY=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=i3Oy4B7t0wTEQ/wwXw4vzQyoRnFY0IvljJdkxiqli88+B13wi3Il0rPnMxs7oWC0FSPrOndVMjFKr5F4dhs2EWkvh7kmT044QSRdg0a2AAtIOPGUyo6V43owv+Si3g0NuDAMciu9ZkGfpgBFW9oc23vCDC9MqvTHTHGnZfQvsKQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=xen0n.name; spf=pass smtp.mailfrom=xen0n.name; dkim=pass (1024-bit key) header.d=xen0n.name header.i=@xen0n.name header.b=tffeR8d1; arc=none smtp.client-ip=115.28.160.31 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=xen0n.name Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=xen0n.name DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xen0n.name; s=mail; t=1709029150; bh=5sc9exolwsywzwMysiUeFzXsXrPi7FzwPMd2B6e7iUY=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=tffeR8d1ZzdwRnjSiWrkYFvpX3d4HLSjHQ3sTPsEVs8BVq9o/Y1zdlByr5Z/hdKAT n/2hX6ox08LvFhIwV5llcB2iIro+K/jAiVXOEm9QZiJETQ6UyAS/tHnJdpEQJbnn3v hdlrI2QJ4mTlPtVm3UdAARIg1qEF3AhBTDQ92vMc= Received: from [28.0.0.1] (unknown [101.230.251.34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailbox.box.xen0n.name (Postfix) with ESMTPSA id 3489160121; Tue, 27 Feb 2024 18:19:10 +0800 (CST) Message-ID: <431111f3-d84a-4311-986d-eebd91559cd3@xen0n.name> Date: Tue, 27 Feb 2024 18:19:09 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v5 3/6] LoongArch: KVM: Add cpucfg area for kvm hypervisor Content-Language: en-US To: maobibo , Jiaxun Yang , Huacai Chen Cc: Tianrui Zhao , Juergen Gross , Paolo Bonzini , loongarch@lists.linux.dev, linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, kvm@vger.kernel.org References: <20240222032803.2177856-1-maobibo@loongson.cn> <20240222032803.2177856-4-maobibo@loongson.cn> <06647e4a-0027-9c9f-f3bd-cd525d37b6d8@loongson.cn> <85781278-f3e9-4755-8715-3b9ff714fb20@app.fastmail.com> <0d428e30-07a8-5a91-a20c-c2469adbf613@loongson.cn> <327808dd-ac34-4c61-9992-38642acc9419@xen0n.name> <62cc24fd-025a-53c6-1c8e-2d20de54d297@loongson.cn> From: WANG Xuerui In-Reply-To: <62cc24fd-025a-53c6-1c8e-2d20de54d297@loongson.cn> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2/27/24 18:12, maobibo wrote: > > > On 2024/2/27 下午5:10, WANG Xuerui wrote: >> On 2/27/24 11:14, maobibo wrote: >>> >>> >>> On 2024/2/27 上午4:02, Jiaxun Yang wrote: >>>> >>>> >>>> 在2024年2月26日二月 上午8:04,maobibo写道: >>>>> On 2024/2/26 下午2:12, Huacai Chen wrote: >>>>>> On Mon, Feb 26, 2024 at 10:04 AM maobibo wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 2024/2/24 下午5:13, Huacai Chen wrote: >>>>>>>> Hi, Bibo, >>>>>>>> >>>>>>>> On Thu, Feb 22, 2024 at 11:28 AM Bibo Mao >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Instruction cpucfg can be used to get processor features. And >>>>>>>>> there >>>>>>>>> is trap exception when it is executed in VM mode, and also it is >>>>>>>>> to provide cpu features to VM. On real hardware cpucfg area 0 - 20 >>>>>>>>> is used.  Here one specified area 0x40000000 -- 0x400000ff is used >>>>>>>>> for KVM hypervisor to privide PV features, and the area can be >>>>>>>>> extended >>>>>>>>> for other hypervisors in future. This area will never be used for >>>>>>>>> real HW, it is only used by software. >>>>>>>> After reading and thinking, I find that the hypercall method >>>>>>>> which is >>>>>>>> used in our productive kernel is better than this cpucfg method. >>>>>>>> Because hypercall is more simple and straightforward, plus we don't >>>>>>>> worry about conflicting with the real hardware. >>>>>>> No, I do not think so. cpucfg is simper than hypercall, hypercall >>>>>>> can >>>>>>> be in effect when system runs in guest mode. In some scenario >>>>>>> like TCG >>>>>>> mode, hypercall is illegal intruction, however cpucfg can work. >>>>>> Nearly all architectures use hypercall except x86 for its historical >>>>> Only x86 support multiple hypervisors and there is multiple hypervisor >>>>> in x86 only. It is an advantage, not historical reason. >>>> >>>> I do believe that all those stuff should not be exposed to guest >>>> user space >>>> for security reasons. >>> Can you add PLV checking when cpucfg 0x40000000-0x400000FF is >>> emulated? if it is user mode return value is zero and it is kernel >>> mode emulated value will be returned. It can avoid information leaking. >> >> I've suggested this approach in another reply [1], but I've rechecked >> the manual, and it turns out this behavior is not permitted by the >> current wording. See LoongArch Reference Manual v1.10, Volume 1, >> Section 2.2.10.5 "CPUCFG": >> >>  > CPUCFG 访问未定义的配置字将读回全 0 值。 >>  > >>  > Reads of undefined CPUCFG configuration words shall return all-zeroes. >> >> This sentence mentions no distinction based on privilege modes, so it >> can only mean the behavior applies universally regardless of privilege >> modes. >> >> I think if you want to make CPUCFG behavior PLV-dependent, you may >> have to ask the LoongArch spec editors, internally or in public, for a >> new spec revision. > No, CPUCFG behavior between CPUCFG0-CPUCFG21 is unchanged, only that it > can be defined by software since CPUCFG 0x400000000 is used by software. The 0x40000000 range is not mentioned in the manuals. I know you've confirmed privately with HW team but this needs to be properly documented for public projects to properly rely on. >> (There are already multiple third-party LoongArch implementers as of >> late 2023, so any ISA-level change like this would best be >> coordinated, to minimize surprises.) > With document Vol 4-23 > https://www.intel.com/content/dam/develop/external/us/en/documents/335592-sdm-vol-4.pdf > > There is one line "MSR address range between 40000000H - 400000FFH is > marked as a specially reserved range. All existing and > future processors will not implement any features using any MSR in this > range." Thanks for providing this info, now at least we know why it's this specific range of 0x400000XX that's chosen. > > It only says that it is reserved, it does not say detailed software > behavior. Software behavior is defined in hypervisor such as: > https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/main/tlfs/Requirements%20for%20Implementing%20the%20Microsoft%20Hypervisor%20Interface.pdf > https://kb.vmware.com/s/article/1009458 > > If hypercall method is used, there should be ABI also like aarch64: > https://documentation-service.arm.com/static/6013e5faeee5236980d08619 Yes proper documentation of public API surface is always necessary *before* doing real work. Because right now the hypercall provider is Linux KVM, maybe we can document the existing and planned hypercall usage and ABI in the kernel docs along with code changes. -- WANG "xen0n" Xuerui Linux/LoongArch mailing list: https://lore.kernel.org/loongarch/