From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 953D6C433EF for ; Wed, 19 Jan 2022 10:21:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349479AbiASKVY (ORCPT ); Wed, 19 Jan 2022 05:21:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240254AbiASKVY (ORCPT ); Wed, 19 Jan 2022 05:21:24 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2730CC061574; Wed, 19 Jan 2022 02:21:24 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BBD6061571; Wed, 19 Jan 2022 10:21:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2BC9AC004E1; Wed, 19 Jan 2022 10:21:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642587683; bh=cP9cLTMdUSfF40o+P6T3LFzIpDG8KykxdcBvwSmIf8o=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=CDzzzwVotsmKyOYUjqR0h8Y9SowCQOZoRlzI9UqqqOaI/AfV3HDu8bFn/q6AZ+e9Z R8s6cbEQuw2EkCkBaYnhAEj1ROLtiqTbTAB8gqa+YPB/d7oYuJ4Bdy94IqngPMcJ1J 3OJbKVBq9DD1AD2PgsFWc6pag8DABg/JYHsY+Hae72JEu4mFUC/uZg7qOO5CIp2++i t6J83yx7NxxjNPFsuTvWM9tSM//ASfPGxpLUn+huASndGzL0Gom8pGDYMoqs1aH2Nx pEUGWDkyODqJ+AcaoqRC6Ko2ZX1w8BFl17pz3CjgQ9OUxkeukHDvueRJDL48Tzvvtu HdLj31S+fGbTg== Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nA85g-001Ren-K2; Wed, 19 Jan 2022 10:21:20 +0000 Date: Wed, 19 Jan 2022 10:21:20 +0000 Message-ID: <87ee5481r3.wl-maz@kernel.org> From: Marc Zyngier To: Jason Wang Cc: Raghavendra Rao Ananta , Andrew Jones , James Morse , Alexandru Elisei , Suzuki K Poulose , Paolo Bonzini , Catalin Marinas , Will Deacon , Peter Shier , Ricardo Koller , Oliver Upton , Reiji Watanabe , Jing Zhang , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Subject: Re: [RFC PATCH v3 04/11] KVM: arm64: Setup a framework for hypercall bitmap firmware registers In-Reply-To: <960d4166-1718-55ef-d324-507a8add7e3e@redhat.com> References: <20220104194918.373612-1-rananta@google.com> <20220104194918.373612-5-rananta@google.com> <960d4166-1718-55ef-d324-507a8add7e3e@redhat.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: jasowang@redhat.com, rananta@google.com, drjones@redhat.com, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, pbonzini@redhat.com, catalin.marinas@arm.com, will@kernel.org, pshier@google.com, ricarkol@google.com, oupton@google.com, reijiw@google.com, jingzhangos@google.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kvm@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org On Wed, 19 Jan 2022 06:42:15 +0000, Jason Wang wrote: >=20 >=20 > =E5=9C=A8 2022/1/5 =E4=B8=8A=E5=8D=883:49, Raghavendra Rao Ananta =E5=86= =99=E9=81=93: > > KVM regularly introduces new hypercall services to the guests without > > any consent from the Virtual Machine Manager (VMM). This means, the > > guests can observe hypercall services in and out as they migrate > > across various host kernel versions. This could be a major problem > > if the guest discovered a hypercall, started using it, and after > > getting migrated to an older kernel realizes that it's no longer > > available. Depending on how the guest handles the change, there's > > a potential chance that the guest would just panic. > >=20 > > As a result, there's a need for the VMM to elect the services that > > it wishes the guest to discover. VMM can elect these services based > > on the kernels spread across its (migration) fleet. To remedy this, > > extend the existing firmware psuedo-registers, such as > > KVM_REG_ARM_PSCI_VERSION, for all the hypercall services available. >=20 >=20 >=20 > Haven't gone through the series but I wonder whether it's better to > have a (e)BPF filter for this like seccomp. No, please. This has to fit in the save/restore model, and should be under control of the VMM. If you want to filter things using seccomp, that's fine, but also that's completely orthogonal. M. --=20 Without deviation from the norm, progress is not possible.