From: Marc Zyngier <maz@kernel.org>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, KVMARM <kvmarm@lists.linux.dev>,
ARMLinux <linux-arm-kernel@lists.infradead.org>,
Oliver Upton <oliver.upton@linux.dev>,
Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Fuad Tabba <tabba@google.com>, Reiji Watanabe <reijiw@google.com>,
Raghavendra Rao Ananta <rananta@google.com>,
Suraj Jitindar Singh <surajjs@amazon.com>,
Cornelia Huck <cohuck@redhat.com>,
Shaoqin Huang <shahuang@redhat.com>
Subject: Re: [PATCH v9 05/11] KVM: arm64: Enable writable for ID_AA64DFR0_EL1 and ID_DFR0_EL1
Date: Sat, 26 Aug 2023 11:51:16 +0100 [thread overview]
Message-ID: <86a5uef55n.wl-maz@kernel.org> (raw)
In-Reply-To: <CAAdAUti8qSf0PVnWkp4Jua-te6i0cjQKJm=8dt5vWqT0Q6w4iQ@mail.gmail.com>
On Tue, 22 Aug 2023 19:35:12 +0100,
Jing Zhang <jingzhangos@google.com> wrote:
>
> Hi Marc,
>
> On Tue, Aug 22, 2023 at 12:06 AM Marc Zyngier <maz@kernel.org> wrote:
> >
> > On Mon, 21 Aug 2023 22:22:37 +0100,
> > Jing Zhang <jingzhangos@google.com> wrote:
> > >
> > > All valid fields in ID_AA64DFR0_EL1 and ID_DFR0_EL1 are writable
> > > from userspace with this change.
> > > RES0 fields and those fields hidden by KVM are not writable.
> > >
> > > Signed-off-by: Jing Zhang <jingzhangos@google.com>
> > > ---
> > > arch/arm64/kvm/sys_regs.c | 6 ++++--
> > > 1 file changed, 4 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> > > index afade7186675..20fc38bad4e8 100644
> > > --- a/arch/arm64/kvm/sys_regs.c
> > > +++ b/arch/arm64/kvm/sys_regs.c
> > > @@ -1931,6 +1931,8 @@ static bool access_spsr(struct kvm_vcpu *vcpu,
> > > return true;
> > > }
> > >
> > > +#define ID_AA64DFR0_EL1_RES0_MASK (GENMASK(59, 56) | GENMASK(27, 24) | GENMASK(19, 16))
> > > +
> > > /*
> > > * Architected system registers.
> > > * Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
> > > @@ -2006,7 +2008,7 @@ static const struct sys_reg_desc sys_reg_descs[] = {
> > > .set_user = set_id_dfr0_el1,
> > > .visibility = aa32_id_visibility,
> > > .reset = read_sanitised_id_dfr0_el1,
> > > - .val = ID_DFR0_EL1_PerfMon_MASK, },
> > > + .val = GENMASK(31, 0), },
> >
> > Can you *please* look at the register and realise that we *don't*
> > support writing to the whole of the low 32 bits? What does it mean to
> > allow selecting the M-profile debug? Or the memory-mapped trace?
> >
> > You are advertising a lot of crap to userspace, and that's definitely
> > not on.
> >
> > > ID_HIDDEN(ID_AFR0_EL1),
> > > AA32_ID_SANITISED(ID_MMFR0_EL1),
> > > AA32_ID_SANITISED(ID_MMFR1_EL1),
> > > @@ -2055,7 +2057,7 @@ static const struct sys_reg_desc sys_reg_descs[] = {
> > > .get_user = get_id_reg,
> > > .set_user = set_id_aa64dfr0_el1,
> > > .reset = read_sanitised_id_aa64dfr0_el1,
> > > - .val = ID_AA64DFR0_EL1_PMUVer_MASK, },
> > > + .val = ~(ID_AA64DFR0_EL1_PMSVer_MASK | ID_AA64DFR0_EL1_RES0_MASK), },
> >
> > And it is the same thing here. Where is the handling code to deal with
> > variable breakpoint numbers? Oh wait, there is none. Really, the only
> > thing we support writing to are the PMU and Debug versions. And
> > nothing else.
> >
> > What does it mean for userspace? Either the write will be denied
> > despite being advertised a writable field (remember the first patch of
> > the series???), or we'll blindly accept the write and further ignore
> > the requested values. Do you really think any of this is acceptable?
> >
> > This is the *9th* version of this series, and we're still battling
> > over some extremely basic userspace issues... I don't think we can
> > merge this series as is stands.
>
> I removed sanity checks across multiple fields after the discussion
> here: https://lore.kernel.org/all/ZKRC80hb4hXwW8WK@thinky-boi/
> I might have misunderstood the discussion. I thought we'd let VMM do
> more complete sanity checks.
The problem is that you don't even have a statement about how this is
supposed to be handled. What are the rules? How can the VMM author
*know*?
That's my real issue with this series: at no point do we state when an
ID register can be written, what are the rules that must be followed,
where is the split in responsibility between KVM and the VMM, and what
is the expected behaviour when the VMM exposes something that is
completely outlandish to the guest (such as the M-profile debug).
Do you see the issue? We can always fix the code. But once we've
exposed that to userspace, there is no going back. And I really want
everybody's buy-in on that front, including the VMM people.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-08-26 10:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-21 21:22 [PATCH v9 00/11] Enable writable for idregs DFR0,PFR0, MMFR{0,1,2,3} Jing Zhang
2023-08-21 21:22 ` [PATCH v9 01/11] KVM: arm64: Allow userspace to get the writable masks for feature ID registers Jing Zhang
2023-08-21 21:22 ` [PATCH v9 02/11] KVM: arm64: Document KVM_ARM_GET_REG_WRITABLE_MASKS Jing Zhang
2023-08-21 21:22 ` [PATCH v9 03/11] KVM: arm64: Use guest ID register values for the sake of emulation Jing Zhang
2023-08-21 21:22 ` [PATCH v9 04/11] KVM: arm64: Reject attempts to set invalid debug arch version Jing Zhang
2023-08-21 21:22 ` [PATCH v9 05/11] KVM: arm64: Enable writable for ID_AA64DFR0_EL1 and ID_DFR0_EL1 Jing Zhang
2023-08-22 7:06 ` Marc Zyngier
2023-08-22 18:35 ` Jing Zhang
2023-08-26 10:51 ` Marc Zyngier [this message]
2023-08-27 19:31 ` Jing Zhang
2023-09-06 2:13 ` Jing Zhang
2023-09-06 6:03 ` Oliver Upton
2023-08-21 21:22 ` [PATCH v9 06/11] KVM: arm64: Bump up the default KVM sanitised debug version to v8p8 Jing Zhang
2023-08-21 21:22 ` [PATCH v9 07/11] KVM: arm64: Enable writable for ID_AA64PFR0_EL1 Jing Zhang
2023-08-22 7:10 ` Marc Zyngier
2023-08-21 21:22 ` [PATCH v9 08/11] KVM: arm64: Refactor helper Macros for idreg desc Jing Zhang
2023-08-21 21:22 ` [PATCH v9 09/11] KVM: arm64: Enable writable for ID_AA64MMFR{0, 1, 2, 3}_EL1 Jing Zhang
2023-08-21 21:22 ` [PATCH v9 10/11] KVM: arm64: selftests: Import automatic system register definition generation from kernel Jing Zhang
2023-08-21 21:22 ` [PATCH v9 11/11] KVM: arm64: selftests: Test for setting ID register from usersapce Jing Zhang
2023-08-23 7:37 ` [PATCH v9 00/11] Enable writable for idregs DFR0,PFR0, MMFR{0,1,2,3} Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86a5uef55n.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=cohuck@redhat.com \
--cc=james.morse@arm.com \
--cc=jingzhangos@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=rananta@google.com \
--cc=reijiw@google.com \
--cc=shahuang@redhat.com \
--cc=surajjs@amazon.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).