From: nico@fluxnic.net (Nicolas Pitre)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH 0/2] Add support for a fake, para-virtualised machine
Date: Wed, 05 Dec 2012 10:07:05 -0500 (EST) [thread overview]
Message-ID: <alpine.LFD.2.02.1212051001140.6589@xanadu.home> (raw)
In-Reply-To: <CAHkRjk5HgM=kL5Li_9qrwXfD+vJGvLLoha_ns6KFdxZW7gLwbA@mail.gmail.com>
On Wed, 5 Dec 2012, Catalin Marinas wrote:
> On 4 December 2012 18:14, Will Deacon <will.deacon@arm.com> wrote:
> > On Tue, Dec 04, 2012 at 06:02:13PM +0000, Nicolas Pitre wrote:
> >> On Tue, 4 Dec 2012, Will Deacon wrote:
> >> > On Tue, Dec 04, 2012 at 05:00:07PM +0000, Nicolas Pitre wrote:
> >> > > on the topic of a para-virtualised machine, I think that it should
> >> > > simply implement the PSCI calls to bring up CPUs _without_ any holding
> >> > > pen nor spinning tables. You issue the appropriate PSCI call with the
> >> > > physical address for secondary_startup() as argument and you're done.
> >> > > The host intercepts that call and free a new CPU instance in response.
> >> > > That's all.
> >> >
> >> > I'd be happy to go with this suggestion if it wasn't for one thing:
> >> > platforms that do not implement a secure mode. For these platforms, smc will
> >> > be an undefined instruction at the exception level where it is executed and
> >> > therefore cannot be trapped by the hypervisor.
> >>
> >> Really? I thought the hypervisor could virtualize SMC calls. Or is
> >> that considered a security hazard?
> >
> > If the security extensions aren't implemented, the hypervisor can't trap the
> > smc instruction.
> >
> >> I don't remember all the PSCI spec details, but I think there was some
> >> provision for this case i.e. the SMC call could be a HYP call instead.
> >> And if that's not in the spec, then it probably should be added and
> >> implemented as if it was.
> >
> > Well, this depends on the guest taking an undefined instruction exception on
> > the smc, then deciding to issue an hvc instead and *then* having the
> > hypervisor somehow translate that into a PSCI invocation. It could work, but
> > it sounds easy to mess up and relies on the PSCI firmware co-existing with
> > things like kvm.
>
> We can have enable-method DT entries independent of the SoC and one of
> them can be psci-hvc.
>
> Just for clarification, AArch32 with virtualisation mandates the
> security extensions, so the SMC can be trapped.
Good. Therefore this one is settled.
> On AArch64 it is a bit
> tricky since the presence of EL3 is not mandate, in which case SMC
> would undef (don't as why ;). That's where we can have different
> enable methods specified via the DT.
In that case, sure. But do you expect such a configuration to be
common? Especially with all this secure booting being and cie enforced
across the board? I bet it won't.
So it is probably best to presume PSCI by default, and have a DT
specified method only when it is necessary to override the default.
Nicolas
next prev parent reply other threads:[~2012-12-05 15:07 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-03 17:52 [RFC PATCH 0/2] Add support for a fake, para-virtualised machine Will Deacon
2012-12-03 17:52 ` [RFC PATCH 1/2] ARM: Dummy Virtual Machine platform support Will Deacon
2012-12-03 17:52 ` [RFC PATCH 2/2] ARM: SMP support for mach-virt Will Deacon
2012-12-03 21:55 ` Rob Herring
2012-12-04 12:40 ` Will Deacon
2012-12-04 13:33 ` Russell King - ARM Linux
2012-12-04 13:40 ` Will Deacon
2012-12-04 14:37 ` Russell King - ARM Linux
2012-12-04 16:11 ` Will Deacon
2012-12-04 16:35 ` Russell King - ARM Linux
2012-12-04 17:24 ` Will Deacon
2012-12-04 19:37 ` Arnd Bergmann
2012-12-04 16:45 ` Rob Herring
2012-12-04 17:16 ` Will Deacon
2012-12-04 17:23 ` Rob Herring
2012-12-04 17:24 ` Marc Zyngier
2012-12-04 17:30 ` Will Deacon
2012-12-11 16:04 ` Stefano Stabellini
2012-12-11 16:09 ` Will Deacon
2012-12-11 16:34 ` Stefano Stabellini
2012-12-11 16:41 ` Ian Campbell
2012-12-11 16:43 ` Will Deacon
2012-12-11 17:14 ` Stefano Stabellini
2012-12-11 17:24 ` Will Deacon
2012-12-04 18:10 ` Nicolas Pitre
2012-12-03 21:54 ` [RFC PATCH 0/2] Add support for a fake, para-virtualised machine Rob Herring
2012-12-04 12:30 ` Will Deacon
2012-12-04 14:12 ` Rob Herring
2012-12-04 17:00 ` Nicolas Pitre
2012-12-04 17:11 ` Will Deacon
2012-12-04 18:02 ` Nicolas Pitre
2012-12-04 18:14 ` Will Deacon
2012-12-05 14:52 ` Catalin Marinas
2012-12-05 15:07 ` Nicolas Pitre [this message]
2012-12-05 15:10 ` Will Deacon
2012-12-05 15:07 ` Will Deacon
2012-12-05 15:15 ` Catalin Marinas
2012-12-11 16:19 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.02.1212051001140.6589@xanadu.home \
--to=nico@fluxnic.net \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).