Re: [PATCH v2 2/3] docs/cpu-features: Update "PAuth" (Pointer Authentication) details

[Kashyap Chamarthy <kchamart@redhat.com>]

(Cc: Richard Henderson; context: "SME" and "RME" feature discussion
below.)

On Mon, Feb 17, 2025 at 06:43:01PM +0100, Eric Auger wrote:
> Hi Kashyap,

Hey,

> 
> On 2/17/25 5:37 PM, Kashyap Chamarthy wrote:

[...]

> > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> > ---
> > v2: address Marc Zyngier's comments:
> >     https://lists.gnu.org/archive/html/qemu-devel/2025-01/msg03451.html
> > ---

[...]

> > +Live migration and PAuth
> > +~~~~~~~~~~~~~~~~~~~~~~~~
> > +
> > +The level of PAuth support depends on which Arm architecture a given CPU
> > +supports (e.g. Armv8.3 vs. Armv8.6).  This gradation in PAuth support
> > +has implications for live migration.  For example, to be able to
> > +live-migrate from host-A (with Armv8.3) to host-B (with Arm v8.6):
> > +
> > +  - the source and destination hosts must "agree" on (a) the PAC
> > +    signature algorithm, and (b) all the sub-features of PAuth; or
> > +
> > +  - the alternative (and less desirable) option is to turn off PAuth
> > +    off on both source and destination — this is generally not
> > +    recommended, as PAuth is a security feature.
> > +
> > +TCG
> > +---
> >  
> > -TCG vCPU features are CPU features that are specific to TCG.
> > -Below is the list of TCG vCPU features and their descriptions.
> 
> The resulting header layout seems weird to me.
> Initially we had at top level (assuming ===):
> 
> KVM vCPU Features
> TCG vCPU Features
> SVE CPU Properties
> SME CPU Properties
> RME CPU Properties
> 
> and now
> 
> TCG vCPU Features has somehow disappeared giving the impression that
> there are none.

I did think about it :) That's why I wrote this in the cover-letter; not
sure if you noticed it:

    I replaced the "TCG vCPU Features" heading with "PAuth" because of
    this: before this change, the section says, it is about "CPU
    features that are specific to TCG".  But it has only PAuth-related
    parameters under it.  Since PAuth is relevant to both KVM and TCG, I
    moved them under a separate PAuth section, instead of duplicating
    it.

    But now we have a small inconsistency - there's a KVM-only CPU
    features section, but no TCG-only section.  I thought when there are
    more TCG-only CPU features, that section can be added back in.  Or I
    can add that back in, if anyone feels strongly about it.

> SME and RME and TCG only if am not wrong while PAUTH and SVE are both
> KVM and TCG

I didn't know that.  I read the docs a bit more closer about SME, RME,
and SVE, and did some quick `git-annotate` analysis:

  - "SME is not supported by KVM at this time" — this was added in
    commit e74c097638 (target/arm: Add cpu properties for SME,
    2022-06-20).

    If it is still accurate, then yes, SME looks to be TCG-only.

  - "The status of RME support with QEMU is experimental" — this was
    added in commit 57223a4c24 (docs/system/arm: Document FEAT_RME,
    2023-06-22).

    The phrase "with QEMU" doesn't quite decisively tell me whether it
    is experimental for TCG-only, or if it also applies for KVM.  Maybe
    Richard (in Cc) can tell us more.

  - SVE seems to be for both KVM and TCG, as the section "SVE CPU
    Property Dependencies and Constraints" talks about KVM.

  - PAuth is both KVM and TCG.

> Maybe we shall
> - rename KVM vCPU Features -> KVM only vCPU Features
> - Add a TCG only vCPU features including both SME and RME ones
> - introduce a top level KVM and TCG vCPU features with below:
> PAUTH, SVE, detailing potential different semantic for both KVM and TCG mode

Yeah, it can be done.  Would you be okay if I do it as a follow-up?  As
this a re-work of the entire doc with several features.

> Also while we are at it, we may use vCPU everywhere instead of CPU (SVE
> CPU Properties) and just skip CPU if it lays within the KVM and TCG vCPU
> Features

Yes, make sense.

[...]

-- 
/kashyap