[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen/arm: Convert runstate address during hypcall

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Fri, 14 Aug 2020 09:25:14 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k0F4pmcY/hxE+m5bXgcbHZzEj8pVOYrwyMna2AAOXzQ=; b=B+GGpWLbvgCQ7irhDvdQjcLrlZevxwhXmnX49O2FaKPl2FQ2JEYqrV4dryATdlXSshObFmlHibFPQHvLzF2g/qghPWyoPGBxs8lIx3l+ZIp9eDu+t2SYhr3Uh37dfxkBIzhbv9IeO+0ICfCDU7w3TejdTNIsHXPDXE8Lgpw7rNUeYLniUOo4hJp+vG15qiNWG4O54jTqop0v1H6L1hxnZOK/AKIQunbjo2qRrycBPKHoIXtbZDJqWaaYTZrIuUTOV+7ctQ4x5Vo8XCYQLAXWzelILetRfdYaWsZtf8kwL2zKpNfQ6UXpnxRzarIY2WsZkm8boVZi9f3BUzDnhrzUUw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CGHk6dQqnrQDVWxrewnJ3vQx4o3SEFePIoshY9OGvRV/H/YJeQrsNK3LvLKywEjaE+yUnnIvfRXW/v1cxAazYH8dPf+bYSbXS4kZWBt4omip+g8cCyRGEYS8P/gbANrwn2q6OHyT91Tv/2nf58d71WC6tY7R1pKOHTp2XqBy0bMMVNS/ThnQ595m35cQC1edCVrM2opqP/WnCnDzETKVhFuTKo0JtaZrHGqlY8xPFlZGWh+9oT6ZA+wmymMlc8IHqeAkv/tTfJUQ8SARwMrJSg/8QrU1G+5aIiOkyuk/wi6x8umrGOJX+TLChVFV0utjMtmQq1Np8qZ9kSCaoyoGmQ==
  • Authentication-results-original: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, nd <nd@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Fri, 14 Aug 2020 09:25:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHWZPcpcJdIAbXhcEqLxJ7JubPXUKkdZ+eAgAC8aQCAAMFpAIAAcn6AgAHoeQCAADumgIAAAacAgABIKQCAAI2WAIAVG/WA
  • Thread-topic: [PATCH v2] xen/arm: Convert runstate address during hypcall

> On 1 Aug 2020, at 00:03, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> 
> On Fri, 31 Jul 2020, Bertrand Marquis wrote:
>>> On 31 Jul 2020, at 12:18, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>> 
>>> On 31.07.2020 12:12, Julien Grall wrote:
>>>> On 31/07/2020 07:39, Jan Beulich wrote:
>>>>> We're fixing other issues without breaking the ABI. Where's the
>>>>> problem of backporting the kernel side change (which I anticipate
>>>>> to not be overly involved)?
>>>> This means you can't take advantage of the runstage on existing Linux 
>>>> without any modification.
>>>> 
>>>>> If the plan remains to be to make an ABI breaking change,
>>>> 
>>>> For a theoritical PoV, this is a ABI breakage. However, I fail to see 
>>>> how the restrictions added would affect OSes at least on Arm.
>>> 
>>> "OSes" covering what? Just Linux?
>>> 
>>>> In particular, you can't change the VA -> PA on Arm without going 
>>>> through an invalid mapping. So I wouldn't expect this to happen for the 
>>>> runstate.
>>>> 
>>>> The only part that *may* be an issue is if the guest is registering the 
>>>> runstate with an initially invalid VA. Although, I have yet to see that 
>>>> in practice. Maybe you know?
>>> 
>>> I'm unaware of any such use, but this means close to nothing.
>>> 
>>>>> then I
>>>>> think this will need an explicit vote.
>>>> 
>>>> I was under the impression that the two Arm maintainers (Stefano and I) 
>>>> already agreed with the approach here. Therefore, given the ABI breakage 
>>>> is only affecting Arm, why would we need a vote?
>>> 
>>> The problem here is of conceptual nature: You're planning to
>>> make the behavior of a common hypercall diverge between
>>> architectures, and in a retroactive fashion. Imo that's nothing
>>> we should do even for new hypercalls, if _at all_ avoidable. If
>>> we allow this here, we'll have a precedent that people later
>>> may (and based on my experience will, sooner or later) reference,
>>> to get their own change justified.
> 
> Please let's avoid "slippery slope" arguments
> (https://en.wikipedia.org/wiki/Slippery_slope)
> 
> We shouldn't consider this instance as the first in a long series of bad
> decisions on hypercall compatibility. Each new case, if there will be
> any, will have to be considered based on its own merits. Also, let's
> keep in mind that there have been no other cases in the last 8 years. (I
> would like to repeat my support for hypercall ABI compatibility.)
> 
> 
> I would also kindly ask not to put the discussion on a "conceptual"
> level: there is no way to fix all guests and also keep compatibility.
> From a conceptual point of view, it is already game over :-)
> 
> 
>> After a discussion with Jan, he is proposing to have a guest config setting 
>> to
>> turn on or off the translation of the address during the hypercall and add a
>> global Xen command line parameter to set the global default behaviour. 
>> With this was done on arm could be done on x86 and the current behaviour
>> would be kept by default but possible to modify by configuration.
>> 
>> @Jan: please correct me if i said something wrong
>> @others: what is your view on this solution ?
> 
> Having options to turn on or off the new behavior could be good-to-have
> if we find a guest that actually requires the old behavior. Today we
> don't know of any such cases. We have strong reasons to believe that
> there aren't any on ARM (see Julien's explanation in regards to the
> temporary invalid mappings.) In fact, it is one of the factors that led
> us to think this patch is the right approach.
> 
> That said, I am also OK with adding such a parameter now, but we need to
> choose the default value carefully.

This would also mean keeping support in the code for old and new behaviour
which might make the code bigger and more complex.

> 
> 
> We need the new behavior as default on ARM because we need the fix to
> work for all guests. I don't think we want to explain how you always
> need to set config_foobar otherwise things don't work. It has to work
> out of the box.
> 
> It would be nice if we had the same default on x86 too, although I
> understand if Jan and Andrew don't want to make the same change on x86,
> at least initially.

So you mean here adding a parameter but only on Arm ?
Should it be a command line parameter ? a configuration parameter ? both ?

It seems that with this patch i touched some kind of sensible area.
Should i just abandon it and see later to work on adding a new hypercall using
a physical address as parameter ?

Cheers
Bertrand

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.