[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/2] xen/arm: Throw messages for unknown FP/SIMD implement ID


  • To: Wei Chen <Wei.Chen@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Tue, 25 Aug 2020 10:47:43 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nYKi3U0oHF66ATXWdLmhGDbwJa2bBQUEYl5Qhw/SRN0=; b=NNnITz7+7KWGzfxoiLeA4t/T/RaYGinqYMr88Ymm/0llhiNeULl523XrNiSBKXgCPCJIEiEntRp/PpComwFK+XzO2F8ROd2jPkLszpsz6ASM/OEK+BD/Z1Ty8UrLxMpHKXT9nLBX1qHVvlz3S5/X41ClwK0tsYsbcWh9N5jxC8klO3IoaPpt/cnAaQf4zOsUtGLg3VmcOs09MEYp8dbpREvDEeXsJV79FUZmLvf7bAOK8Ylmh7Zvy9/eN0dqwXQybarFB+lcoMRhbFG2FPt/7G3AhLeBUVSil8I94b2WqCPzQt6NkLFkKCyia91AyTSl5/VgDfCuKjmFHiOpbWpjwQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GLPrFJFhf8DKQqeozcaTIbFsY7l/gsJ9+C1KA12y8xGiRTcbnZ2jr1in7L9WJnT15MVAqRukky2lFDcIRJ5yrgUP0BcGe3aqXLAwdf8pKWBDh315rKugLT1RcZmikZ7ppuSu04TUIRjD8QsX3D7lk3XhbBnWAadkKKQqnrc/JOWqxbV2dPi/w0o6riwbAxeJleVwce+nlWXw7MZNCX5zjl+34XFmrAzOX7P32A0jkMXCZzp+8kzwv/bXLaXhpXrbV6ChcfoiyWfKPIFb1du4qruBoORNuBdzGJ3egVJ2SbvIz1iaYtbWQJ2cU+3qE06XIIn2ekAr5G8KxQ6E4hKvYQ==
  • Authentication-results-original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com;
  • Cc: Julien Grall <julien@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Andre Przywara <Andre.Przywara@xxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, Kaly Xin <Kaly.Xin@xxxxxxx>, nd <nd@xxxxxxx>
  • Delivery-date: Tue, 25 Aug 2020 10:48:34 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHWecazJFpryBm0PEiL+drgXPmkLqlHQwyAgAA4rQCAAAcGAIAAogEAgACCBIA=
  • Thread-topic: [PATCH v2 2/2] xen/arm: Throw messages for unknown FP/SIMD implement ID


> On 25 Aug 2020, at 04:02, Wei Chen <Wei.Chen@xxxxxxx> wrote:
> 
> Hi Julien, Bertrand,
> 
>> -----Original Message-----
>> From: Julien Grall <julien@xxxxxxx>
>> Sent: 2020年8月25日 1:23
>> To: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
>> Cc: Wei Chen <Wei.Chen@xxxxxxx>; Xen-devel <xen-
>> devel@xxxxxxxxxxxxxxxxxxxx>; sstabellini@xxxxxxxxxx; Andre Przywara
>> <Andre.Przywara@xxxxxxx>; Penny Zheng <Penny.Zheng@xxxxxxx>; Kaly
>> Xin <Kaly.Xin@xxxxxxx>; nd <nd@xxxxxxx>
>> Subject: Re: [PATCH v2 2/2] xen/arm: Throw messages for unknown
>> FP/SIMD implement ID
>> 
>> 
>> 
>> On 24/08/2020 17:57, Bertrand Marquis wrote:
>>> Hi Julien,
>> 
>> Hi,
>> 
>>> 
>>>> On 24 Aug 2020, at 14:34, Julien Grall <julien@xxxxxxx> wrote:
>>>> 
>>>> Hi Wei,
>>>> 
>>>> On 24/08/2020 04:28, Wei Chen wrote:
>>>>> Arm ID_AA64PFR0_EL1 register provides two fields to describe CPU
>>>>> FP/SIMD implementations. Currently, we exactly know the meaning of
>>>>> 0x0, 0x1 and 0xf of these fields. Xen treats value < 8 as FP/SIMD
>>>>> features presented. If there is a value 0x2 bumped in the future,
>>>>> Xen behaviors for value <= 0x1 can also take effect. But what Xen
>>>>> done for value <= 0x1 may not always cover new value 0x2 required.
>>>> 
>>>> Right, but this will also happen with all the other features. This may
>> actually confuse the users as they may think the rest of the features are 
>> fully
>> supported which is not correct. For instance, dom0 will crash if you boot Xen
>> on a SVE-capable hardware.
>>> 
>>> I would see this as an improvement already.
>> 
>> TBH, I only view this patch as a band-aid. I am OK with them but they
>> need to be useful.
>> 
>> When I read "unknown value...", I have no clue whether the message is
>> good or bad. It would be better to extend the message with what could go
>> wrong. E.g "Unknown value X, this may result to corruption on the platform".
>> 
> 
>> I would also consider to taint Xen as it may become unstable with this
>> option set.
>> 
> 
> Hmm, yes, it seems current messages are pale. The user could not understand
> what we want the message expressed when he got one such message. I will 
> improve
> them to give user a clear meaning. And I think a XENLOG_WARNING would be 
> better
> to notice user. I will do them in v3.
> 
>>> More could be done for SVE (and other bits) but this should be in another
>> patch set.
>>> 
>>>> 
>>>>> We throw these messages to break the silence when Xen detected
>>>>> unknown FP/SIMD IDs to notice user to check.
>>>> 
>>>> It feels a bit odd to me to print unknown for the FP/SIMD feature but not
>> for all the rest.
>>>> 
>>>> IMHO, the right approach is to sanitize ID registers exposed to domains
>> and only expose features we know are correctly handled.
>>> 
>>> I actually started to look into this last week because I came to an issue
>> comparable to SVE with pointer authentication.
>>> Maybe we should discuss this subject separately as clearing TID3 bit in HCR
>> and emulating all ID registers is possible
>>> but I want to check first if this could have big impacts on performances
>> 
>> I don't expect any performance drop. In Linux, they will cache all the
>> values and use alternative to avoid runtime check.
>> 
>> I also don't expect any OS to use them at runtime in hotpath.
>> 
> 
> I think this would not be a problem. Most ID check operations would be done
> in system/application initialization stage.
> 
>>> and see discuss how to design this as there
>>> could be a huge amount of cases for example if we want to allow different
>> parameters for different domains.
>> 
>> I would suggest to first consider a simple approach where we expose the
>> same view of the ID registers to all the guests but it is sanitized.
>> 
> 
> Can I ask the reason why we don't expose native ID registers to guest? Is it 
> because
> we want to avoid guest using some unaware features of Xen?

We should avoid guest using features that we do not support or that we do not 
even
enable.

If you take SVE or Pointer Authentication, we are not activating the bits in 
HCR or CPTR
to let a guest use those so the fact that we still let those bit set in the 
processor
features registers is making guests try to use them and crash.

> 
>> We can then discuss whether we want to have a per-guest view of the ID
>> registers and how to configure it.
>> 
>> Regarding the implementation, I personally quite like the Linux
>> cpufeature framework. It is quite powerful and I believe would suit
>> quite well Xen.
>> 
> 
> I agree with you. But I think is quite huge, and out of this patch set's 
> scope.
> We need a separate thread to discuss the design and implement.

Definitely this is out of scope of this patch I agree.

Regards
Bertrand


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.