[PATCH v6 4/4] arm64: paravirt: Enable errata based on implementation CPUs

Fri Feb 7 10:17:37 PST 2025

On Fri, 07 Feb 2025 18:10:08 +0000,
Catalin Marinas <catalin.marinas at arm.com> wrote:
> 
> On Fri, Feb 07, 2025 at 02:31:12PM +0000, Marc Zyngier wrote:
> > On Fri, 07 Feb 2025 14:08:44 +0000,
> > Catalin Marinas <catalin.marinas at arm.com> wrote:
> > > On Wed, Feb 05, 2025 at 01:22:22PM +0000, Shameer Kolothum wrote:
> > > >  static inline bool is_midr_in_range(struct midr_range const *range)
> > > >  {
> > > > -	return midr_is_cpu_model_range(read_cpuid_id(), range->model,
> > > > -				       range->rv_min, range->rv_max);
> > > > +	int i;
> > > > +
> > > > +	if (!target_impl_cpu_num)
> > > > +		return midr_is_cpu_model_range(read_cpuid_id(), range->model,
> > > > +					       range->rv_min, range->rv_max);
> > > > +
> > > > +	for (i = 0; i < target_impl_cpu_num; i++) {
> > > > +		if (midr_is_cpu_model_range(target_impl_cpus[i].midr,
> > > > +					    range->model,
> > > > +					    range->rv_min, range->rv_max))
> > > > +			return true;
> > > > +	}
> > > > +	return false;
> > > >  }
> > > 
> > > It's a interesting approach but how does this work in practice if an
> > > erratum requires a firmware counterpart? Do we expect firmwares on all
> > > machines involved to have workarounds for the other machines? Or is KVM
> > > going to intercept those SMCs and pretend the EL3 counterpart is there?
> > 
> > KVM already traps SMCs, and could do something on behalf of the guest
> > (such as pretending that the mitigation has happened if not on the
> > correct host) *IF* the mitigation is architected (à la WA{1,2,3}).
> 
> That's the main thing I had in mind. I don't think we have any other
> errata that requires firmware run-time discovery and interaction, though
> you never know when we'll add new one.
> 
> > If it is implementation specific, then we can immediately stop
> > pretending that a guest running on those systems can be migrated.
> 
> Makes sense.
> 
> > The only thing it helps a bit is big-little.
> 
> It does help a bit or, at least, we have some code for handling these
> variations that cab be extended. However, with this patchset, the host
> only probes the availability of the workarounds on the SoC it booted. It
> has no idea about the extra MIDRs the VMM picks and what the other
> machines in the clouds support.

But that's the contract. The VMM has to be omniscient and know exactly
what it can safely migrate to. It literally says "trust me, I know
what I'm doing".

> Anyway, let's hope the VMs only migrate between platforms that are
> equally broken.

No shortage of that, I'm afraid! :)

	M.

-- 
Without deviation from the norm, progress is not possible.