Xen project Mailing List

Re: [Xen-devel] [PATCH] x86/cpuid: correct dependencies of post-SSE ISA extensions

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Thu, 31 Jan 2019 07:47:06 -0700

Cc: Juergen Gross <jgross@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>

Delivery-date: Thu, 31 Jan 2019 14:47:12 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 31.01.19 at 14:36, <andrew.cooper3@xxxxxxxxxx> wrote: > On 31/01/2019 10:06, Jan Beulich wrote: >>>>> On 30.01.19 at 21:21, <andrew.cooper3@xxxxxxxxxx> wrote: >>> On 14/01/2019 12:48, Jan Beulich wrote: >>>>>>> On 14.01.19 at 13:00, <andrew.cooper3@xxxxxxxxxx> wrote: >>>>> On 14/01/2019 11:39, Jan Beulich wrote: >>>>>> First of all a PCLMULQDQ dependency was missing entirely. Add it as well >>>>>> as AESNI and SHA to SSE2, as all of them act on vectors of integers, >>>>>> whereas plain SSE supports vectors of single precision floats only. This >>>>>> is in line with how e.g. binutils and gcc treat them. >>>>>> >>>>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> >>>>>> --- >>>>>> TBD: On the same basis, SSE3, SSSE3 and SSE4A should probably also >>>>>> depend on SSE2 rather than SSE. In fact making this a chain SSE -> SSE2 >>>>>> -> SSE3 -> { SSSE3, SSE4A } would probably be best, and get us in line >>>>>> with both binutils and gcc. But I think I did suggest so when the >>>>>> dependencies were introduced, and this wasn't liked for a reason I >>>>>> forgot. >>>>> While all of this is true, there is a comment in context which explains >>>>> why the dependences are they way they are. >>>>> >>>>> Providing a guest with SSE, no SSE2, and PCLMULDQ/AESNI/SHA will allow >>>>> these latter instruction groups to function correctly. >>>> You mean "Several futher instruction sets are built on core %XMM >>>> support, without specific inter-dependencies"? This explains it at >>>> best partly, the more that there then are exceptions to this rule >>>> ({,S}SSE3 -> SSE4.1 and SSE4.1 -> SSE4.2). Do we really have to >>>> take a different view here than binutils and gcc (and perhaps many >>>> others) do? >>>> >>>> Some of Linux'es x86-specific crypto drivers make even more >>>> interesting implications, several of which I mean to fix. But they >>>> (imo) validly imply e.g. SSE2 when there is SSSE3, which would >>>> mean such a driver would only work because we can't hide the >>>> SSE2 insns when a guest config file masks off SSE2 but not >>>> SSSE3 - until such an insn hits the emulator, where the >>>> vcpu_has_sse2() check would make it raise #UD, just because >>>> of our non-standard feature dependencies. >>> The dependences described here are primarily to prevent malfunctions in >>> Xen, rather than to provide a historically-accurate view of which >>> features appeared when. Software which doesn't follow the rules cannot >>> be helped - its already buggy. >> For this last statement - where is the "SSE2: [LM]" dependency formally >> spelled out? The fact that it's used for the UNIX floating point ABI of >> x86-64 is not relevant: There could sensibly be a 64-bit processor >> without any floating point support, I think. > > The base AMD64 spec, which mandates SSE2 in compliant implementations. Would you mind pointing out which document you refer to here? I've just gone and searched the first two volumes of the PM for# all mentions of SSE2, and I couldn't find what you say above. > It is the reason why you don't need a feature check to use the fence > instructions. I understand that's what we imply it to mean. >>> The question which matters here is whether the Intel/AMD SDM's allow for >>> any such implications. >>> >>> Vol1 12.13.4 states that software wishing to use AES-NI or PCMULDQ must >>> first check for SSE2, and then for the individual feature bit. I >>> suppose this is better evidence of a logical connection than we've used >>> in other bits of the dependency tree, but I see absolutely nothing >>> discussing the SHA instruction set. >> So if I left SHA alone but moved AESNI, you'd be fine with the change? >> I could at least see this as an intermediate step. I should say though >> that SHA has always been giving the impression of a "bad child" to me, >> so I wouldn't be surprised of this was just a doc omission (seeing that >> there isn't even a section about that entire extension in chapter 12). > > I did find that omission curious while looking. > >> Furthermore, you didn't even comment on the SSE3 etc aspect. >> Section 12.4.2, just like 12.13.4, refers to 11.6.2, i.e. (according to >> your interpretation above) implies SSE2. While 12.12.2 implies SSE3 >> and SSSE3, 12.12.3 implies SSSE3 and SSE4.1 but not SSE3, and >> 12.7.2 does not suggest to check for SSE3. I have to admit that >> I'd rather consider this as doc shortcomings. > > You do realise that you argued the contrary when I originally > implemented this, most notably in v4 > https://patchwork.kernel.org/patch/8651441/ , and made me change the > logic to how it currently is? Well, part of it is that I look at some of the dependencies differently now that I've implemented test harness extensions for AES, SHA, and PCLMUL. Specifically before this I didn't pay much attention to the vector element types/sizes these extensions act on. > It looks to me as if you now prefer v3 of my original patch. That's perhaps a little less "in the middle" than what we currently have, but it's still not quite there, in particular because of ... >> An SSE4.2 check alone is (imo correctly) suggested for CRC32 and >> POPCNT, which would seem to mean we should drop its SSE4.1 >> dependency. ... this. >> Otoh these documented needs to check for multiple bits could as >> well be interpreted as meaning there's no connection at all, in >> which case the SSE4.1 and SSE4.2 dependencies we currently >> have should all be reduced to dependencies upon SSE (as >> expressing the presence of XMM registers). Therefore I'm now leaning towards truly making register existence the only prereq, albeit even that may be considered still too much (because of CRC32, POPCNT, and FISTTP, none of which requires XMM registers, and which Intel suggests are fine to use in the absence of SSE being available), so perhaps we may even need to drop a few dependencies altogether. >> Getting this into consistent shape might save some discussions >> on the AVX512 series (where, depending on the outcome here, >> I may need to make further adjustments). One additional question >> there would then be whether to take AVX512BW as indication of >> full 64-bit mask registers (AVX512F only needs 16-bit wide ones), >> as is implied e.g. by gcc. > > I don't have a problem in principle with changing dependences. > > One risk however is the forwards compatibility of VMs migrating to newer > versions of Xen - we must take care to not make features accidentally > disappear in newer builds of Xen running on the same hardware. > (Accepting that we may deliberately need to make features disappear if > mistakes in the dependency logic are discovered.) So would the missing PCLMULQDQ dependency not already fall in the category of risking a feature to disappear (once the dependency was added) during migration? > I would however like to first get a clear understand and agreement on > our expectations, to try and avoid problems like this in the future. +1 - hence this discussion. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.