Xen project Mailing List

Re: [PATCH v5 07/12] xen: enable Dom0 to use SVE feature

From: Luca Fancellu <Luca.Fancellu@xxxxxxx>

Date: Thu, 20 Apr 2023 12:43:36 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eebYkdrr6m6foLMENZbrTRxHua8J/TVczgQQV+fkLWc=; b=BkOQnc48B8air+q50YhyRBQoWXcjcC4iJdsMNlAnkC4yn7TS35ecL3IMucsXnWQm9BZ3h+VwxUbdL4aFkZsgT0gJeotlav9KRfQlbfByN59pBdKiwtAPTFMG4kXc5VVfa+2MmlZlm5xwvj0m/J+Sq/Z5j4Lym8tld76QrvXYYlqhhZjxGu/OMPGd8gkoPjm2qb6IcYFaky5os7Vsbtg+/8yCA7oJkpROzIy3EAB9JAWwYv6OMmK1JLsc9VfTBqBDs1K9E1oGIaAS7eoUPtuoGeLxIkcLFNYKhKzFNjQWJWiGgn7uZgFMzQhzXOMq9wlGaKFZft0K7f73JHBKQ7T1fA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FyOFv/9yyXyc0RNZ99UMkwD807WdCD903dvy/TKboPoqgJIg+OQWTgTT3MY1fL1/TI1KIRGrWaHGOIubKKI4gWzYqjzVw6AZOWlXfX3HZZEXpprU9bMlCEZ7wnOUU7eHD9rA82ibaHzLDMO2srC4amP5PaD8q6i9Fs31yHE3Y3nUNbRmWaeyG3WE/rYRd8QTVJAXocPaBN9Gd4+EuxPnZdDC23yAPXW8qxdj4/1SdqOVtex7jbnV7UvECMHYwE0ZpudVTXY9iHnQBNAPDmPznRUZgxJzuAwafVezF3L/0gacUPQ7/0QwUIUEVztCitwxj6ktTW1OMZlq063aEdJewg==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Thu, 20 Apr 2023 12:43:56 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHZbSQ+XccnxtxNG0WbEgpX88e2za8xDZ2AgAE1hQCAAAGYAIAABb6AgAGkXICAAD5kgIAAA+SA

Thread-topic: [PATCH v5 07/12] xen: enable Dom0 to use SVE feature

> On 20 Apr 2023, at 13:29, Julien Grall <julien@xxxxxxx> wrote: > > Hi Luca, > > On 20/04/2023 09:46, Luca Fancellu wrote: >>>>>>> +int __init sve_sanitize_vl_param(int val, unsigned int *out) >>>>>>> +{ >>>>>>> + /* >>>>>>> + * Negative SVE parameter value means to use the maximum supported >>>>>>> + * vector length, otherwise if a positive value is provided, check >>>>>>> if the >>>>>>> + * vector length is a multiple of 128 and not bigger than the >>>>>>> maximum value >>>>>>> + * 2048 >>>>>>> + */ >>>>>>> + if ( val < 0 ) >>>>>>> + *out = get_sys_vl_len(); >>>>>>> + else if ( ((val % SVE_VL_MULTIPLE_VAL) == 0) && (val <= >>>>>>> SVE_VL_MAX_BITS) ) >>>>>>> + *out = val; >>>>>> >>>>>> Shouldn't you also check if it is not greater than the maximum vector >>>>>> length ? >>>>> >>>>> I don’t understand, I am checking that the value is below or equal to >>>>> SVE_VL_MAX_BITS, >>>>> If you mean if it should be checked also against the maximum supported >>>>> length by the platform, >>>>> I think this is not the right place, the check is already in >>>>> arch_sanitise_domain_config(), introduced >>>>> in patch #2 >>>> >>>> If this is not the right place to check it then why checking the rest here >>>> ? >>>> >>>> From a user or a developer point of view I would expect the validity of >>>> the input to be checked only >>>> in one place. >>>> If here is not the place for that it is ok but then i would check >>>> everything in arch_sanitise_domain_config >>>> (multiple, min and supported) instead of doing it partly in 2 places. >>> >>> Ok, given the way we encoded the value in xen_domctl_createdomain >>> structure, we have that the value takes >>> very little space, but a small issue is that when we encode it, we are >>> dividing it by 128, which is fine for user params >>> that are multiple of 128, but it’s less fine if the user passes “129”. >>> >>> To overcome this issue we are checking the value when it is not already >>> encoded. Now, thinking about it, the check >>> "&& (val <= SVE_VL_MAX_BITS)” is not really needed, because even if the >>> value is above, then in arch_sanitise_domain_config >>> we will hit the top limit of the platform maximum VL. >>> >>> int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) >>> { >>> unsigned int max_vcpus; >>> unsigned int flags_required = (XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap); >>> unsigned int flags_optional = (XEN_DOMCTL_CDF_iommu | >>> XEN_DOMCTL_CDF_vpmu); >>> unsigned int sve_vl_bits = sve_decode_vl(config->arch.sve_vl); >>> >>> if ( (config->flags & ~flags_optional) != flags_required ) >>> { >>> dprintk(XENLOG_INFO, "Unsupported configuration %#x\n", >>> config->flags); >>> return -EINVAL; >>> } >>> >>> /* Check feature flags */ >>> if ( sve_vl_bits > 0 ) >>> { >>> unsigned int zcr_max_bits = get_sys_vl_len(); >>> >>> if ( !zcr_max_bits ) >>> { >>> dprintk(XENLOG_INFO, "SVE is unsupported on this machine.\n"); >>> return -EINVAL; >>> } >>> >>> if ( sve_vl_bits > zcr_max_bits ) >>> { >>> dprintk(XENLOG_INFO, >>> "Requested SVE vector length (%u) > supported length >>> (%u)\n", >>> sve_vl_bits, zcr_max_bits); >>> return -EINVAL; >>> } >>> } >>> [...] >>> >>> Now, I understand your point, we could check everything in >>> sve_sanitize_vl_param(), but it would leave a problem >>> for domains created by hypercalls if I am not wrong. >>> >>> What do you think? >> I thought about that and another possibility is to store “sve_vl” as >> uint16_t inside struct xen_arch_domainconfig, and >> check it inside arch_sanitise_domain_config() for it to be mod 128 and less >> than the max supported VL, this will >> allow to have all the checks in one place, taking a bit more space, anyway >> we would take the space from the implicit >> padding as this is the current status: Hi Julien, > > Sorry, I am having trouble to follow the discussion. If you are checking the > value in arch_sanitise_domain_config(), then why do you need to take more > space in arch_domain? Yes I am checking the value in arch_sanitise_domain_config, the value checked is from arch_domain and it is the vector length divided by 128, so an encoded value. Bertrand was puzzled by the fact that I also put a check in sve_sanitize_vl_param to see if the vector length passed by the user is mod 128, his point is that we should check a value only in one place and not in two, and it is a valid point but in this case we can’t put all the check into arch_sanitise_domain_config because we don’t have the “full” value from arch_domain, and we can’t put all the checks in sve_sanitize_vl_param because it will leave out from the check domains created by hyper calls. So to have only one point where the checks are done (mod 128 and <= HW supported VL), we might need to have a full resolution VL value in struct xen_arch_domainconfig (16 bit). But if we want to save space for the future, we could leave the code as it is and rely on the fact that the tools (or Xen) when creating the domain configuration, will check that the SVE VL parameter is mod 128. In this last case what is in struct xen_arch_domainconfig is implicitly mod 128 and only the upper boundary of the max supported VL will be checked by Xen inside arch_sanitise_domain_config. > > Cheers, > > -- > Julien Grall

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.