On Wed, Apr 10, 2024 at 12:28:08AM -0700, Atish Patra wrote:
On 4/10/24 00:10, Andrew Jones wrote:
On Tue, Apr 09, 2024 at 03:52:40PM -0700, Atish Patra wrote:
On 4/5/24 06:11, Andrew Jones wrote:
On Wed, Apr 03, 2024 at 01:04:50AM -0700, Atish Patra wrote:
...
- probe = guest_sbi_probe_extension(SBI_EXT_PMU, &out_val);
- GUEST_ASSERT(probe && out_val == 1);
- if (get_host_sbi_spec_version() < sbi_mk_version(2, 0))
__GUEST_ASSERT(0, "SBI implementation version doesn't support PMU Snapshot");
+}
It's a pity we can't check the SBI spec version that KVM is advertising from KVM userspace. Normally we'd want to check something like this at the start of the test with TEST_REQUIRE() before running a VCPU in order to generate a skip exit.
Agreed. I will send a separate series for that as it is an ABI change.
(We probably should allow reading and even writing the SBI spec version from the VMM in order to better support migration.)
How that would work for SBI spec version write use case ? For migraiton, you can't go back to older SBI versions in the host. Isn't it ?
Considering this case your VM is running with PMU snapshot as the host has SBI v2.0. It can't be migrated to v1.0 and expecting it work. Correct ?
We can start a VM on a host with SBI v2.0, but tell KVM to tell the VM that it has v1.0. Then, the guest shouldn't use any features from SBI that appear after v1.0 and it should be safe to migrate to a host with v1.0.
That depends on when the VMM request to KVM to change the version. Most of SBI implementation checks the SBI version at the boot and enable/disable feature based on the SBI version available. If the SBI version supported by KVM changes to an older one, the calls from VM will fail unexpectedly.
We have to configure KVM's SBI version before the first run of VCPUs, just like we should make sure ISA/SBI extensions are configured first.
A more likely scenario might be this though:
- KVM userspace checks and captures the SBI version of the host where the VM is first being launched, e.g. v2.0
- The VM gets migrated to another host which supports something later, e.g. v3.0, but to
- avoid possibly confusing the guest we tell the destination host that it should expose v2.0 as the SBI version
- allow rollback to the source host without concern that the guest has already seen v3.0 and started to use something that the source can't provide
This makes sense though. As per my understanding, we should not allow modifying the SBI version that is less that the version VM already boot with. However, we can allow modifying the SBI version that is higher or same as the VM booted with.
Mostly only 'the same as'. Higher might work, but it's also risky since there could be guests out there which capture the version on boot and then for whatever reason do sanity checks against that later on and freak out when there's a change, even if the change went higher.
I can't think of a use case for the higher version though.
Maybe only for a coordinated update which uses kexec rather than a full shutdown+boot cycle, but I'm reaching...
Regarding a full shutdown+boot cycle, in those cases, we're usually free to make changes as that's the same as a host kernel being shutdown and then being boot again after a firmware update.
Thanks, drew