On 07/03/2018 15:41, Cornelia Huck wrote:
On Wed, 7 Mar 2018 11:09:46 +0100
Pierre Morel <pmo...@linux.vnet.ibm.com> wrote:
What I mean is the reverse implication
ECA_APIE => ap=on
But you can have ap = on and ECA_APIE = off
This is interception or emulation.
and the second thing is that we need two QEMU cpu features
AP : guest API to say we provide AP instructions to the guest (what ever
we do to provide it)
ECA_APIE : kernel will setup the SIE with interpretation
other said:
if( !ap)
return -ENODEVICE
if(ECA_API)
set_interpretation()
else
set_interception()
This discussion is giving me a headache, so let's take a step back and
figure out what is needed/wanted/possible.
* straight passthrough of tuples, SIE doing the heavy lifting
-> what this patchset is doing, and should be fine, even regarding
nesting
* remapping of tuples, SIE doing most of the work
Currently the SIE do not allow remapping.
Only interception can allow remapping.
(IIRC it's possible
to only intercept for a subset of instructions?)
More than possible: some AP instructions, when existing, are always
intercepted and some
other are intercepted based on a specific condition and on STFLE bits
but for them
SIE Execution control bit is ignored.
However, we do not use these instructions in this patch series.
-> that's where it gets complicated, and IIUC we can't have any mixed
straight/remap setups, and we may have issues regarding nesting
We do not have issues regarding nesting, we can not nest
a guest doing SIE interpretation inside another doing interception.
It is an architectural design, not an issue.
To guaranty this, the architecture provide Effective Execution Control,
EEC.
The handling of ECA28 for guests execution is combined into a
single description, the EECA, when operating at guest level 2
the EECA.28 is the logical AND of the guest level 1 ECA.28 and the
guest level 2 ECA.28
When using vSIE we need to propagate this handling.
Question: How important is that use case? Can we drop it and make our
lives much easier?
AFAIK, and as long as my information is up to date, we can not close the
door to interception.
In other word, we need to separate the CPU feature defining "if AP
instructions are available"
from the QEMU property defining "How we provide the instructions".
ECA28 obviously belongs to the "how" and not to the "if".
* full emulation (which would be the only option for tcg, obviously)
-> even if it were doable, I doubt it would be very useful
It would be great if we could have a design that would also
accommodate this (and I have rooted for that in the past), but the
more I hear about the issues here, the more I doubt whether this is
something we should spend time on.
Another question: Can some of the use cases be serviced via
virtio-crypto as well (clear key)? Would that in combination with
straight passthrough be enough?
--
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany
