On Wed, Oct 28, 2020 at 12:40:49PM +0000, Will Deacon wrote:
> On Wed, Oct 28, 2020 at 11:49:46AM +0000, Catalin Marinas wrote:
> > On Wed, Oct 28, 2020 at 11:23:43AM +0000, Will Deacon wrote:
> > > On Wed, Oct 28, 2020 at 11:22:06AM +0000, Catalin Marinas wrote:
> > > > On Wed, Oct 28, 2020 at 11:17:13AM +0000, Will Deacon wrote:
> > > > > On Wed, Oct 28, 2020 at 11:12:04AM +0000, Catalin Marinas wrote:
> > > > > > On Tue, Oct 27, 2020 at 09:51:14PM +0000, Will Deacon wrote:
> > > > > > > +static bool has_32bit_el0(const struct arm64_cpu_capabilities *entry, int scope)
> > > > > > > +{
> > > > > > > + return has_cpuid_feature(entry, scope) || __allow_mismatched_32bit_el0;
> > > > > > > +}
> > > > > > > +
> > > > > > > static bool has_useable_gicv3_cpuif(const struct arm64_cpu_capabilities *entry, int scope)
> > > > > > > {
> > > > > > > bool has_sre;
> > > > > > > @@ -1803,7 +1851,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
> > > > > > > .desc = "32-bit EL0 Support",
> > > > > > > .capability = ARM64_HAS_32BIT_EL0,
> > > > > > > .type = ARM64_CPUCAP_SYSTEM_FEATURE,
> > > > > > > - .matches = has_cpuid_feature,
> > > > > > > + .matches = has_32bit_el0,
> > > > > >
> > > > > > Ah, so this one reports 32-bit EL0 support even if no CPU actually
> > > > > > supports 32-bit (passing the command line option on TX2 would come up
> > > > > > with 32-bit EL0 in dmesg). I'd rather hide the .desc above and print the
> > > > > > information elsewhere when have at least one CPU supporting this.
> > > > >
> > > > > Yeah, the problem is if a CPU with 32-bit EL0 support was late-onlined,
> > > > > then we would have 32-bit support, so I think this is an oddity that you
> > > > > get when the command line is passed. That said, I could nobble .desc and
> > > > > print it from the .matches function, with a slightly different message
> > > > > when the command line is passed.
> > > >
> > > > I think we could do a pr_info_once() in update_32bit_cpu_features().
> > >
> > > Is that called on a system with one CPU?
> >
> > Ah, it's not.
> >
> > Anyway, I see your reasoning behind the late CPUs but I don't
> > particularly like abusing the cpufeature support to pretend a
> > SYSTEM_FEATURE is available before knowing any CPU has it (maybe we do
> > it in other cases, I haven't checked).
>
> Hmm, but that's exactly what this cmdline option is about. We pretend that
> the system has 32-bit EL0 when normally we would say that we don't.
So that's more about force-enabling 32-bit irrespective of whether any
CPU supports it (not just in the mismatched/asymmetric case). Of course,
if the aarch32_el0 mask is empty, the apps would get SIGKILL'ed.
> > Could we not instead add a new feature for asymmetric support that's
> > defined as ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE? This would be allowed
> > for late CPUs and we keep the system_supports_32bit_el0() unchanged.
>
> I really don't think this gains us anything.
It saves us having to explain to someone passing this option on a TX2
why personality(PER_LINUX32) and even execve() appear to work (well,
until SIGKILL). The lscpu tool, for example, uses personality() to
display whether the CPUs support 32-bit.
Also with PER_LINUX32, /proc/cpuinfo shows the 32-bit HWCAPs. We have
compat_elf_hwcap pre-populated with some stuff which is entirely untrue
if AArch32 is missing.
Thinking about the COMPAT_HWCAPs, do we actually populate them properly
on an asymmetric system if the boot CPU is not AArch32-capable? In my
original patch I had to defer populating boot_cpu_data with AArch32
information until a capable CPU was found. If not,
update_32bit_cpu_features() will set most 32-bit features to 0.
> The current users of system_supports_32bit_el0() are:
>
> - The ELF loader
> - CPU feature sanitisation code
> - Personality syscall
There three need a relaxed system_supports_32bit_el0(), so we could
change it to check a new relaxed feature.
> - KVM
Here I think we need the stronger guarantee, no 32-bit allowed in
guests (the original symmetric feature check).
> and, afaict, all of these would need to check the new feature if we added
> it. I think it would also mean that at least one 32-bit capable CPU would
> have to boot early in order for the new feature to be advertised, which
> feels like an artificial restriction to me, particularly as you could just
> offline it immediately.
How strong requirement is to allow late CPUs here? I think we'd miss the
COMPAT_HWCAPs as we no longer populate them once user-space started,
they are actually setup via smp_cpus_done() -> setup_cpu_features().
--
Catalin
