[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle



On 27/11/13 15:02, Liu, Jinsong wrote:
> Andrew Cooper wrote:
>> On 27/11/13 14:37, Liu, Jinsong wrote:
>>> Andrew Cooper wrote:
>>>> On 27/11/13 14:27, Liu, Jinsong wrote:
>>>>> Andrew Cooper wrote:
>>>>>> On 27/11/13 13:50, Liu, Jinsong wrote:
>>>>>>> From 291adaf4ad6174c5641a7239c1801373e92e9975 Mon Sep 17 00:00:00
>>>>>>> 2001 From: Liu Jinsong <jinsong.liu@xxxxxxxxx>
>>>>>>> Date: Thu, 28 Nov 2013 05:26:06 +0800
>>>>>>> Subject: [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle
>>>>>>>
>>>>>>> When MPX supported, a new guest-state field for IA32_BNDCFGS
>>>>>>> is added to the VMCS. In addition, two new controls are added:
>>>>>>>  - a VM-exit control called "clear BNDCFGS"
>>>>>>>  - a VM-entry control called "load BNDCFGS."
>>>>>>> VM exits always save IA32_BNDCFGS into BNDCFGS field of VMCS.
>>>>>>>
>>>>>>> Signed-off-by: Xudong Hao <xudong.hao@xxxxxxxxx>
>>>>>>> Reviewed-by: Liu Jinsong <jinsong.liu@xxxxxxxxx>
>>>>>>>
>>>>>>> Unlikely, but in case VMX support is not available, not expose
>>>>>>> MPX to hvm guest.
>>>>>> You are still missing the point.
>>>>>>
>>>>>> I as the administrator choose to prevent an HVM guest from using
>>>>>> MPX. Perhaps I want to create a heterogeneous pool.
>>>>>>
>>>>>> Therefore, the bit is disabled in the domains cpuid policy,
>>>>>> despite being available on the hardware.
>>>>>>
>>>>>> ~Andrew
>>>>>>
>>>>> Could you tell me the reason why choose to prevent HVM from using
>>>>> MPX? 
>>>>>
>>>>> Thanks,
>>>>> Jinsong
>>>> For exactly the case I gave - a VM in a heterogeneous pool where one
>>>> server supports MPX and the other is lacking the MPX feature.
>>>>
>>>> ~Andrew
>>>>
>>> I didn't see the point of your case to prevent HVM MPX feature.
>>> Could you elaborate more of your concern?
>>>
>>> Thanks,
>>> Jinsong
>> It is very common to have pools of servers made of different
>> generations of CPU.  E.g. Ivy Bridge and Haswell.  To safely migrate
>> a VM, the feature set the VM can see must be the common subset of the
>> two. 
>>
>> ~Andrew
> Yes -- but that's not a reason to prevent MPX feature (or, any new features) 
> -- otherwise you have to prevent any new features.
> The right place to control cpuid policy of a pool is at higher level, where 
> it has full information of the pool machines and so it's right place to make 
> decision what cpuid feature set would be proper for the specific pool.
>
> Thanks,
> Jinsong

That is exactly a reason to prevent MPX.

If the domain cpuid policy (which is set by the toolstack) states that
MPX should be disabled, then MPX must be hidden from the HVM guest, even
if the hardware supports MPX.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.