[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] SMAP/SMEP issues with 32-bit pv guests

To: "Feng Wu" <feng.wu@xxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 28 Jun 2016 01:41:38 -0600
Cc: "Andrew Cooper \(andrew.cooper3@xxxxxxxxxx\)" <andrew.cooper3@xxxxxxxxxx>, Yong Y Wang <yong.y.wang@xxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Tue, 28 Jun 2016 07:41:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 28.06.16 at 03:58, <feng.wu@xxxxxxxxx> wrote:
> As you know, SMAP/SMEP may affect the 32-bit pv guests, after discussed 
> internally, our current idea is that we can just disable this two feature for 
> Xen hypervisor itself, hence only enable it for HVM guests. Do you think this 
> is acceptable from your perspective?

I think at most we should go as far as making this an option. That's
better than requiring people to turn off SMEP/SMAP completely to
gain back performance, and better than forcing people to accept
this security wise step backwards without any alternative. And once
an option, I think I'd still like to have current behavior remain the
default; distros could choose to alter that default with - presumably -
a one line patch.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] SMAP/SMEP issues with 32-bit pv guests
  - From: Wu, Feng

Prev by Date: [Xen-devel] [xen-4.3-testing test] 96321: regressions - FAIL
Next by Date: Re: [Xen-devel] [PATCH] x86/cpuid: AVX-512 Feature Detection
Previous by thread: [Xen-devel] SMAP/SMEP issues with 32-bit pv guests
Next by thread: [Xen-devel] [xen-unstable test] 96315: regressions - trouble: blocked/broken/fail/pass
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.