|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] SMAP/SMEP issues with 32-bit pv guests
Hi Andrew, > -----Original Message----- > From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Sent: Tuesday, June 28, 2016 3:42 PM > To: Wu, Feng <feng.wu@xxxxxxxxx> > Cc: Andrew Cooper (andrew.cooper3@xxxxxxxxxx) > <andrew.cooper3@xxxxxxxxxx>; Nakajima, Jun <jun.nakajima@xxxxxxxxx>; > Wang, Yong Y <yong.y.wang@xxxxxxxxx>; xen-devel@xxxxxxxxxxxxx > Subject: Re: SMAP/SMEP issues with 32-bit pv guests > > >>> On 28.06.16 at 03:58, <feng.wu@xxxxxxxxx> wrote: > > As you know, SMAP/SMEP may affect the 32-bit pv guests, after discussed > > internally, our current idea is that we can just disable this two feature > > for > > Xen hypervisor itself, hence only enable it for HVM guests. Do you think > > this > > is acceptable from your perspective? > > I think at most we should go as far as making this an option. That's > better than requiring people to turn off SMEP/SMAP completely to > gain back performance, and better than forcing people to accept > this security wise step backwards without any alternative. And once > an option, I think I'd still like to have current behavior remain the > default; distros could choose to alter that default with - presumably - > a one line patch. What is your opinion about doing it this way? If you also agree with it, we will start to implement it. Thanks, Feng > > Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |