[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] sidecar (hvm shim) creation script

On 01/10/2018 04:25 PM, Ian Jackson wrote:
> Draft README.
> 
> My git branch is bere
>    xenbits.xen.org:/home/iwj/ext/xen.git#wip.sidecar
> 
> (This contains the converter script too.  The git history is not very
> useful and the files are in the wrong place, but I needed somewhere to
> do my work.)
> 
> Ian.
> 
> 
>                 PV-in-HVM shim with "sidecar" ISO
>                 =================================
> 
> Summary
> -------
> 
> This README describes a mitigation strategy for Meltdown.
> 
> The basic principle is to run PV guests (which can read all of host
> memory due to the hardware bugs) as HVM guests (which cannot, at least
> not due to Meltdown).  The PV environment is still provided to the
> guest by an embedded copy of Xen, the "shim".
> 
> 
> Properties of this approach
> ---------------------------

What about "Who should use this approach"?

You might consider this approach if:

- You want to deploy a fix immediately
- You can't, or would like to avoid, updating to Xen 4.8 or newer
- You can:
 - Run a script to modify each domain config
 - Afford an extra 80MiB per guest
 - Tolerate having an extra QEMU around
- You don't need migration, memory ballooning, vcpu hotplug, or guest
console

You might want to avoid this approach if:
- You're on 4.8 or later already
- You don't want an extra QEMU around
- You need migration, memory ballooning, vcpu hotplug, or guest console

Along those lines.

> Alternative approaches
> ----------------------
> 
>  * PVH
> 
>    Users who are using Xen 4.10 (or can upgrade) should use PVH
>    for guests which support it.  (PVH aka "PVHv2" requires guest
>    kernel support.)
> 
>    We intend to backport PVH support to Xen 4.8.

I've posted RFC patches fro this already.

>  * PV-in-PVH
> 
>    We have a work-in-progress which runs PV guests with a shim, as
>    above, but where the shim runs as a PVH rather than PV guest.
>    This will be available for Xen 4.10 in the first instance,
>    but is not available today.
> 
> 
> What you will need
> ------------------
> 
>  * Your host must be able to run grub-mkrescue to generate a .iso
>  * You will therefore need xorriso and mtools
>  * You must be using xl and able to use an alternative your guest config
> 
>  * You will need the script "pvshim-converter"
>  * You will need the xen.git branch XXXX TBD
> 
> 
> Instructions
> ------------
> 
> 1. On a suitable system (perhaps a different host)
>       git clone XXXXX TBD
>       git checkout XXXXX TBD
>       XXXX runes to configure and build only the whim
> 
> This will build a file
>       dist/install/usr/local/lib/xen/boot/XXX-SOMETHING
> 
> 2. Copy that file to your dom0.
> 
> 3. Copy the script pvshim-converter to your dom0 and make
>    it executable:
>       chmod +x pvshim-converter
> 
> 4. For each guest
> 
>   (i) if the guest is currently booted with pygrub you must first
>    switch to direct kernel boot, by manually copying the kernel and
>    initramfs out of the guest, and configuring the command line in the
>    domain configuration file.

pvgrub / pvgrub2?

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.