Xen project Mailing List

Re: [Xen-devel] [PATCH RFC 00/10] x86 passthrough code cleanup

From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Date: Mon, 26 Feb 2018 01:47:38 +0100

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Tian, Kevin" <kevin.tian@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Mon, 26 Feb 2018 00:49:01 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Feb 23, 2018 at 10:39:20PM -0600, Doug Goldstein wrote: > On 2/22/18 11:12 PM, Tian, Kevin wrote: > >> From: Wei Liu > >> Sent: Thursday, February 22, 2018 5:47 AM > >> > >> Hi all > >> > >> At some point I would like to make CONFIG_HVM and CONFIG_PV work. > >> The > >> passthrough code is one of the road blocks for that work. > > > > Can you elaborate the motivation of this change? why does someone > > want to disable HVM or PV logic completely from hypervisor? > > I can say I recall advocating for this at Xen Summit in Cambridge. I > believe I talked about it in Toronto as well. There are a number of > users of Xen that would certainly want to ship without all the code > associated with PV compiled in. Given the nature of design "compromises" > in many parts of x86 systems there is certainly a non-zero sum of people > that would likely utilize the ability to remove code that doesn't need > to be there. I think every individual on this list who has been involved > in the security has been in a room of @intel.com folks has seen features > vs security win out many times. > > I don't think its a hard stretch of the imagination to see people > disabling PV in data centers running newer workloads on PVH and HVM > only. Yes, definitely disabling PV will be useful. Right after being able to use PCI passthrough with PVH. > I can see the real question being why HVM? That I would say lies > with the direction of discretionary access controls in Xen vs mandatory > access controls. To solve for the lack of functionality we've grown > things like "dmops" and I could certainly see a product like Qubes > running only PVH domains in the future. > > Since I picked on Qubes I've CC'd Marek. So, is it going to be an option to have CONFIG_HVM=n and CONFIG_PVH=y at the same time? While currently we do support Windows, so need CONFIG_HVM=y, but I can see in some future/alternative version we could have even that disabled. For example right now we do have CONFIG_SHADOW_PAGING disabled. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?

Attachment: signature.asc
Description: PGP signature

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.