Xen project Mailing List

Re: [Xen-devel] [PATCH RFC 00/10] x86 passthrough code cleanup

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>

Date: Mon, 26 Feb 2018 12:45:55 +0000

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Mon, 26 Feb 2018 12:46:05 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Sat, Feb 24, 2018 at 03:23:48AM +0000, Tian, Kevin wrote: > > From: Wei Liu [mailto:wei.liu2@xxxxxxxxxx] > > Sent: Saturday, February 24, 2018 12:08 AM > > > > On Fri, Feb 23, 2018 at 05:12:05AM +0000, Tian, Kevin wrote: > > > > From: Wei Liu > > > > Sent: Thursday, February 22, 2018 5:47 AM > > > > > > > > Hi all > > > > > > > > At some point I would like to make CONFIG_HVM and CONFIG_PV work. > > > > The > > > > passthrough code is one of the road blocks for that work. > > > > > > Can you elaborate the motivation of this change? why does someone > > > want to disable HVM or PV logic completely from hypervisor? > > > > > > > At some point in the future, we would like to utilise as many hardware > > features as possible and have an HVM / PVH only setup. At that point PV > > code will be necessarily and should be preferably compiled out to reduce > > code size and attack surface. > > > > Having PV compiled out also enable Xen to reclaim some address space > > from the PV ABI. > > > > But, we understand that PV is here to stay for at least a while and > > could be useful for some other niche use cases, so upstream have > > developed a PV-in-PVH shim to continue to support PV guests. The shim is > > actually yet another configuration of Xen running as a PVH guest but > > exposes PV ABI to PV guests. We want to disable HVM code in that case, > > again, to reduce code size and attach surface. > > since it's only temporary, do we really care about code size or attacking > surface in such case? or is it worthy of the effort regarding to the gain > which you anticipate? > It depends. We don't really know how long the shim is going to live. If it is going to be useful for the next 5 to 10 years after we decide to go HVM / PVH only (which I think that's a reasonable assumption for enterprise usage), it is worthy of the effort. > I sort of buy-in CONFIG_PV, but not sure whether CONFIG_HVM is > required. > I kinda agree: CONFIG_PV is more valuable than CONFIG_HVM. But I have already done the heavy-lifting to distinguish PV and HVM code so having CONFIG_HVM work can be seen as a side effect of that. Wei. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.