[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Ongoing/future speculative mitigation work

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Xen-devel List <xen-devel@xxxxxxxxxxxxx>
From: Mihai Donțu <mdontu@xxxxxxxxxxxxxxx>
Date: Mon, 22 Oct 2018 12:32:54 +0300
Cc: Juergen Gross <JGross@xxxxxxxx>, Lars Kurth <lars.kurth@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>, Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxxx>, Daniel Kiper <daniel.kiper@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Marek Marczykowski <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, "Dannowski, Uwe" <uwed@xxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Matt Wilson <msw@xxxxxxxxxx>, Joao Martins <joao.m.martins@xxxxxxxxxx>, "Woodhouse, David" <dwmw@xxxxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 22 Oct 2018 09:33:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, 2018-10-19 at 13:17 +0100, Andrew Cooper wrote:
> [...]
> 
> > Therefore, although I certainly think we _must_ have the proper
> > scheduler enhancements in place (and in fact I'm working on that :-D)
> > it should IMO still be possible for the user to decide whether or not
> > to use them (either by opting-in or opting-out, I don't care much at
> > this stage).
> 
> I'm not suggesting that we leave people without a choice, but given an
> option which doesn't share siblings between different guests, it should
> be the default.

+1

> [...]
> 
> Its best to consider the secret-free Xen and scheduler improvements as
> orthogonal.  In particular, the secret-free Xen is defence in depth
> against SP1, and the risk of future issues, but does have
> non-speculative benefits as well.
> 
> That said, the only way to use HT and definitely be safe to L1TF without
> a secret-free Xen is to have the synchronised entry/exit logic working.
> 
> > > A solution to this issue was proposed, whereby Xen synchronises
> > > siblings on vmexit/entry, so we are never executing code in two different
> > > privilege levels.  Getting this working would make it safe to
> > > continue using hyperthreading even in the presence of L1TF.  
> > 
> > Err... ok, but we still want core-aware scheduling, or at least we want
> > to avoid having vcpus from different domains on siblings, don't we? In
> > order to avoid leaks between guests, I mean.
> 
> Ideally, we'd want all of these.  I expect the only reasonable way to
> develop them is one on top of another.

If there was a vote, I'd place the scheduler changes at the top.

-- 
Mihai Donțu


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] Ongoing/future speculative mitigation work
  - From: Andrew Cooper
- Re: [Xen-devel] Ongoing/future speculative mitigation work
  - From: Dario Faggioli
- Re: [Xen-devel] Ongoing/future speculative mitigation work
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [xen-4.9-testing baseline-only test] 75474: trouble: blocked/broken
Next by Date: Re: [Xen-devel] [PATCH v8 8/8] xen/arm: map reserved-memory regions as normal memory in dom0
Previous by thread: Re: [Xen-devel] Ongoing/future speculative mitigation work
Next by thread: Re: [Xen-devel] Ongoing/future speculative mitigation work
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.