[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 7/9] x86/hvm: Disable MPX by default

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Wed, 17 Jun 2020 12:47:05 +0100
Authentication-results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 17 Jun 2020 11:47:15 +0000
Ironport-sdr: 1D84Szqh/iAfruf+3HZ72EEcKWxaZiZxMTdIzOxYGQ8ZqQ0S+gQVKGC27M9jVRENqFSelu01Yq hpMJ6+hKEBxcsoKIvC58ICUGuuGiVYJyqQ+PT4p5LFrJoUcHFJrfhk26LlWIFVpz+723h2VvBY RmemDw89BEotREbBE0T8eb/DCUxio6OLjyBIYqkVpQxGgFAn8XIjbV/D8W+yJrTjwDYpM3lU9E 97biLd0tT4tqAWSMYLEZMDN+8hDDcazdRx1aO2KilgjpxrzUvktGIK9SA+i+3xFhMDOmoy9vwR BWM=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17/06/2020 12:41, Jan Beulich wrote:
> On 17.06.2020 13:28, Andrew Cooper wrote:
>> We actually have AVX512 disabled by default in XenServer.  The perf
>> implications of letting 1 guest play with it is very severe.
>>
>> Now I think about it, I'm tempted to recommend it moves out of default
>> generally.
> Hmm, I'm tempted to ask whether you're kidding.

I'm very definitely not.

AVX512 is a disaster, perf wise on Skylake/CascadeLake, and its very
easy to cripple the entire system, including the other guest.

So much so that "better AVX512 frequency transitions" is a headline
feature in IceLake.

>  This is the kind of
> feature that I see no reason at all to move out of default. Imo we
> shouldn't put in place policy like this - if anything shouldn't be
> on by default, it should imo be because of limitations in our
> handling (I've recently revived my UMIP emulation patch, which
> comes to mind here) or because of uncertainty on some aspects (like
> is the case for MOVDIR / ENQCMD for example). Anything else should
> be left to the admins to decide.

"left to the admins to decide" does not mean "on by default".

"default" needs to be a sensible set, which migrates safely, and can't
be used to trivially DoS the rest of the system.  An admin can always
opt into allowing this DoS, but shouldn't have it by default.

~Andrew

References:
- [PATCH for-4.14 0/9] XSA-320 follow for IvyBridge
  - From: Andrew Cooper
- [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Andrew Cooper
- Re: [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Jan Beulich
- Re: [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Andrew Cooper
- Re: [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Jan Beulich
- Re: [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Andrew Cooper
- Re: [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Jan Beulich
- Re: [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Andrew Cooper
- Re: [PATCH 7/9] x86/hvm: Disable MPX by default
  - From: Jan Beulich

Prev by Date: Re: [PATCH 7/9] x86/hvm: Disable MPX by default
Next by Date: Re: [PATCH v1 7/7] x86/vmx: switch IPT MSRs on vmentry/vmexit
Previous by thread: Re: [PATCH 7/9] x86/hvm: Disable MPX by default
Next by thread: [PATCH 5/9] tools/libx[cl]: Plumb bool restore down into xc_cpuid_apply_policy()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.