Xen project Mailing List

Re: [PATCH 8/8] x86/cpuid: Move VMX/SVM out of the default policy

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 1 Oct 2020 13:04:59 +0200

Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 01 Oct 2020 11:06:13 +0000

Ironport-sdr: u8/irix7pqyCTWtGfl8AH+40goQQGWiUhwUQISqQf0FLUVAp+68pOxHlEjNUPYedgxNobgSZLz Vw7N9tNGqUbRnS9UTiS26jchyseetwmSjHmo+tNdH3DnXlJ9T5if3uAzu/CMtrF7axrfnu/2sX i5YgGYUXCAXwlOnf3VTFxv6dLxIPEImUn+sxqsqz7tOddQ44Rpv3ZXHeclOXfF6y2A5cwlHU7H xkAC7qXEs/FWI5xRrc4M27nj7JNUn42xtXfsbJ786j/gEjdXv1nTMuPh0ma+y/jQ3AoXhD97Z/ K/E=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Sep 30, 2020 at 02:42:48PM +0100, Andrew Cooper wrote: > Nested virt is still experimental, and requires explicitly opting in to at > domain create time. The VMX/SVM features should not be visible by default. > > Also correct them from all HVM guests, to just HAP-enabled guests. This has > been the restriction for SVM right from the outset (c/s e006a0e0aaa), while > VMX was first introduced supporting shadow mode (c/s 9122c69c8d3) but later > adjusted to HAP-only (c/s 77751ed79e3). > > There is deliberately no adjustment to xc_cpuid_apply_policy() for pre-4.14 > migration compatibility. The migration stream doesn't contain the required > architectural state for either VMX/SVM, and a nested virt VM which migrates > will explode in weird and wonderful ways. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.