[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.15] x86/msr: introduce an option for HVM relaxed rdmsr behavior

  • To: Ian Jackson <iwj@xxxxxxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 4 Mar 2021 18:43:35 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bSdFpfSRkuzbYTSqVwBf1q9Rq0x+HVWqOqbJ2/xel2U=; b=GFqREsYOJVBCykl5NVe6JvomorqZmsrFtuwASPTpqKiPIUOd7StlsdTMlXbGpwRcgJqmhHAspc6MRhG1aKijgs6pSaIH1FCupz88MPAcVDDVRERfd62KNyMYP0UzuAzbs1L3p66IzShfTb7nlG10XOqPyHmBqLJaDpJ4IDyU7q98XTSmdobykZlaEcrddbiNE3urAfz1w+vcgrVLCv44or4VXPgY0f9G7EUvkWxZmoWUI1l8QeMUILaXiIyaSGvz46WxN90juebgrwWULZHU0FDdD4xjEMQ89XaDUBKajkPAZCPI+M1GjK3sR39yzNibdjd+nMeu7F0EP2evGyhznw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LqAdiI0mU6SrwDCdeQtNi9OcdeBNCp00BVgkunTipNEB94VQbTOAEsaQFNK+Mx6LF33NmS9Oo3fopB1DJGSb6KpAvaTycXYyDmn8yAYB+PwyucWMbWPOwQ6emtsRz7z22G7EDP4Vk0yFS/3RB8BbuEkz5EtiUjFh0vLWbDB3kVwD2OU2xx4YaxjWLBZQb7ClzxkqO8iATXZ9ntnMluxxXc39prpZQQwyu/ka+OavtQJDhPCOhn4M30xqrUzCZT5SNCgpFEXR/jdwy5A7YyZfLHMvCGOSajK7Fgj52wT4mez1UMiiG+eb8fSG4ZZBaHT/Ki98AHuz4FXYkxmjJuqS+A==
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
  • Delivery-date: Thu, 04 Mar 2021 17:44:05 +0000
  • Ironport-sdr: NbYSviL9vSXgLauD0vjMO07HeWU6M0V35KaAqG7Tmv+LKenc27fUBUHkyLyuGeHNbN5QN/hKQP fcDZ+VYKaOxWxIOLnp5J4KDF+AnFVjXnIFj5s5d6BJq6iOj2UIh8VG73mnK2RPkK/IHe1985GF anZMgPbp4U2wTXQDtKKp714xZEZpq3hetHItvW6tkL0EMzOUesLR8z9R1OQSwXNBJSSZbSN91A 0SNGtlFNCstZU78KZpYOOVX1ExhRgNEj5rSsCa7AjkoO9aRoAJGgwP8Gn7VYrgDEtXyRbvhjnw U4A=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Mar 04, 2021 at 05:13:15PM +0000, Ian Jackson wrote:
> Roger Pau Monné writes ("Re: [PATCH v2 for-4.15] x86/msr: introduce an option 
> for HVM relaxed rdmsr behavior"):
> > On Thu, Mar 04, 2021 at 03:20:34PM +0000, Ian Jackson wrote:
> > > The guest could be stopped with xl shutdown and then recrated with xl
> > > create, from the config file.  I don't think we want to break that use
> > > case here either.
> > 
> > So my original approach was to actually risk breaking creation from
> > config file and require the user to set the rdmsr_relaxed option, and
> > report the problem upstream. I think ideally we would like to get to a
> > point where we could drop the rdmsr_relaxed option, but maybe that's
> > too optimistic.
> 
> Isn't there some way we can move in this direction without the first
> thing that users experience being their guests not being able to be
> created ?
> 
> Maybe we could print a warning on the console or something ?

I (sadly) fear unless you get a guest crash no-one will ever look at
the logs and notice those messages.

> > We have done quite a lot of testing of this new policy, but obviously
> > it's not possible to test all possible guest OSes. Forcing the new
> > policy by default might be too risky, so indeed falling back to
> > enabling this by default could be the only solution.
> > 
> > The main downside of enabling by default is that then we have to
> > resign to always having this kind of quirky behavior for MSR
> > accesses as the default.
> 
> What would stop us changing the default later, when we had a better
> idea of the set of RDMSRs that need to be special-cased ?

We could. From the Citrix side I'm afraid there's not much more
testing that we can do however. We tested the new policy against all
possible guests known by XenRT, but obviously that's not every
possible OS.

One option we could go for is making this behavior depend on Kconfig:
enable strict MSR policy for debug builds and fallback to the
'relaxed' one for non-debug builds. That might get us some more data,
but again I fear most people out there will run non-debug builds
anyway.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.