[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] x86/PVH: restore VMX APIC assist for Dom0

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 27 Sep 2022 15:29:48 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uMXi0bGHAb5W7L4hm1OHdo6mSZbqBsXexQEA570BK+8=; b=bayZzdYg9n6K0PzV/dp50eLXMEk7EdutD2ekldYou/pbQ4glWpTF8nZuK/VndHDNJvqFo9uHX88uy85XmL+6LxNM1Qtl8M9hg5mSOfzJ5rtaHaGdlsql+UlyQbCy33Y5lXdgjhVc6Deh+mrAI0j0UjD6EKpojC1WG9mRYLg2bVRsCYWxeh5vMxcjtLnKcsu1pTpfokk9i/+nlhynMRbVgu6VlCcAh/Nw4j6HVbQMPSNk24K2ISojo8R3KpQTiV5fjAsV0YtSOZaKSrzQZ26t2Z9HYj+uVl/+c12+QmAX0o3mESe2L8bHCSC7uVn6sHg9d7wGYNFIV895Fa2m1NM9BA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TRYzW2xIQeoOI35tQ6kOFViTmewqJuzWs0xqyHa7ocL9qRnnE1yajfGiYDEvO2FYHzw8gi8z3wqEHuDB4xsDD9BzvQnuK3xBSBOzTrvhBd/IUYmDGWskovh/a9yKx37BYAx+tvplPqqU1K4Xmx9+ZE/wzlebYoRAoba2qJQZehZGiz3SB0R08SgSVIfGPDZTIUMfi+P9VYSDAKOzspjAEmARDybexN1HheHR1TbhyfyhL2ANreDXjZSyiPMLAD/Oh0NkOKvJm50Y+EX93uIILDkAJupG20tGOo+iSpNpmBA1K5iLnEwztjjuQMm+hrkWYQ7yBl96eA29oufUbAAcxw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen Security <security@xxxxxxx>
  • Delivery-date: Tue, 27 Sep 2022 15:30:08 +0000
  • Ironport-data: A9a23:QPDup6q5lAr5EA+ijGib/jfN3k9eBmIoZBIvgKrLsJaIsI4StFCzt garIBnQPv/ZMTfxeNB1aoy29U0HvZTcmoU2HgRvpSE0F3tGpZuZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYGYpLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+55wehBtC5gZkPaER4weE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5mx ewVOm8rRUC/pN2zz4qhadFOl8goI5y+VG8fkikIITDxK98DGMqGaYOaoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OkUooj+eF3Nn9I7RmQe18mEqCq 32A1GP+GhwAb/SUyCaf82LqjejK9c/+cNJLTeXnpqA36LGV7kIVDEwpXlu2mtnniEemfc9gb HJL8yV7+MDe82TuFLERRSaQonSJoxodUNp4CPAh5UeGza+8yxaUAC0IQyBMbPQitdQqXno62 1mRhdTrCDdz9rqPRhq16bO8vT60fy8PIgcqfiIPUBEE/8jLsIw1yBXVQb5e/LWdi9T0HXT6x WCMpS1n3bEL15dUiOO84EzNhC+qqt7RVAkp6w7LX2WjqARkeIqiYI/u4l/ehRpdELukopC6l CBss6CjAComVvlhSATlrD0xIYyU
  • Ironport-hdrordr: A9a23:iYVGa60WamEiWUEJW/WH9QqjBRFyeYIsimQD101hICG9Lfb0qy n+pp4mPEHP4wr5AEtQ4uxpOMG7MBDhHQYc2/hdAV7QZnidhILOFvAv0WKC+UyrJ8SazIJgPM hbAs9D4bHLbGSSyPyKmDVQcOxQj+VvkprY49s2pk0FJW4FV0gj1XYBNu/xKDwVeOAyP+tcKH Pq3Lsjm9PPQxQqR/X+IkNAc/nIptXNmp6jSwUBHQQb5A6Hii7twKLmEjCDty1uEg9n8PMHyy zoggb57qKsv7WQ0RnHzVLe6JxQhZ/I1sZDPsqRkcIYQw+cyjpAJb4RGIFqjgpF5d1H22xa1O UkZC1QePib3kmhPF1dZyGdnTUIngxeskMKgmXo/EcL6faJOA7STfAxy76xOyGplXbJ9rtHod 129nPcuJxNARzamiPho9DOShFxj0Kx5WEviOgJkhVkIMIjgZJq3PsiFXluYeE9NTO/7JpiHP hlDcna6voTeVSGb2rBtm0qxNC3RHw8EhqPX0BH46WuonNrtWE8y1FdyN0Un38G+p54Q55Y5/ 7cOqAtkL1VVMcZYa90Ge9ES8qqDW7GRw7KLQupUBzaPbBCP2iIp4/84b0z6u3vcJsUzIEqkJ CES19cvX5aQTObNSRP5uw/zvngehTPYd228LAu23FQgMyNeJP7dSueVVspj8ys5/0CH8yzYY fABK5r
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHY0Y6R2RqP3BeGlUSjwNPrepH9Hq3zWOSAgAABmwCAAA5YAA==
  • Thread-topic: [PATCH v2] x86/PVH: restore VMX APIC assist for Dom0
On 27/09/2022 15:38, Jan Beulich wrote:
> On 27.09.2022 16:32, Roger Pau Monné wrote:
>> On Mon, Sep 26, 2022 at 11:58:34AM +0200, Jan Beulich wrote:
>>> I don't expect it was intended to default PVH Dom0 to "no assist" mode.
>>> Introduce command line (sub-)options allowing to suppress enabling of
>>> the assists, paralleling the guest config settings for DomU, but restore
>>> the defaulting to "enabled".
>>>
>>> Fixes: 2ce11ce249a3 ("x86/HVM: allow per-domain usage of hardware 
>>> virtualized APIC")
>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

NACK.

You're both on the security team - stop churning code you know perfectly
well is in flux.

This patch goes nowhere until the issues are resolved, and the ABI is
unbroken.  Then and only then *might* there need to be an adjustment for
dom0.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.