[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CRITICAL for 4.18] Re: [PATCH v5 00/10] runstate/time area registration by (guest) physical address

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, henry.wang@xxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 5 Oct 2023 23:40:00 +0100
Cc: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
Delivery-date: Thu, 05 Oct 2023 22:40:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Andrew,

On 05/10/2023 19:58, Andrew Cooper wrote:

I see this series has been committed.  But it's broken in a really
fundamental way.

Thanks for pointing out. But I'd like to understand how I come to onlyhear about those concerns on the series after committing. Did I miss anythread? Even if this series has been pending for over 6 months, shouldhave I waited longer before committing?

Furthermore, Jan pointed out that this series was discussed recentlyduring the x86 meeting. Did you raise any concern during the call andthey were not carried on the ML?

This is a new extension with persistent side effects to an existing part
of the guest ABI.

Yet there doesn't appear to be any enumeration that the interface is
available to begin with.  Requiring the guest to probe subops, and
having no way to disable it on a per-domain basis is unacceptable, and
has exploded on us more times than I care to count in security fixes
alone, and that doesn't even cover the issues Amazon have reported over
the years.

Indeed. But, AFAIR, all those patches got stuck because of divergingopinions between you and you. Can we finally come to an agreement on howto disable/expose a new hypercall/feature so we can move on?


Henry: Blocker for 4.18.   The absolutely bare minimum necessary to
avoid reversion is some kind of positive enumeration that the two new
hypercalls are available.

So to clarify, you would like both an interface for the guest and thetoolstack for 4.18. Is this correct?


Otherwise I will be #if 0'ing out the new hypercalls before this ABI
mistake gets set in stone.


If this were x86-only it would need to be a CPUID flag, but it will need

to be something arch-agnostic in this case.

I think we can add two new flags in XENVER_get_features to indicate tothe guest that the feature is supported. What do you think?

The series should not have
come without a proper per-domain control and toolstack integration,

I think this requirement should be written down in a document we can usefor future reference and not expect people to remember what may havebeen said on the ML for previous hypercall addition.


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [CRITICAL for 4.18] Re: [PATCH v5 00/10] runstate/time area registration by (guest) physical address
  - From: Julien Grall

References:
- [PATCH v5 00/10] runstate/time area registration by (guest) physical address
  - From: Roger Pau Monne
- [CRITICAL for 4.18] Re: [PATCH v5 00/10] runstate/time area registration by (guest) physical address
  - From: Andrew Cooper

Prev by Date: Re: SAF-x-safe rename
Next by Date: Re: [CRITICAL for 4.18] Re: [PATCH v5 00/10] runstate/time area registration by (guest) physical address
Previous by thread: [CRITICAL for 4.18] Re: [PATCH v5 00/10] runstate/time area registration by (guest) physical address
Next by thread: Re: [CRITICAL for 4.18] Re: [PATCH v5 00/10] runstate/time area registration by (guest) physical address
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.