From: "Jan Beulich" <JBeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Tim Deegan <tim@xen.org>, Ian Jackson <Ian.Jackson@eu.citrix.com>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 10/10] x86/cpuid: Always enable faulting for the control domain
Date: Mon, 13 Mar 2017 05:48:44 -0600 [thread overview]
Message-ID: <58C6952C020000780014275A@prv-mh.provo.novell.com> (raw)
In-Reply-To: <36a14754-8a7e-854b-bad2-614f9eee3ca0@citrix.com>
>>> On 10.03.17 at 18:10, <andrew.cooper3@citrix.com> wrote:
> On 28/02/17 09:31, Jan Beulich wrote:
>>>>> On 27.02.17 at 16:10, <andrew.cooper3@citrix.com> wrote:
>>> On 22/02/17 10:10, Jan Beulich wrote:
>>>>>>> On 22.02.17 at 11:00, <andrew.cooper3@citrix.com> wrote:
>>>>> On 22/02/17 09:23, Jan Beulich wrote:
>>>>>>>>> On 20.02.17 at 12:00, <andrew.cooper3@citrix.com> wrote:
>>>>>>> The domain builder in libxc no longer depends on leaked CPUID information to
>>>>>>> properly construct HVM domains. Remove the control domain exclusion.
>>>>>> Am I missing some intermediate step? As long as there's a raw
>>>>>> CPUID invocation in xc_cpuid_x86.c (which is still there in staging
>>>>>> and I don't recall this series removing it) it at least _feels_ unsafe.
>>>>> Strictly speaking, the domain builder part of this was completed after
>>>>> my xsave adjustments. All the guest-type-dependent information now
>>>>> comes from non-cpuid sources in libxc, or Xen ignores the toolstack
>>>>> values and recalculates information itself.
>>>>>
>>>>> However, until the Intel leaves were complete, dom0 had a hard time
>>>>> booting with this change as there were no toolstack-provided policy and
>>>>> no leakage from hardware.
>>>> So what are the CPUID uses in libxc then needed for at this point?
>>>> Could they be removed in a prereq patch to make clear all needed
>>>> information is now being obtained via hypercalls?
>>> I'd prefer to defer that work. The next chunk of CPUID work is going to
>>> be redesigning and reimplementing the hypervisor/libxc interface, and
>>> all cpuid() calls in libxc will fall out there, but its not a trivial
>>> set of changes to make.
>> With that, could you live with deferring the patch here until then?
>
> We currently have a lot of dom0 implicit dependencies on leaked CPUID
> state into PV dom0.
>
> With this series, I believe I have identified all leaked dependencies,
> and I really want to prevent is introducing any new implicit dependences
> accidentally.
I can certainly understand this, but the state libxc code is in then
makes this a rather implicit thing, instead of being fully explicit. I
think I'd like to have another (tools or REST) maintainer voice a 3rd
opinion. Extending Cc list ...
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-03-13 11:48 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-20 11:00 [PATCH 00/10] x86/cpuid: Remove the legacy infrastructure Andrew Cooper
2017-02-20 11:00 ` [PATCH 01/10] x86/cpuid: Disallow policy updates once the domain is running Andrew Cooper
2017-02-21 16:37 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 02/10] x86/gen-cpuid: Clarify the intended meaning of AVX wrt feature dependencies Andrew Cooper
2017-02-21 16:40 ` Jan Beulich
2017-02-21 16:41 ` Andrew Cooper
2017-02-21 16:47 ` Jan Beulich
2017-02-21 16:53 ` Andrew Cooper
2017-02-21 17:07 ` Jan Beulich
2017-02-21 17:12 ` Andrew Cooper
2017-02-21 17:17 ` Jan Beulich
2017-02-21 17:42 ` Andrew Cooper
2017-02-22 7:13 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 03/10] x86/cpuid: Handle leaf 0x1 in guest_cpuid() Andrew Cooper
2017-02-21 16:59 ` Jan Beulich
2017-02-21 17:13 ` Andrew Cooper
2017-02-21 17:20 ` Jan Beulich
2017-02-21 17:29 ` Andrew Cooper
2017-02-22 7:16 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 04/10] x86/cpuid: Handle leaf 0x4 " Andrew Cooper
2017-02-21 17:16 ` Jan Beulich
2017-02-21 17:35 ` Andrew Cooper
2017-02-22 7:23 ` Jan Beulich
2017-02-22 7:55 ` Andrew Cooper
2017-03-10 16:27 ` [PATCH v2 " Andrew Cooper
2017-03-13 12:03 ` Jan Beulich
2017-03-13 12:51 ` Andrew Cooper
2017-03-13 13:05 ` Jan Beulich
2017-03-13 13:24 ` Andrew Cooper
2017-03-13 13:36 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 05/10] x86/cpuid: Handle leaf 0x5 " Andrew Cooper
2017-02-21 17:22 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 06/10] x86/cpuid: Handle leaf 0x6 " Andrew Cooper
2017-02-21 17:25 ` Jan Beulich
2017-02-21 17:40 ` Andrew Cooper
2017-02-21 17:44 ` Andrew Cooper
2017-02-22 7:31 ` Jan Beulich
2017-02-22 8:23 ` Andrew Cooper
2017-02-22 9:12 ` Andrew Cooper
2017-02-22 9:26 ` Jan Beulich
2017-02-27 14:30 ` Andrew Cooper
2017-03-10 16:32 ` [PATCH v2 " Andrew Cooper
2017-03-13 12:04 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 07/10] x86/cpuid: Handle leaf 0xa " Andrew Cooper
2017-02-22 9:11 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 08/10] x86/cpuid: Handle leaf 0xb " Andrew Cooper
2017-02-22 9:16 ` Jan Beulich
2017-02-22 10:22 ` Andrew Cooper
2017-02-22 10:37 ` Jan Beulich
2017-02-27 15:05 ` Andrew Cooper
2017-03-10 16:44 ` [PATCH v2 " Andrew Cooper
2017-03-13 12:13 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 09/10] x86/cpuid: Drop legacy CPUID infrastructure Andrew Cooper
2017-02-22 9:19 ` Jan Beulich
2017-02-20 11:00 ` [PATCH 10/10] x86/cpuid: Always enable faulting for the control domain Andrew Cooper
2017-02-22 9:23 ` Jan Beulich
2017-02-22 10:00 ` Andrew Cooper
2017-02-22 10:10 ` Jan Beulich
2017-02-27 15:10 ` Andrew Cooper
2017-02-28 9:31 ` Jan Beulich
2017-03-10 17:10 ` Andrew Cooper
2017-03-13 11:48 ` Jan Beulich [this message]
2017-03-14 15:06 ` Wei Liu
2017-03-14 15:13 ` Jan Beulich
2017-03-14 16:05 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58C6952C020000780014275A@prv-mh.provo.novell.com \
--to=jbeulich@suse.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.