From: Jan Beulich <jbeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "Wei Liu" <wl@xen.org>, "Roger Pau Monné" <roger.pau@citrix.com>,
"Tim Deegan" <tim@xen.org>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH v3 2/9] x86/PV: properly set shadow allocation for Dom0
Date: Wed, 22 Sep 2021 15:50:25 +0200 [thread overview]
Message-ID: <8c1ab98a-8fde-3d9e-5250-c5a40af70453@suse.com> (raw)
In-Reply-To: <b2a2fd30-225b-2b79-f160-8ed2e4ad439f@citrix.com>
On 22.09.2021 15:31, Andrew Cooper wrote:
> On 21/09/2021 08:17, Jan Beulich wrote:
>> @@ -933,7 +934,18 @@ int __init dom0_construct_pv(struct doma
>> #ifdef CONFIG_SHADOW_PAGING
>> if ( opt_dom0_shadow )
>> {
>> + bool preempted;
>> +
>> printk("Switching dom0 to using shadow paging\n");
>> +
>> + nr_pt_pages = dom0_paging_pages(d, nr_pages);
>> +
>> + do {
>> + preempted = false;
>> + shadow_set_allocation(d, nr_pt_pages, &preempted);
>> + process_pending_softirqs();
>> + } while ( preempted );
>
> This is still broken.
>
> The loop setting the shadow allocation needs to be outside of this
> conditional, because it is not related to early activation of the l1tf
> tasklet.
Well, I'm not sure what to say. On v1 you already said so. But then you
didn't care to reply to me responding:
"Are you suggesting to set up a (perhaps large) shadow pool just in
case we need to enable shadow mode on Dom0? And all of this memory
to then remain unused in the majority of cases?
Plus even if so, I'd view this as a 2nd, independent step, largely
orthogonal to the handling of "dom0=shadow". If somebody really
wanted that, I think this should be driven by an explicit setting
of the shadow pool size, indicating the admin is willing to waste
the memory.
I'm further puzzled by "not to retain upstream's security
vulnerability" - are you saying upstream is vulnerable in some way,
while perhaps you (XenServer) are not? In general I don't think I
view downstream decisions as a driving factor for what upstream
does, when the result is deliberately different behavior from
upstream."
Which has left me with no justification to make the change you're
requesting. I've now got an ack by Tim and an R-b by Roger. I also
view the change as is being an improvement on its own (i.e. I
question you saying "This is still broken."), even if (later) we
were to follow what you request. For this reason I'll give it a day
or two for you to reply, but otherwise I'll commit the patch as is,
leaving further adjustments for a future change (by you, me, or
anyone else).
Jan
next prev parent reply other threads:[~2021-09-22 13:50 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-21 7:15 [PATCH v3 0/9] x86/PVH: Dom0 building adjustments Jan Beulich
2021-09-21 7:16 ` [PATCH v3 1/9] x86/PVH: improve Dom0 memory size calculation Jan Beulich
2021-09-22 11:59 ` Roger Pau Monné
2021-09-29 10:53 ` Jan Beulich
2021-09-21 7:17 ` [PATCH v3 2/9] x86/PV: properly set shadow allocation for Dom0 Jan Beulich
2021-09-22 13:01 ` Roger Pau Monné
2021-09-22 13:31 ` Andrew Cooper
2021-09-22 13:50 ` Jan Beulich [this message]
2021-09-22 14:25 ` Roger Pau Monné
2021-09-22 14:28 ` Jan Beulich
2021-09-21 7:17 ` [PATCH v3 3/9] x86/PVH: permit more physdevop-s to be used by Dom0 Jan Beulich
2021-09-22 14:22 ` Roger Pau Monné
2021-09-24 12:18 ` Jan Beulich
2021-09-21 7:18 ` [PATCH v3 4/9] x86/PVH: provide VGA console info to Dom0 Jan Beulich
2021-09-22 15:01 ` Roger Pau Monné
2021-09-22 17:03 ` Andrew Cooper
2021-09-23 9:58 ` Jan Beulich
2021-09-23 9:46 ` Jan Beulich
2021-09-23 13:22 ` Roger Pau Monné
2021-09-21 7:19 ` [PATCH v3 5/9] x86/PVH: actually show Dom0's register state from debug key '0' Jan Beulich
2021-09-22 15:48 ` Roger Pau Monné
2021-09-23 10:21 ` Jan Beulich
2021-09-23 14:27 ` Roger Pau Monné
2021-09-21 7:19 ` [PATCH v3 6/9] x86/HVM: convert hvm_virtual_to_linear_addr() to be remote-capable Jan Beulich
2021-09-23 8:09 ` Roger Pau Monné
2021-09-23 10:34 ` Jan Beulich
2021-09-23 14:28 ` Roger Pau Monné
2021-09-21 7:20 ` [PATCH v3 7/9] x86/PVH: actually show Dom0's stacks from debug key '0' Jan Beulich
2021-09-23 10:31 ` Roger Pau Monné
2021-09-23 10:38 ` Roger Pau Monné
2021-09-23 10:47 ` Jan Beulich
2021-09-23 14:43 ` Roger Pau Monné
2021-09-21 7:20 ` [PATCH v3 8/9] x86/HVM: skip offline vCPU-s when dumping VMCBs/VMCSes Jan Beulich
2021-09-23 8:23 ` Roger Pau Monné
2021-09-23 11:27 ` Jan Beulich
2021-09-23 14:46 ` Roger Pau Monné
2021-09-21 7:21 ` [PATCH v3 9/9] x86/P2M: relax permissions of PVH Dom0's MMIO entries Jan Beulich
2021-09-23 11:10 ` Roger Pau Monné
2021-09-23 11:32 ` Jan Beulich
2021-09-23 11:54 ` Roger Pau Monné
2021-09-23 12:15 ` Jan Beulich
2021-09-23 15:15 ` Roger Pau Monné
2021-09-23 15:22 ` Jan Beulich
2021-09-23 15:32 ` Roger Pau Monné
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8c1ab98a-8fde-3d9e-5250-c5a40af70453@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=roger.pau@citrix.com \
--cc=tim@xen.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.