From: "Jan Beulich" <JBeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Lan Tianyu <tianyu.lan@intel.com>,
Sergey Dyasli <sergey.dyasli@citrix.com>,
Kevin Tian <kevin.tian@intel.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>, Juergen Gross <jgross@suse.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
TimDeegan <tim@xen.org>, Anshul Makkar <anshul.makkar@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Xen-devel <xen-devel@lists.xen.org>,
Euan Harris <euan.harris@citrix.com>,
Joao Martins <joao.m.martins@oracle.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Paul C Lai <paul.c.lai@intel.com>
Subject: Re: DESIGN: CPUID part 3
Date: Thu, 08 Jun 2017 07:47:11 -0600 [thread overview]
Message-ID: <5939717F0200007800160DF0@prv-mh.provo.novell.com> (raw)
In-Reply-To: <1496927527-6218-1-git-send-email-andrew.cooper3@citrix.com>
>>> On 08.06.17 at 15:12, <andrew.cooper3@citrix.com> wrote:
> # Proposal
>
> First and foremost, split the current **max\_policy** notion into separate
> **max** and **default** policies. This allows for the provision of features
> which are unused by default, but may be opted in to, both at the hypervisor
> level and the toolstack level.
>
> At the hypervisor level, **max** constitutes all the features Xen can use on
> the current hardware, while **default** is the subset thereof which are
> supported features, the features which the user has explicitly opted in to,
> and excluding any features the user has explicitly opted out of.
>
> A new `cpuid=` command line option shall be introduced, whose internals are
> generated automatically from the featureset ABI. This means that all features
> added to `include/public/arch-x86/cpufeatureset.h` automatically gain command
> line control. (RFC: The same top level option can probably be used for
> non-feature CPUID data control, although I can't currently think of any cases
> where this would be used Also find a sensible way to express 'available but
> not to be used by Xen', as per the current `smep` and `smap` options.)
Especially for disabling individual features I'm not sure "cpuid=" is
an appropriate name. After all CPUID is only a manifestation of
behavior elsewhere, and hence we don't really want CPUID
behavior be controlled, but behavior which CPUID output reflects.
I can't, however, think of an alternative name I would consider
more suitable.
> At the guest level, **max** constitutes all the features which can be offered
> to each type of guest on this hardware. Derived from Xen's **default**
> policy, it includes the supported features and explicitly opted in to
> features, which are appropriate for the guest.
There's no provision here at all for features which hardware doesn't
offer, but which we can emulate in a reasonable way (UMIP being
the example I'd be thinking of right away). While perhaps this could
be viewed to be covered by "explicitly opted in to features", I think
it would be nice to make this explicit.
> The guests **default** policy is then derived from its **max**, and includes
> the supported features which are considered migration safe. (RFC: This
> distinction is rather fuzzy, but for example it wouldn't include things like
> ITSC by default, as that is likely to go wrong unless special care is
> taken.)
As per above I think the delta between max and default is larger
than just migration-unsafe pieces. Iirc for UMIP we would mean to
have it off by default at least in the case where emulation incurs
side effects.
> The `disable_migrate` field shall be dropped. The concept of migrateability
> is not boolean; it is a large spectrum, all of which needs to be managed by
> the toolstack. The simple case is picking the common subset of features
> between the source and destination. This becomes more complicated e.g. if the
> guest uses LBR/LER, at which point the toolstack needs to consider hardware
> with the same LBR/LER format in addition to just the plain features.
Not sure about this - by intercepting the MSR accesses to the involved
MSRs, it would be possible to mimic the LBR/LER format expected by
the guest even if different from that of the host.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-06-08 13:47 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-08 13:12 DESIGN: CPUID part 3 Andrew Cooper
2017-06-08 13:47 ` Jan Beulich [this message]
2017-06-12 13:07 ` Andrew Cooper
2017-06-12 13:29 ` Jan Beulich
2017-06-12 13:36 ` Andrew Cooper
2017-06-12 13:42 ` Jan Beulich
2017-06-12 14:02 ` Andrew Cooper
2017-06-12 14:18 ` Jan Beulich
2017-06-09 12:24 ` Anshul Makkar
2017-06-12 13:21 ` Andrew Cooper
2017-07-04 14:55 ` DESIGN v2: " Andrew Cooper
2017-07-05 9:46 ` Joao Martins
2017-07-05 10:32 ` Joao Martins
2017-07-05 11:16 ` Andrew Cooper
2017-07-05 13:22 ` Joao Martins
2017-07-31 19:49 ` Konrad Rzeszutek Wilk
2017-08-01 18:34 ` Andrew Cooper
2017-08-02 10:34 ` Joao Martins
2017-08-03 2:55 ` Dario Faggioli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5939717F0200007800160DF0@prv-mh.provo.novell.com \
--to=jbeulich@suse.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=anshul.makkar@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=euan.harris@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jgross@suse.com \
--cc=joao.m.martins@oracle.com \
--cc=kevin.tian@intel.com \
--cc=paul.c.lai@intel.com \
--cc=sergey.dyasli@citrix.com \
--cc=sstabellini@kernel.org \
--cc=tianyu.lan@intel.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).