>>> On 02.03.18 at 12:09, <wei.l...@citrix.com> wrote:
> On Thu, Mar 01, 2018 at 05:01:55PM +0000, Roger Pau Monné wrote:
>> On Thu, Mar 01, 2018 at 04:01:23PM +0000, Wei Liu wrote:
>> > On Thu, Mar 01, 2018 at 03:57:18PM +0000, Andrew Cooper wrote:
>> > > On 01/03/18 12:22, Wei Liu wrote:
>> > > > On Wed, Feb 28, 2018 at 10:20:53AM +0000, Roger Pau Monne wrote:
>> > > >> XSA-256 forces the local APIC to always be enabled for PVH guests, so
>> > > >> ignore any apic option for PVH guests. Update the documentation
>> > > >> accordingly.
>> > > > I think how I will approach this is to dictate that PVH always has 
>> > > > LAPIC
>> > > > in our in-tree document, then use that as the justification for this
>> > > > change. That's the consensus from 2 years ago, right?
>> > > >
>> > > > Or we're just working around the limitation in our code base, and users
>> > > > may demand a no-LAPIC PVH guest just because...
>> > > 
>> > > Currently, Xen enforces that HVM guests have an LAPIC.  This is because
>> > > making the non-LAPIC case function correctly/safely devolved into a
>> > > massive rats nest and I stopped trying to fix it after 2 days of trying.
>> > > 
>> > > At the moment, it would be wise to discuss whether the non-LAPIC case is
>> > > actually sensible.  I personally see no value in keeping it.
>> > > 
>> > 
>> > +1
>> > 
>> > > If someone can come up with a convincing usecase for keeping it, then
>> > > ok, but the barrier for this is increasing all the time, especially now
>> > > that hardware acceleration and posted interrupts means that a
>> > > pipeline-virtualised APIC is faster and more efficient than any of our
>> > > event channel mechanisms.
>> > 
>> > +1
>> 
>> I've looked at the in-tree pvh document and it just refers to the local
>> APIC in this sentence:
>> 
>> "AP startup can be performed using hypercalls or the local APIC if present."
>> 
>> I guess the trailing "if present" could be removed, but it's not
>> colliding with this patch.
>> 
>> I'm happy with rebasing this patch and applying the above change, is
>> there any other document that should be changed?
> 
> Can we make it more explicit. Like
> 
>   VCPUs for PVH must have local APIC and it can't be disabled.
> 
> ?

To be honest I liker Roger's suggestion better. And yet better
would imo be if we left that sentence alone, unless we really mean
to close that road for anyone wanting to take on making APIC-
less guests work securely.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to