Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Tue, Mar 13, 2018 at 02:23:15PM +, Roger Pau Monné wrote:
> On Mon, Mar 05, 2018 at 11:36:58AM +, Ian Jackson wrote:
> > Roger Pau Monne writes ("[PATCH] xl: remove apic option for PVH guests"):
> > > XSA-256 forces the local APIC to always be enabled for PVH guests, so
> > > ignore any apic option for PVH guests. Update the documentation
> > > accordingly.
> > ...
> > > diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
> > > index f6842540ca..8b999825d2 100644
> > > --- a/tools/xl/xl_parse.c
> > > +++ b/tools/xl/xl_parse.c
> > > @@ -1208,7 +1208,6 @@ void parse_config_data(const char *config_source,
> > > }
> > >
> > > xlu_cfg_get_defbool(config, "nestedhvm", &b_info->nested_hvm, 0);
> > > -xlu_cfg_get_defbool(config, "apic", &b_info->apic, 0);
> >
> > Is this hunk not in a path also used by HVM ?
>
> Yes, this hunk is moved to a HVM-specific section a little bit below:
>
> @@ -1243,6 +1242,7 @@ void parse_config_data(const char *config_source,
> xlu_cfg_get_defbool(config, "nx", &b_info->u.hvm.nx, 0);
> xlu_cfg_get_defbool(config, "hpet", &b_info->u.hvm.hpet, 0);
> xlu_cfg_get_defbool(config, "vpt_align", &b_info->u.hvm.vpt_align,
> 0);
> +xlu_cfg_get_defbool(config, "apic", &b_info->apic, 0);
>
> switch (xlu_cfg_get_list(config, "viridian",
> &viridian, &num_viridian, 1))
>
> So it's only set for HVM, which AFAICT should be fine.
>
I tried to apply this patch to staging but it failed.
Wei.
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Mon, Mar 05, 2018 at 11:36:58AM +, Ian Jackson wrote:
> Roger Pau Monne writes ("[PATCH] xl: remove apic option for PVH guests"):
> > XSA-256 forces the local APIC to always be enabled for PVH guests, so
> > ignore any apic option for PVH guests. Update the documentation
> > accordingly.
> ...
> > diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
> > index f6842540ca..8b999825d2 100644
> > --- a/tools/xl/xl_parse.c
> > +++ b/tools/xl/xl_parse.c
> > @@ -1208,7 +1208,6 @@ void parse_config_data(const char *config_source,
> > }
> >
> > xlu_cfg_get_defbool(config, "nestedhvm", &b_info->nested_hvm, 0);
> > -xlu_cfg_get_defbool(config, "apic", &b_info->apic, 0);
>
> Is this hunk not in a path also used by HVM ?
Yes, this hunk is moved to a HVM-specific section a little bit below:
@@ -1243,6 +1242,7 @@ void parse_config_data(const char *config_source,
xlu_cfg_get_defbool(config, "nx", &b_info->u.hvm.nx, 0);
xlu_cfg_get_defbool(config, "hpet", &b_info->u.hvm.hpet, 0);
xlu_cfg_get_defbool(config, "vpt_align", &b_info->u.hvm.vpt_align, 0);
+xlu_cfg_get_defbool(config, "apic", &b_info->apic, 0);
switch (xlu_cfg_get_list(config, "viridian",
&viridian, &num_viridian, 1))
So it's only set for HVM, which AFAICT should be fine.
Roger.
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Tue, Mar 13, 2018 at 10:31:20AM +, Roger Pau Monné wrote: > On Mon, Mar 05, 2018 at 08:43:48AM -0600, Doug Goldstein wrote: > > On 3/2/18 5:29 AM, Jan Beulich wrote: > > On 02.03.18 at 12:09, wrote: > > >> On Thu, Mar 01, 2018 at 05:01:55PM +, Roger Pau Monné wrote: > > >>> On Thu, Mar 01, 2018 at 04:01:23PM +, Wei Liu wrote: > > On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: > > > On 01/03/18 12:22, Wei Liu wrote: > > >> On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: > > >>> XSA-256 forces the local APIC to always be enabled for PVH guests, > > >>> so > > >>> ignore any apic option for PVH guests. Update the documentation > > >>> accordingly. > > >> I think how I will approach this is to dictate that PVH always has > > >> LAPIC > > >> in our in-tree document, then use that as the justification for this > > >> change. That's the consensus from 2 years ago, right? > > >> > > >> Or we're just working around the limitation in our code base, and > > >> users > > >> may demand a no-LAPIC PVH guest just because... > > > > > > Currently, Xen enforces that HVM guests have an LAPIC. This is > > > because > > > making the non-LAPIC case function correctly/safely devolved into a > > > massive rats nest and I stopped trying to fix it after 2 days of > > > trying. > > > > > > At the moment, it would be wise to discuss whether the non-LAPIC case > > > is > > > actually sensible. I personally see no value in keeping it. > > > > > > > +1 > > > > > If someone can come up with a convincing usecase for keeping it, then > > > ok, but the barrier for this is increasing all the time, especially > > > now > > > that hardware acceleration and posted interrupts means that a > > > pipeline-virtualised APIC is faster and more efficient than any of our > > > event channel mechanisms. > > > > +1 > > >>> > > >>> I've looked at the in-tree pvh document and it just refers to the local > > >>> APIC in this sentence: > > >>> > > >>> "AP startup can be performed using hypercalls or the local APIC if > > >>> present." > > >>> > > >>> I guess the trailing "if present" could be removed, but it's not > > >>> colliding with this patch. > > >>> > > >>> I'm happy with rebasing this patch and applying the above change, is > > >>> there any other document that should be changed? > > >> > > >> Can we make it more explicit. Like > > >> > > >> VCPUs for PVH must have local APIC and it can't be disabled. > > >> > > >> ? > > > > > > To be honest I liker Roger's suggestion better. And yet better > > > would imo be if we left that sentence alone, unless we really mean > > > to close that road for anyone wanting to take on making APIC- > > > less guests work securely. > > > > > > Jan > > > > I believe that's exactly what Andrew proposed in > > https://lists.xenproject.org/archives/html/xen-devel/2018-03/msg00089.html > > removing the wording doesn't exclude someone from adding it later but it > > does make it clear that its not available today. > > I'm kind of lost regarding whether we reached consensus or not. Is the > current patch suitable, or should I change some of the wording? I'm fine with the wording of the doc for now. Ian had a question on HVM path that is yet to be answered. Wei. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Mon, Mar 05, 2018 at 08:43:48AM -0600, Doug Goldstein wrote: > On 3/2/18 5:29 AM, Jan Beulich wrote: > On 02.03.18 at 12:09, wrote: > >> On Thu, Mar 01, 2018 at 05:01:55PM +, Roger Pau Monné wrote: > >>> On Thu, Mar 01, 2018 at 04:01:23PM +, Wei Liu wrote: > On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: > > On 01/03/18 12:22, Wei Liu wrote: > >> On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: > >>> XSA-256 forces the local APIC to always be enabled for PVH guests, so > >>> ignore any apic option for PVH guests. Update the documentation > >>> accordingly. > >> I think how I will approach this is to dictate that PVH always has > >> LAPIC > >> in our in-tree document, then use that as the justification for this > >> change. That's the consensus from 2 years ago, right? > >> > >> Or we're just working around the limitation in our code base, and users > >> may demand a no-LAPIC PVH guest just because... > > > > Currently, Xen enforces that HVM guests have an LAPIC. This is because > > making the non-LAPIC case function correctly/safely devolved into a > > massive rats nest and I stopped trying to fix it after 2 days of trying. > > > > At the moment, it would be wise to discuss whether the non-LAPIC case is > > actually sensible. I personally see no value in keeping it. > > > > +1 > > > If someone can come up with a convincing usecase for keeping it, then > > ok, but the barrier for this is increasing all the time, especially now > > that hardware acceleration and posted interrupts means that a > > pipeline-virtualised APIC is faster and more efficient than any of our > > event channel mechanisms. > > +1 > >>> > >>> I've looked at the in-tree pvh document and it just refers to the local > >>> APIC in this sentence: > >>> > >>> "AP startup can be performed using hypercalls or the local APIC if > >>> present." > >>> > >>> I guess the trailing "if present" could be removed, but it's not > >>> colliding with this patch. > >>> > >>> I'm happy with rebasing this patch and applying the above change, is > >>> there any other document that should be changed? > >> > >> Can we make it more explicit. Like > >> > >> VCPUs for PVH must have local APIC and it can't be disabled. > >> > >> ? > > > > To be honest I liker Roger's suggestion better. And yet better > > would imo be if we left that sentence alone, unless we really mean > > to close that road for anyone wanting to take on making APIC- > > less guests work securely. > > > > Jan > > I believe that's exactly what Andrew proposed in > https://lists.xenproject.org/archives/html/xen-devel/2018-03/msg00089.html > removing the wording doesn't exclude someone from adding it later but it > does make it clear that its not available today. I'm kind of lost regarding whether we reached consensus or not. Is the current patch suitable, or should I change some of the wording? Thanks, Roger. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On 3/2/18 5:29 AM, Jan Beulich wrote: On 02.03.18 at 12:09, wrote: >> On Thu, Mar 01, 2018 at 05:01:55PM +, Roger Pau Monné wrote: >>> On Thu, Mar 01, 2018 at 04:01:23PM +, Wei Liu wrote: On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: > On 01/03/18 12:22, Wei Liu wrote: >> On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: >>> XSA-256 forces the local APIC to always be enabled for PVH guests, so >>> ignore any apic option for PVH guests. Update the documentation >>> accordingly. >> I think how I will approach this is to dictate that PVH always has LAPIC >> in our in-tree document, then use that as the justification for this >> change. That's the consensus from 2 years ago, right? >> >> Or we're just working around the limitation in our code base, and users >> may demand a no-LAPIC PVH guest just because... > > Currently, Xen enforces that HVM guests have an LAPIC. This is because > making the non-LAPIC case function correctly/safely devolved into a > massive rats nest and I stopped trying to fix it after 2 days of trying. > > At the moment, it would be wise to discuss whether the non-LAPIC case is > actually sensible. I personally see no value in keeping it. > +1 > If someone can come up with a convincing usecase for keeping it, then > ok, but the barrier for this is increasing all the time, especially now > that hardware acceleration and posted interrupts means that a > pipeline-virtualised APIC is faster and more efficient than any of our > event channel mechanisms. +1 >>> >>> I've looked at the in-tree pvh document and it just refers to the local >>> APIC in this sentence: >>> >>> "AP startup can be performed using hypercalls or the local APIC if present." >>> >>> I guess the trailing "if present" could be removed, but it's not >>> colliding with this patch. >>> >>> I'm happy with rebasing this patch and applying the above change, is >>> there any other document that should be changed? >> >> Can we make it more explicit. Like >> >> VCPUs for PVH must have local APIC and it can't be disabled. >> >> ? > > To be honest I liker Roger's suggestion better. And yet better > would imo be if we left that sentence alone, unless we really mean > to close that road for anyone wanting to take on making APIC- > less guests work securely. > > Jan I believe that's exactly what Andrew proposed in https://lists.xenproject.org/archives/html/xen-devel/2018-03/msg00089.html removing the wording doesn't exclude someone from adding it later but it does make it clear that its not available today. -- Doug Goldstein signature.asc Description: OpenPGP digital signature ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
Roger Pau Monne writes ("[PATCH] xl: remove apic option for PVH guests"):
> XSA-256 forces the local APIC to always be enabled for PVH guests, so
> ignore any apic option for PVH guests. Update the documentation
> accordingly.
...
> diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
> index f6842540ca..8b999825d2 100644
> --- a/tools/xl/xl_parse.c
> +++ b/tools/xl/xl_parse.c
> @@ -1208,7 +1208,6 @@ void parse_config_data(const char *config_source,
> }
>
> xlu_cfg_get_defbool(config, "nestedhvm", &b_info->nested_hvm, 0);
> -xlu_cfg_get_defbool(config, "apic", &b_info->apic, 0);
Is this hunk not in a path also used by HVM ?
Ian.
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On 02/03/18 11:09, Wei Liu wrote: > On Thu, Mar 01, 2018 at 05:01:55PM +, Roger Pau Monné wrote: >> On Thu, Mar 01, 2018 at 04:01:23PM +, Wei Liu wrote: >>> On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: On 01/03/18 12:22, Wei Liu wrote: > On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: >> XSA-256 forces the local APIC to always be enabled for PVH guests, so >> ignore any apic option for PVH guests. Update the documentation >> accordingly. > I think how I will approach this is to dictate that PVH always has LAPIC > in our in-tree document, then use that as the justification for this > change. That's the consensus from 2 years ago, right? > > Or we're just working around the limitation in our code base, and users > may demand a no-LAPIC PVH guest just because... Currently, Xen enforces that HVM guests have an LAPIC. This is because making the non-LAPIC case function correctly/safely devolved into a massive rats nest and I stopped trying to fix it after 2 days of trying. At the moment, it would be wise to discuss whether the non-LAPIC case is actually sensible. I personally see no value in keeping it. >>> +1 >>> If someone can come up with a convincing usecase for keeping it, then ok, but the barrier for this is increasing all the time, especially now that hardware acceleration and posted interrupts means that a pipeline-virtualised APIC is faster and more efficient than any of our event channel mechanisms. >>> +1 >> I've looked at the in-tree pvh document and it just refers to the local >> APIC in this sentence: >> >> "AP startup can be performed using hypercalls or the local APIC if present." >> >> I guess the trailing "if present" could be removed, but it's not >> colliding with this patch. >> >> I'm happy with rebasing this patch and applying the above change, is >> there any other document that should be changed? > Can we make it more explicit. Like > > VCPUs for PVH must have local APIC and it can't be disabled. -1 to this. When an APIC is available to the guest, there is soft disable and hard disable as part of the state model. Saying this will only confuse the matter. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
>>> On 02.03.18 at 12:09, wrote: > On Thu, Mar 01, 2018 at 05:01:55PM +, Roger Pau Monné wrote: >> On Thu, Mar 01, 2018 at 04:01:23PM +, Wei Liu wrote: >> > On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: >> > > On 01/03/18 12:22, Wei Liu wrote: >> > > > On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: >> > > >> XSA-256 forces the local APIC to always be enabled for PVH guests, so >> > > >> ignore any apic option for PVH guests. Update the documentation >> > > >> accordingly. >> > > > I think how I will approach this is to dictate that PVH always has >> > > > LAPIC >> > > > in our in-tree document, then use that as the justification for this >> > > > change. That's the consensus from 2 years ago, right? >> > > > >> > > > Or we're just working around the limitation in our code base, and users >> > > > may demand a no-LAPIC PVH guest just because... >> > > >> > > Currently, Xen enforces that HVM guests have an LAPIC. This is because >> > > making the non-LAPIC case function correctly/safely devolved into a >> > > massive rats nest and I stopped trying to fix it after 2 days of trying. >> > > >> > > At the moment, it would be wise to discuss whether the non-LAPIC case is >> > > actually sensible. I personally see no value in keeping it. >> > > >> > >> > +1 >> > >> > > If someone can come up with a convincing usecase for keeping it, then >> > > ok, but the barrier for this is increasing all the time, especially now >> > > that hardware acceleration and posted interrupts means that a >> > > pipeline-virtualised APIC is faster and more efficient than any of our >> > > event channel mechanisms. >> > >> > +1 >> >> I've looked at the in-tree pvh document and it just refers to the local >> APIC in this sentence: >> >> "AP startup can be performed using hypercalls or the local APIC if present." >> >> I guess the trailing "if present" could be removed, but it's not >> colliding with this patch. >> >> I'm happy with rebasing this patch and applying the above change, is >> there any other document that should be changed? > > Can we make it more explicit. Like > > VCPUs for PVH must have local APIC and it can't be disabled. > > ? To be honest I liker Roger's suggestion better. And yet better would imo be if we left that sentence alone, unless we really mean to close that road for anyone wanting to take on making APIC- less guests work securely. Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Thu, Mar 01, 2018 at 05:01:55PM +, Roger Pau Monné wrote: > On Thu, Mar 01, 2018 at 04:01:23PM +, Wei Liu wrote: > > On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: > > > On 01/03/18 12:22, Wei Liu wrote: > > > > On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: > > > >> XSA-256 forces the local APIC to always be enabled for PVH guests, so > > > >> ignore any apic option for PVH guests. Update the documentation > > > >> accordingly. > > > > I think how I will approach this is to dictate that PVH always has LAPIC > > > > in our in-tree document, then use that as the justification for this > > > > change. That's the consensus from 2 years ago, right? > > > > > > > > Or we're just working around the limitation in our code base, and users > > > > may demand a no-LAPIC PVH guest just because... > > > > > > Currently, Xen enforces that HVM guests have an LAPIC. This is because > > > making the non-LAPIC case function correctly/safely devolved into a > > > massive rats nest and I stopped trying to fix it after 2 days of trying. > > > > > > At the moment, it would be wise to discuss whether the non-LAPIC case is > > > actually sensible. I personally see no value in keeping it. > > > > > > > +1 > > > > > If someone can come up with a convincing usecase for keeping it, then > > > ok, but the barrier for this is increasing all the time, especially now > > > that hardware acceleration and posted interrupts means that a > > > pipeline-virtualised APIC is faster and more efficient than any of our > > > event channel mechanisms. > > > > +1 > > I've looked at the in-tree pvh document and it just refers to the local > APIC in this sentence: > > "AP startup can be performed using hypercalls or the local APIC if present." > > I guess the trailing "if present" could be removed, but it's not > colliding with this patch. > > I'm happy with rebasing this patch and applying the above change, is > there any other document that should be changed? Can we make it more explicit. Like VCPUs for PVH must have local APIC and it can't be disabled. ? (CC Jan as well) Wei. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Thu, Mar 01, 2018 at 04:01:23PM +, Wei Liu wrote: > On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: > > On 01/03/18 12:22, Wei Liu wrote: > > > On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: > > >> XSA-256 forces the local APIC to always be enabled for PVH guests, so > > >> ignore any apic option for PVH guests. Update the documentation > > >> accordingly. > > > I think how I will approach this is to dictate that PVH always has LAPIC > > > in our in-tree document, then use that as the justification for this > > > change. That's the consensus from 2 years ago, right? > > > > > > Or we're just working around the limitation in our code base, and users > > > may demand a no-LAPIC PVH guest just because... > > > > Currently, Xen enforces that HVM guests have an LAPIC. This is because > > making the non-LAPIC case function correctly/safely devolved into a > > massive rats nest and I stopped trying to fix it after 2 days of trying. > > > > At the moment, it would be wise to discuss whether the non-LAPIC case is > > actually sensible. I personally see no value in keeping it. > > > > +1 > > > If someone can come up with a convincing usecase for keeping it, then > > ok, but the barrier for this is increasing all the time, especially now > > that hardware acceleration and posted interrupts means that a > > pipeline-virtualised APIC is faster and more efficient than any of our > > event channel mechanisms. > > +1 I've looked at the in-tree pvh document and it just refers to the local APIC in this sentence: "AP startup can be performed using hypercalls or the local APIC if present." I guess the trailing "if present" could be removed, but it's not colliding with this patch. I'm happy with rebasing this patch and applying the above change, is there any other document that should be changed? Thanks, Roger. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Thu, Mar 01, 2018 at 03:57:18PM +, Andrew Cooper wrote: > On 01/03/18 12:22, Wei Liu wrote: > > On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: > >> XSA-256 forces the local APIC to always be enabled for PVH guests, so > >> ignore any apic option for PVH guests. Update the documentation > >> accordingly. > > I think how I will approach this is to dictate that PVH always has LAPIC > > in our in-tree document, then use that as the justification for this > > change. That's the consensus from 2 years ago, right? > > > > Or we're just working around the limitation in our code base, and users > > may demand a no-LAPIC PVH guest just because... > > Currently, Xen enforces that HVM guests have an LAPIC. This is because > making the non-LAPIC case function correctly/safely devolved into a > massive rats nest and I stopped trying to fix it after 2 days of trying. > > At the moment, it would be wise to discuss whether the non-LAPIC case is > actually sensible. I personally see no value in keeping it. > +1 > If someone can come up with a convincing usecase for keeping it, then > ok, but the barrier for this is increasing all the time, especially now > that hardware acceleration and posted interrupts means that a > pipeline-virtualised APIC is faster and more efficient than any of our > event channel mechanisms. +1 Wei. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On 01/03/18 12:22, Wei Liu wrote: > On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: >> XSA-256 forces the local APIC to always be enabled for PVH guests, so >> ignore any apic option for PVH guests. Update the documentation >> accordingly. > I think how I will approach this is to dictate that PVH always has LAPIC > in our in-tree document, then use that as the justification for this > change. That's the consensus from 2 years ago, right? > > Or we're just working around the limitation in our code base, and users > may demand a no-LAPIC PVH guest just because... Currently, Xen enforces that HVM guests have an LAPIC. This is because making the non-LAPIC case function correctly/safely devolved into a massive rats nest and I stopped trying to fix it after 2 days of trying. At the moment, it would be wise to discuss whether the non-LAPIC case is actually sensible. I personally see no value in keeping it. If someone can come up with a convincing usecase for keeping it, then ok, but the barrier for this is increasing all the time, especially now that hardware acceleration and posted interrupts means that a pipeline-virtualised APIC is faster and more efficient than any of our event channel mechanisms. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: > XSA-256 forces the local APIC to always be enabled for PVH guests, so > ignore any apic option for PVH guests. Update the documentation > accordingly. I think how I will approach this is to dictate that PVH always has LAPIC in our in-tree document, then use that as the justification for this change. That's the consensus from 2 years ago, right? Or we're just working around the limitation in our code base, and users may demand a no-LAPIC PVH guest just because... Wei. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xl: remove apic option for PVH guests
On Wed, Feb 28, 2018 at 10:20:53AM +, Roger Pau Monne wrote: > XSA-256 forces the local APIC to always be enabled for PVH guests, so > ignore any apic option for PVH guests. Update the documentation > accordingly. > > Signed-off-by: Roger Pau Monné > --- > Cc: Ian Jackson > Cc: Wei Liu I've wrongly based this on top of my vpci series, so it's likely not going to apply correctly on top of staging. I will wait for review before resending, so that I can also apply any comments. Thanks, Roger. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
[Xen-devel] [PATCH] xl: remove apic option for PVH guests
XSA-256 forces the local APIC to always be enabled for PVH guests, so
ignore any apic option for PVH guests. Update the documentation
accordingly.
Signed-off-by: Roger Pau Monné
---
Cc: Ian Jackson
Cc: Wei Liu
---
docs/man/xl.cfg.pod.5.in | 6 --
tools/libxl/libxl_x86.c | 6 +-
tools/xl/xl_parse.c | 2 +-
3 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/docs/man/xl.cfg.pod.5.in b/docs/man/xl.cfg.pod.5.in
index a699367779..69552f8a05 100644
--- a/docs/man/xl.cfg.pod.5.in
+++ b/docs/man/xl.cfg.pod.5.in
@@ -2353,12 +2353,6 @@ compatibility mode on more modern Windows OS).
This option is disabled by default.
-=item B
-
-Enable the local APIC emulation for the guest. The local APIC information
-will be exposed to the guest in the ACPI tables. This option is enabled by
-default.
-
=item B
Run C to find the kernel image and ramdisk to use. Normally
diff --git a/tools/libxl/libxl_x86.c b/tools/libxl/libxl_x86.c
index ad74ecc232..1e9f98961b 100644
--- a/tools/libxl/libxl_x86.c
+++ b/tools/libxl/libxl_x86.c
@@ -12,11 +12,7 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc,
xc_config->emulation_flags = (XEN_X86_EMU_ALL & ~XEN_X86_EMU_VPCI);
break;
case LIBXL_DOMAIN_TYPE_PVH:
-if (libxl_defbool_val(d_config->b_info.apic))
-/* PVH guests may want to have LAPIC emulation. */
-xc_config->emulation_flags = XEN_X86_EMU_LAPIC;
-else
-xc_config->emulation_flags = 0;
+xc_config->emulation_flags = XEN_X86_EMU_LAPIC;
break;
case LIBXL_DOMAIN_TYPE_PV:
xc_config->emulation_flags = 0;
diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
index f6842540ca..8b999825d2 100644
--- a/tools/xl/xl_parse.c
+++ b/tools/xl/xl_parse.c
@@ -1208,7 +1208,6 @@ void parse_config_data(const char *config_source,
}
xlu_cfg_get_defbool(config, "nestedhvm", &b_info->nested_hvm, 0);
-xlu_cfg_get_defbool(config, "apic", &b_info->apic, 0);
switch(b_info->type) {
case LIBXL_DOMAIN_TYPE_HVM:
@@ -1243,6 +1242,7 @@ void parse_config_data(const char *config_source,
xlu_cfg_get_defbool(config, "nx", &b_info->u.hvm.nx, 0);
xlu_cfg_get_defbool(config, "hpet", &b_info->u.hvm.hpet, 0);
xlu_cfg_get_defbool(config, "vpt_align", &b_info->u.hvm.vpt_align, 0);
+xlu_cfg_get_defbool(config, "apic", &b_info->apic, 0);
switch (xlu_cfg_get_list(config, "viridian",
&viridian, &num_viridian, 1))
--
2.16.1
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
