>>> On 23.01.18 at 18:33, wrote:
> Well at very least there should be something in the boot scrool that
> says, "Enabling Xen Pagetable protection (XPTI) for PV guests" or
> something. (That goes for the current round of XPTI as well really.)
And indeed I have this on my list of follow-up things
On 01/23/2018 04:56 PM, Juergen Gross wrote:
> On 23/01/18 17:45, George Dunlap wrote:
>> On 01/22/2018 06:39 PM, Andrew Cooper wrote:
>>> Juergen: you're now adding a LTR into the context switch path which
>>> tends to be very slow. I.e. As currently presented, this series
>>> necessarily has a h
On 23/01/18 17:45, George Dunlap wrote:
> On 01/22/2018 06:39 PM, Andrew Cooper wrote:
>> Juergen: you're now adding a LTR into the context switch path which
>> tends to be very slow. I.e. As currently presented, this series
>> necessarily has a higher runtime overhead than Jan's XPTI.
>
> So her
On 01/22/2018 06:39 PM, Andrew Cooper wrote:
> On 22/01/18 16:51, Jan Beulich wrote:
> On 22.01.18 at 16:00, wrote:
>>> On 22/01/18 15:48, Jan Beulich wrote:
>>> On 22.01.18 at 15:38, wrote:
> On 22/01/18 15:22, Jan Beulich wrote:
> On 22.01.18 at 15:18, wrote:
>>> On 22/
On 23/01/18 12:45, Andrew Cooper wrote:
> On 23/01/18 10:10, Juergen Gross wrote:
>> On 23/01/18 10:31, Jan Beulich wrote:
>> On 23.01.18 at 10:24, wrote:
On 23/01/18 09:53, Jan Beulich wrote:
On 23.01.18 at 07:34, wrote:
>> On 22/01/18 19:39, Andrew Cooper wrote:
>>> On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hey, Hi!
On Mon, 2018-01-22 at 18:39 +, Andrew Cooper wrote:
> > > > On 22.01.18 at 15:38, wrote:
> > > I'm quite sure the performance will be much better as it doesn't
> > > require
> > > per physical cpu L4 page tables, but just a shadow L4 t
On 23/01/18 10:10, Juergen Gross wrote:
> On 23/01/18 10:31, Jan Beulich wrote:
> On 23.01.18 at 10:24, wrote:
>>> On 23/01/18 09:53, Jan Beulich wrote:
>>> On 23.01.18 at 07:34, wrote:
> On 22/01/18 19:39, Andrew Cooper wrote:
>> One of my concerns is that this patch series moves
On 23/01/18 08:36, Jan Beulich wrote:
On 22.01.18 at 20:02, wrote:
>> On 22/01/18 18:48, George Dunlap wrote:
>>> On 01/22/2018 06:39 PM, Andrew Cooper wrote:
Jan: As to the things not covered by the current XPTI, hiding most of
the .text section is important to prevent fingerprinti
On 01/22/2018 07:02 PM, Andrew Cooper wrote:
> On 22/01/18 18:48, George Dunlap wrote:
>> On 01/22/2018 06:39 PM, Andrew Cooper wrote:
>>> On 22/01/18 16:51, Jan Beulich wrote:
>>> On 22.01.18 at 16:00, wrote:
> On 22/01/18 15:48, Jan Beulich wrote:
> On 22.01.18 at 15:38, wrote:
On 23/01/18 10:31, Jan Beulich wrote:
On 23.01.18 at 10:24, wrote:
>> On 23/01/18 09:53, Jan Beulich wrote:
>> On 23.01.18 at 07:34, wrote:
On 22/01/18 19:39, Andrew Cooper wrote:
> One of my concerns is that this patch series moves further away from the
> secondary goal of
On 23/01/18 09:40, Jan Beulich wrote:
On 23.01.18 at 06:50, wrote:
>> On 22/01/18 17:51, Jan Beulich wrote:
>>> But isn't that model having the same synchronization issues upon
>>> guest L4 updates which Andrew was fighting with?
>>
>> I don't think so, as the number of shadows will always on
>>> On 23.01.18 at 10:24, wrote:
> On 23/01/18 09:53, Jan Beulich wrote:
> On 23.01.18 at 07:34, wrote:
>>> On 22/01/18 19:39, Andrew Cooper wrote:
One of my concerns is that this patch series moves further away from the
secondary goal of my KAISER series, which was to have the IDT
On 23/01/18 09:53, Jan Beulich wrote:
On 23.01.18 at 07:34, wrote:
>> On 22/01/18 19:39, Andrew Cooper wrote:
>>> One of my concerns is that this patch series moves further away from the
>>> secondary goal of my KAISER series, which was to have the IDT and GDT
>>> mapped at the same linear ad
>>> On 23.01.18 at 07:34, wrote:
> On 22/01/18 19:39, Andrew Cooper wrote:
>> One of my concerns is that this patch series moves further away from the
>> secondary goal of my KAISER series, which was to have the IDT and GDT
>> mapped at the same linear addresses on every CPU so a) SIDT/SGDT don't
>>> On 23.01.18 at 06:50, wrote:
> On 22/01/18 17:51, Jan Beulich wrote:
>> But isn't that model having the same synchronization issues upon
>> guest L4 updates which Andrew was fighting with?
>
> I don't think so, as the number of shadows will always only be max. 1
> with my approach.
How can I
>>> On 22.01.18 at 20:02, wrote:
> On 22/01/18 18:48, George Dunlap wrote:
>> On 01/22/2018 06:39 PM, Andrew Cooper wrote:
>>> Jan: As to the things not covered by the current XPTI, hiding most of
>>> the .text section is important to prevent fingerprinting or ROP
>>> scanning. This is a defence-
On 23/01/18 07:34, Juergen Gross wrote:
> On 22/01/18 19:39, Andrew Cooper wrote:
>> On 22/01/18 16:51, Jan Beulich wrote:
>> On 22.01.18 at 16:00, wrote:
On 22/01/18 15:48, Jan Beulich wrote:
On 22.01.18 at 15:38, wrote:
>> On 22/01/18 15:22, Jan Beulich wrote:
>> O
On 22/01/18 22:45, Konrad Rzeszutek Wilk wrote:
> On Mon, Jan 22, 2018 at 01:32:44PM +0100, Juergen Gross wrote:
>> As a preparation for doing page table isolation in the Xen hypervisor
>> in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for
>> 64 bit PV domains mapped to the per-d
On 22/01/18 19:39, Andrew Cooper wrote:
> On 22/01/18 16:51, Jan Beulich wrote:
> On 22.01.18 at 16:00, wrote:
>>> On 22/01/18 15:48, Jan Beulich wrote:
>>> On 22.01.18 at 15:38, wrote:
> On 22/01/18 15:22, Jan Beulich wrote:
> On 22.01.18 at 15:18, wrote:
>>> On 22/01/18
On 22/01/18 17:51, Jan Beulich wrote:
On 22.01.18 at 16:00, wrote:
>> On 22/01/18 15:48, Jan Beulich wrote:
>> On 22.01.18 at 15:38, wrote:
On 22/01/18 15:22, Jan Beulich wrote:
On 22.01.18 at 15:18, wrote:
>> On 22/01/18 13:50, Jan Beulich wrote:
>> On 22.01.1
On Mon, Jan 22, 2018 at 01:32:44PM +0100, Juergen Gross wrote:
> As a preparation for doing page table isolation in the Xen hypervisor
> in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for
> 64 bit PV domains mapped to the per-domain virtual area.
>
> The per-vcpu stacks are used
On 22/01/18 18:48, George Dunlap wrote:
> On 01/22/2018 06:39 PM, Andrew Cooper wrote:
>> On 22/01/18 16:51, Jan Beulich wrote:
>> On 22.01.18 at 16:00, wrote:
On 22/01/18 15:48, Jan Beulich wrote:
On 22.01.18 at 15:38, wrote:
>> On 22/01/18 15:22, Jan Beulich wrote:
>>>
On 01/22/2018 06:39 PM, Andrew Cooper wrote:
> On 22/01/18 16:51, Jan Beulich wrote:
> On 22.01.18 at 16:00, wrote:
>>> On 22/01/18 15:48, Jan Beulich wrote:
>>> On 22.01.18 at 15:38, wrote:
> On 22/01/18 15:22, Jan Beulich wrote:
> On 22.01.18 at 15:18, wrote:
>>> On 22/
On 22/01/18 16:51, Jan Beulich wrote:
On 22.01.18 at 16:00, wrote:
>> On 22/01/18 15:48, Jan Beulich wrote:
>> On 22.01.18 at 15:38, wrote:
On 22/01/18 15:22, Jan Beulich wrote:
On 22.01.18 at 15:18, wrote:
>> On 22/01/18 13:50, Jan Beulich wrote:
>> On 22.01.1
>>> On 22.01.18 at 16:00, wrote:
> On 22/01/18 15:48, Jan Beulich wrote:
> On 22.01.18 at 15:38, wrote:
>>> On 22/01/18 15:22, Jan Beulich wrote:
>>> On 22.01.18 at 15:18, wrote:
> On 22/01/18 13:50, Jan Beulich wrote:
> On 22.01.18 at 13:32, wrote:
>>> As a preparation
On 22/01/18 15:48, Jan Beulich wrote:
On 22.01.18 at 15:38, wrote:
>> On 22/01/18 15:22, Jan Beulich wrote:
>> On 22.01.18 at 15:18, wrote:
On 22/01/18 13:50, Jan Beulich wrote:
On 22.01.18 at 13:32, wrote:
>> As a preparation for doing page table isolation in the Xen
>>> On 22.01.18 at 15:38, wrote:
> On 22/01/18 15:22, Jan Beulich wrote:
> On 22.01.18 at 15:18, wrote:
>>> On 22/01/18 13:50, Jan Beulich wrote:
>>> On 22.01.18 at 13:32, wrote:
> As a preparation for doing page table isolation in the Xen hypervisor
> in order to mitigate "Meltd
On 22/01/18 15:22, Jan Beulich wrote:
On 22.01.18 at 15:18, wrote:
>> On 22/01/18 13:50, Jan Beulich wrote:
>> On 22.01.18 at 13:32, wrote:
As a preparation for doing page table isolation in the Xen hypervisor
in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS fo
>>> On 22.01.18 at 15:18, wrote:
> On 22/01/18 13:50, Jan Beulich wrote:
> On 22.01.18 at 13:32, wrote:
>>> As a preparation for doing page table isolation in the Xen hypervisor
>>> in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for
>>> 64 bit PV domains mapped to the per-d
On 22/01/18 13:50, Jan Beulich wrote:
On 22.01.18 at 13:32, wrote:
>> As a preparation for doing page table isolation in the Xen hypervisor
>> in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for
>> 64 bit PV domains mapped to the per-domain virtual area.
>>
>> The per-vcpu s
>>> On 22.01.18 at 13:32, wrote:
> As a preparation for doing page table isolation in the Xen hypervisor
> in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for
> 64 bit PV domains mapped to the per-domain virtual area.
>
> The per-vcpu stacks are used for early interrupt handling
As a preparation for doing page table isolation in the Xen hypervisor
in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for
64 bit PV domains mapped to the per-domain virtual area.
The per-vcpu stacks are used for early interrupt handling only. After
saving the domain's registers s
32 matches
Mail list logo
