On 3/2/18 5:29 AM, Jan Beulich wrote:
>>>> On 02.03.18 at 12:09, <wei.l...@citrix.com> wrote:
>> On Thu, Mar 01, 2018 at 05:01:55PM +0000, Roger Pau Monné wrote:
>>> On Thu, Mar 01, 2018 at 04:01:23PM +0000, Wei Liu wrote:
>>>> On Thu, Mar 01, 2018 at 03:57:18PM +0000, Andrew Cooper wrote:
>>>>> On 01/03/18 12:22, Wei Liu wrote:
>>>>>> On Wed, Feb 28, 2018 at 10:20:53AM +0000, Roger Pau Monne wrote:
>>>>>>> XSA-256 forces the local APIC to always be enabled for PVH guests, so
>>>>>>> ignore any apic option for PVH guests. Update the documentation
>>>>>>> accordingly.
>>>>>> I think how I will approach this is to dictate that PVH always has LAPIC
>>>>>> in our in-tree document, then use that as the justification for this
>>>>>> change. That's the consensus from 2 years ago, right?
>>>>>>
>>>>>> Or we're just working around the limitation in our code base, and users
>>>>>> may demand a no-LAPIC PVH guest just because...
>>>>>
>>>>> Currently, Xen enforces that HVM guests have an LAPIC.  This is because
>>>>> making the non-LAPIC case function correctly/safely devolved into a
>>>>> massive rats nest and I stopped trying to fix it after 2 days of trying.
>>>>>
>>>>> At the moment, it would be wise to discuss whether the non-LAPIC case is
>>>>> actually sensible.  I personally see no value in keeping it.
>>>>>
>>>>
>>>> +1
>>>>
>>>>> If someone can come up with a convincing usecase for keeping it, then
>>>>> ok, but the barrier for this is increasing all the time, especially now
>>>>> that hardware acceleration and posted interrupts means that a
>>>>> pipeline-virtualised APIC is faster and more efficient than any of our
>>>>> event channel mechanisms.
>>>>
>>>> +1
>>>
>>> I've looked at the in-tree pvh document and it just refers to the local
>>> APIC in this sentence:
>>>
>>> "AP startup can be performed using hypercalls or the local APIC if present."
>>>
>>> I guess the trailing "if present" could be removed, but it's not
>>> colliding with this patch.
>>>
>>> I'm happy with rebasing this patch and applying the above change, is
>>> there any other document that should be changed?
>>
>> Can we make it more explicit. Like
>>
>>   VCPUs for PVH must have local APIC and it can't be disabled.
>>
>> ?
> 
> To be honest I liker Roger's suggestion better. And yet better
> would imo be if we left that sentence alone, unless we really mean
> to close that road for anyone wanting to take on making APIC-
> less guests work securely.
> 
> Jan

I believe that's exactly what Andrew proposed in
https://lists.xenproject.org/archives/html/xen-devel/2018-03/msg00089.html
removing the wording doesn't exclude someone from adding it later but it
does make it clear that its not available today.

-- 
Doug Goldstein

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to