On 31/05/2023 10:01 am, Alejandro Vallejo wrote: > On Tue, May 30, 2023 at 06:31:03PM +0100, Andrew Cooper wrote: >> I've committed this, but made two tweaks to the commit message. First, >> "x86/hvm" in the subject because it's important context at a glance. > Sure, that makes sense. > >> Second, I've adjusted the bit about PV guests. The reason why we can't >> expose it yet is because Xen doesn't currently context switch EFER >> between PV guests. >> >> ~Andrew > We could of course context switch EFER sensibly, but what would that mean > for Automatic IBRS? It can't be trivially used for domain-to-domain > isolation because every domain is in a co-equal protection level. Is there > a non-obvious edge that exposing some interface to it gives for PV? The > only useful case I can think of is PVH, and that seems to be subsumed by > HVM.
Hence why it's fine to not worry about PV for now. Right now, when we decide to use IBRS on AMD, we set it unilaterally. This turns out to be better performance than flipping it on privilege changes (whether that's non-Xen <-> Xen, or guest user <-> kernel). PV guests are obscure corner cases these days, and fall outside of anything the hardware vendors care about when it comes to prediction mode. The only sane option is to have Xen explicitly tell the the PV guest what Xen is doing, and let the guest decide if it wants to do anything further in terms of protections. ~Andrew
