[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH][HVM] fix migration from NX-capable machine to non-NX-capable machine


  • To: "Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>
  • From: "Dave Lively" <dlively@xxxxxxxxxxxxxxx>
  • Date: Fri, 28 Sep 2007 09:23:05 -0400
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 28 Sep 2007 06:23:49 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=WIkZ5aswNfEALEyIAn4EduQrGGP73cBVZe7H4976ws/1tqoXsQ2Xcccti61wPBKPtDwhsj1hNcIAxUWjVvC+LvGjWGyKCZqfVrTAKSYqRFnKxAhKgz+hcKqE8iuS5bMSD/iZVqbt/R7uKbgB34BFNvG+JmQlohqLIQ2BKS7eXDM=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

But that means you'll crash a guest that migrates from a NX-capable
machine to a  on-NX-capable machine.  (Though of course this is
detectable ahead of time, so the migration control code should just
refuse to migrate in this case.)

If we really believe that it's dangerous to let a guest see
NX-capability that doesn't really exist, perhaps we're better off
hiding NX altogether (perhaps optionally)?  I thought over that
beforehand, but it seemed kind of drastic to me, though I realize it's
a much more "pure" solution in that the guest can't see
inconsistencies due to virtualization.

Dave


On 9/28/07, Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> wrote:
> On 27/9/07 22:12, "David Lively" <dlively@xxxxxxxxxxxxxxx> wrote:
>
> > The attached patch (to 3.1.1-rc2) fixes a hypervisor crash that we're
> > seeing when migrating a HVM guest from a machine that supports the NX
> > bit to one that doesn't (e.g., because it's disabled in the BIOS).  It
> > keeps the guest copy of EFER "as is", so the guest will see EFER_NX if
> > it previously set it -- we just won't propagate this EFER bit to a
> > non-NX-capable host.
>
> Actually this issue is very nearly handled by xen-3.1-testing:15064 and
> xen-unstable:15066. The HVM state load code that sets guest efer should barf
> on !cpu_has_nx && EFER_NX, just as the wrmsr-handling code does.
>
>  -- Keir
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.