Re: [Xen-devel] [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 16/06/16 12:52, Wei Liu wrote:
>
>>> +        printk("**********************************************\n");
>>> +        printk("******* WARNING: HVM FORCED EMULATION PREFIX IS 
>>> PERMITTED\n");

I would say "available" rather than permitted in this case.

>>> +        printk("******* This option is *ONLY* intended to aid debugging "
>>> +               "and testing of Xen\n");

Despite the line length, I would keep this string on a single line.  If
you want it a little shorter, you can drop "debugging and", leaving just
testing.

>>> +        printk("******* that HVM guest can enter instruction emulator "
>>> +               "with UD instruction.\n");

I think this like isn't necessary.  Anyone who is unclear what FEP is
can look it up.

>>> +        printk("******* It has implication on the security of the 
>>> system.\n");

implications.

>>> +        printk("******* Please *DO NOT* use this in production.\n");
>>> +        printk("**********************************************\n");
>>> +        add_taint(TAINT_HVM_FEP);
>> Should we perhaps taint the system only the first time a guest
>> makes use of this?
>>
> Doesn't that add overhead to a potential hot path? Arguably it is only
> setting a bit in a flag, but still...

FEP is not a fastpath at all.  It would be fine to defer to
hvm_ud_intercept().

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel