[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] SMAP/SMEP issues with 32-bit pv guests



>>> On 01.08.16 at 02:48, <feng.wu@xxxxxxxxx> wrote:
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> Sent: Tuesday, June 28, 2016 3:42 PM
>> >>> On 28.06.16 at 03:58, <feng.wu@xxxxxxxxx> wrote:
>> > As you know, SMAP/SMEP may affect the 32-bit pv guests, after discussed
>> > internally, our current idea is that we can just disable this two feature 
>> > for
>> > Xen hypervisor itself, hence only enable it for HVM guests. Do you think 
>> > this
>> > is acceptable from your perspective?
>> 
>> I think at most we should go as far as making this an option. That's
>> better than requiring people to turn off SMEP/SMAP completely to
>> gain back performance, and better than forcing people to accept
>> this security wise step backwards without any alternative. And once
>> an option, I think I'd still like to have current behavior remain the
>> default; distros could choose to alter that default with - presumably -
>> a one line patch.
> 
> What is your opinion about doing it this way? If you also agree with it, we
> will start to implement it.

To be honest, with it having been over a month since the original
mail, and with it (presumably) not being a very intrusive change
(hence not requiring an awful lot of work) I don't see why you
couldn't simply prepare and submit the patch instead of waiting
for further replies.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.