Xen project Mailing List

Re: [Xen-devel] SMAP/SMEP issues with 32-bit pv guests

Date: Mon, 1 Aug 2016 08:25:54 +0000

Accept-language: en-US

Cc: "Andrew Cooper\(andrew.cooper3@xxxxxxxxxx\)" <andrew.cooper3@xxxxxxxxxx>, "Wu, Feng" <feng.wu@xxxxxxxxx>, "Wang, Yong Y" <yong.y.wang@xxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Mon, 01 Aug 2016 08:26:21 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AdHQ3+KjNZ5sh7SARrCM/oQqFHdmbv//2x8A/8p+Y4CAavqGgP//d6ww

Thread-topic: SMAP/SMEP issues with 32-bit pv guests

> -----Original Message----- > From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Sent: Monday, August 1, 2016 4:16 PM > To: Wu, Feng <feng.wu@xxxxxxxxx> > Cc: Andrew Cooper(andrew.cooper3@xxxxxxxxxx) > <andrew.cooper3@xxxxxxxxxx>; Nakajima, Jun <jun.nakajima@xxxxxxxxx>; > Wang, Yong Y <yong.y.wang@xxxxxxxxx>; xen-devel@xxxxxxxxxxxxx > Subject: RE: SMAP/SMEP issues with 32-bit pv guests > > >>> On 01.08.16 at 02:48, <feng.wu@xxxxxxxxx> wrote: > >> From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > >> Sent: Tuesday, June 28, 2016 3:42 PM > >> >>> On 28.06.16 at 03:58, <feng.wu@xxxxxxxxx> wrote: > >> > As you know, SMAP/SMEP may affect the 32-bit pv guests, after > discussed > >> > internally, our current idea is that we can just disable this two feature > for > >> > Xen hypervisor itself, hence only enable it for HVM guests. Do you think > this > >> > is acceptable from your perspective? > >> > >> I think at most we should go as far as making this an option. That's > >> better than requiring people to turn off SMEP/SMAP completely to > >> gain back performance, and better than forcing people to accept > >> this security wise step backwards without any alternative. And once > >> an option, I think I'd still like to have current behavior remain the > >> default; distros could choose to alter that default with - presumably - > >> a one line patch. > > > > What is your opinion about doing it this way? If you also agree with it, we > > will start to implement it. > > To be honest, with it having been over a month since the original > mail, and with it (presumably) not being a very intrusive change > (hence not requiring an awful lot of work) I don't see why you > couldn't simply prepare and submit the patch instead of waiting > for further replies. > We would like to hear the comments from Citrix before coding, we don't want to waste time writing unacceptable patches. Thanks, Feng > Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.