[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Date: Tue, 13 Feb 2018 11:27:16 +0000
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 13 Feb 2018 11:27:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Feb 13, 2018 at 04:04:17AM -0700, Jan Beulich wrote:
> >>> On 13.02.18 at 10:59, <roger.pau@xxxxxxxxxx> wrote:
> > On Tue, Feb 13, 2018 at 02:29:08AM -0700, Jan Beulich wrote:
> >> >>> On 08.02.18 at 13:25, <roger.pau@xxxxxxxxxx> wrote:
> >> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> >> 
> >> A change like this should not come without description, providing a
> >> reason for the change. Otherwise how will someone wanting to
> >> understand the change in a couple of years actually be able to
> >> make any sense of it. This is in particular because I continue to be
> >> not fully convinced that white listing is appropriate in the Dom0
> >> case (and for the record I'm similarly unconvinced that black listing
> >> is the best choice, yet obviously we need to pick on of the two).
> > 
> > I'm sorry, I thought we agreed at the summit to convert this to
> > whitelisting because it was likely better to simply not expose unknown
> > ACPI tables to guests.
> 
> "to guests" != "to Dom0".
> 
> > I guess the commit message could be something like:
> > 
> > "The following list of whitelisted APIC tables are either known to work
> > or don't require any resources to be mapped in either the IO or the
> > memory space.
> 
> Even if the white listing vs black listing question wasn't still
> undecided, I think we should revert the patch in favor of one
> with a description. The one above might be fine with "ACPI" in
> place of "APIC" as far as tables actively white listed are
> concerned, but then it still remains open why certain tables
> haven't been included. I'm in particular worried about various
> APEI related tables, but invisibility of e.g. an IBFT could also
> lead to boot problems.

Regarding APEI I think ERST, EINJ and HEST could be passed through,
BERT however requires that the BOOT Error Region is mapped into Dom0
p2m.

Since PVH Dom0 creation still ends up in a panic, I see no problem in
adding those in follow up patches.

IBFT also looks safe to pass through.

Thanks, Roger.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 0/3] pvh/dom0: switch to ACPI whitelisting
  - From: Roger Pau Monne
- [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables
  - From: Roger Pau Monne
- Re: [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables
  - From: Roger Pau Monné
- Re: [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables
  - From: Jan Beulich

Prev by Date: [Xen-devel] [xen-unstable test] 119023: regressions - trouble: blocked/broken/fail/pass
Next by Date: Re: [Xen-devel] [PATCH RFC 2/8] public/io/netif: add directory for backend parameters
Previous by thread: Re: [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables
Next by thread: Re: [Xen-devel] [PATCH 3/3] pvh/dom0: whitelist PVH Dom0 ACPI tables
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.