[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 2/3] x86: explicitly disallow guest access to PPIN

On 16.12.2019 13:26, Andrew Cooper wrote:
> On 16/12/2019 11:47, Jan Beulich wrote:
>>>   What
>>> you've done here is half-virtualise something we have no intention to
>>> ever virtualise for guests.
>>> Both of these should be blanket #GP faults.  AMD should never be in the
>>> position of seeing amd_ppin clear but PPIN_CTL returning LOCKOUT, and
>>> while Intel does have model specific behaviour, whatever else might be
>>> behind that MSR obviously shouldn't be leaking though either.
>> In the interest of getting this ack-ed I might switch to the
>> blanket-#GP as you suggest, but I'm having trouble seeing why
>> giving back sane (and safe) values is wrong. This isn't meant
>> to indicate we might virtualize more of this. But why incur an
>> unnecessary #GP(0) in the guest when we can indicate the same
>> in a more "friendly" manner?
> Why add dead code to Xen?

Well, as you said yourself - at least the Intel part of this
isn't really dead. Of course we _expect_ guest kernels to cope
with #GP here, but there are many expectations of ours which
get violated ... (To give a concrete example in this very area
of code: A customer of ours noticed the x2APIC MSRs having
become inaccessible at some point. Clearly we didn't expect PV
guests to try to access them.)

> It is unnecessary complexity in some already-complicated functions which
> are going to become far more complicated by the time we get Xen's MSR
> behaviour into a somewhat-reasonable state.

If this was really about "complexity", I'd fully agree. But
we talk about two instance of almost the same 5-line piece of


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.