On Tue, Jun 09, 2020 at 06:28:39PM +0200, Halil Pasic wrote: > On Tue, 9 Jun 2020 17:47:47 +0200 > Claudio Imbrenda <[email protected]> wrote: > > > On Tue, 9 Jun 2020 11:41:30 +0200 > > Halil Pasic <[email protected]> wrote: > > > > [...] > > > > > I don't know. Janosch could answer that, but he is on vacation. Adding > > > Claudio maybe he can answer. My understanding is, that while it might > > > be possible, it is ugly at best. The ability to do a transition is > > > indicated by a CPU model feature. Indicating the feature to the guest > > > and then failing the transition sounds wrong to me. > > > > I agree. If the feature is advertised, then it has to work. I don't > > think we even have an architected way to fail the transition for that > > reason. > > > > What __could__ be done is to prevent qemu from even starting if an > > incompatible device is specified together with PV. > > AFAIU, the "specified together with PV" is the problem here. Currently > we don't "specify PV" but PV is just a capability that is managed by the > CPU model (like so many other). I.e. the fact that the > visualization environment is capable providing PV (unpack facility > available), and the fact, that the end user didn't fence the unpack > facility, does not mean, the user is dead set to use PV. > > My understanding is, that we want PV to just work, without having to > put together a peculiar VM definition that says: this is going to be > used as a PV VM.
Having had a similar discussion for POWER, I no longer think this is a
wise model. I think we want to have an explicit "allow PV" option -
but we do want it to be a *single* option, rather than having to
change configuration of a whole bunch of places.
My intention is for my 'host-trust-limitation' series to accomplish
that.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
