>>> On 19.01.18 at 17:10, <[email protected]> wrote: > On 19/01/18 15:02, Jan Beulich wrote: >>>>> On 19.01.18 at 15:24, <[email protected]> wrote: >>> On 19/01/18 12:47, Jan Beulich wrote: >>>>>>> On 18.01.18 at 16:46, <[email protected]> wrote: >>>>> @@ -265,6 +265,10 @@ On hardware supporting IBRS, the `ibrs=` option can >>>>> be >>>>> used to force or >>>>> prevent Xen using the feature itself. If Xen is not using IBRS itself, >>>>> functionality is still set up so IBRS can be virtualised for guests. >>>>> >>>>> +The `rsb_vmexit=` and `rsb_native=` options can be used to fine tune >>>>> when the >>>>> +RSB gets overwritten. There are individual controls for an entry from >>>>> HVM >>>>> +context, and an entry from a native (PV or Xen) context. >>>> Would you mind adding a sentence or two to the description making >>>> clear what use this fine grained control is? I can't really figure why I >>>> might need to be concerned about one of the two cases, but not the >>>> other. >>> I though I'd covered that in the commit message, but I'm not sure this >>> is a suitable place to discuss the details. PV and HVM guests have >>> different reasoning for why we need to overwrite the RSB. >>> >>> In the past, there used to be a default interaction of rsb_native and >>> SMEP, but that proved to be insufficient and rsb_native is now >>> unconditionally enabled. In principle however, it should fall within >>> CONFIG_PV. >> Thanks for the explanation, but I'm afraid I'm none the wiser as >> to why the two separate options are needed (or even just wanted). > > If you never run 32bit PV guests, and don't use Introspection on HVM VMs > larger than 7 vcpus, then you are believed safe to turn rsb_native off.
Where does that funny 7 come from. > Also, based on feedback we're seeing from the field, an "I trust my PV > guest mode" looks like it will go a long way. When dom0 is the only PV > guest (which is very common, and increasingly so these days), then we > can drop rsb_native and IBRS_CLEAR, giving us zero overhead for > exception/interrupt handling. Okay, makes sense, thanks. Would be nice if you could add some of this to the description. Jan _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
