Re: [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "Liu, Jinsong" <jinsong.liu@intel.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
	"keir@xen.org" <keir@xen.org>,
	"haoxudong.hao@gmail.com" <haoxudong.hao@gmail.com>,
	Jan Beulich <jbeulich@suse.com>,
	"Ian.Campbell@citrix.com" <Ian.Campbell@citrix.com>
Subject: Re: [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle
Date: Wed, 27 Nov 2013 16:03:57 +0000	[thread overview]
Message-ID: <529617ED.4020508@citrix.com> (raw)
In-Reply-To: <DE8DF0795D48FD4CA783C40EC8292335013E825D@SHSMSX101.ccr.corp.intel.com>

On 27/11/13 15:02, Liu, Jinsong wrote:
> Andrew Cooper wrote:
>> On 27/11/13 14:37, Liu, Jinsong wrote:
>>> Andrew Cooper wrote:
>>>> On 27/11/13 14:27, Liu, Jinsong wrote:
>>>>> Andrew Cooper wrote:
>>>>>> On 27/11/13 13:50, Liu, Jinsong wrote:
>>>>>>> From 291adaf4ad6174c5641a7239c1801373e92e9975 Mon Sep 17 00:00:00
>>>>>>> 2001 From: Liu Jinsong <jinsong.liu@intel.com>
>>>>>>> Date: Thu, 28 Nov 2013 05:26:06 +0800
>>>>>>> Subject: [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle
>>>>>>>
>>>>>>> When MPX supported, a new guest-state field for IA32_BNDCFGS
>>>>>>> is added to the VMCS. In addition, two new controls are added:
>>>>>>>  - a VM-exit control called "clear BNDCFGS"
>>>>>>>  - a VM-entry control called "load BNDCFGS."
>>>>>>> VM exits always save IA32_BNDCFGS into BNDCFGS field of VMCS.
>>>>>>>
>>>>>>> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
>>>>>>> Reviewed-by: Liu Jinsong <jinsong.liu@intel.com>
>>>>>>>
>>>>>>> Unlikely, but in case VMX support is not available, not expose
>>>>>>> MPX to hvm guest.
>>>>>> You are still missing the point.
>>>>>>
>>>>>> I as the administrator choose to prevent an HVM guest from using
>>>>>> MPX. Perhaps I want to create a heterogeneous pool.
>>>>>>
>>>>>> Therefore, the bit is disabled in the domains cpuid policy,
>>>>>> despite being available on the hardware.
>>>>>>
>>>>>> ~Andrew
>>>>>>
>>>>> Could you tell me the reason why choose to prevent HVM from using
>>>>> MPX? 
>>>>>
>>>>> Thanks,
>>>>> Jinsong
>>>> For exactly the case I gave - a VM in a heterogeneous pool where one
>>>> server supports MPX and the other is lacking the MPX feature.
>>>>
>>>> ~Andrew
>>>>
>>> I didn't see the point of your case to prevent HVM MPX feature.
>>> Could you elaborate more of your concern?
>>>
>>> Thanks,
>>> Jinsong
>> It is very common to have pools of servers made of different
>> generations of CPU.  E.g. Ivy Bridge and Haswell.  To safely migrate
>> a VM, the feature set the VM can see must be the common subset of the
>> two. 
>>
>> ~Andrew
> Yes -- but that's not a reason to prevent MPX feature (or, any new features) -- otherwise you have to prevent any new features.
> The right place to control cpuid policy of a pool is at higher level, where it has full information of the pool machines and so it's right place to make decision what cpuid feature set would be proper for the specific pool.
>
> Thanks,
> Jinsong

That is exactly a reason to prevent MPX.

If the domain cpuid policy (which is set by the toolstack) states that
MPX should be disabled, then MPX must be hidden from the HVM guest, even
if the hardware supports MPX.

~Andrew

next prev parent reply	other threads:[~2013-11-27 16:03 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-27 13:50 [PATCH 3/4 V3] X86: MPX IA32_BNDCFGS msr handle Liu, Jinsong
2013-11-27 13:57 ` Andrew Cooper
2013-11-27 14:04   ` Jan Beulich
2013-11-27 14:27   ` Liu, Jinsong
2013-11-27 14:31     ` Andrew Cooper
2013-11-27 14:37       ` Liu, Jinsong
2013-11-27 14:50         ` Konrad Rzeszutek Wilk
2013-11-27 14:51         ` Andrew Cooper
2013-11-27 15:02           ` Liu, Jinsong
2013-11-27 16:03             ` Andrew Cooper [this message]
2013-11-28  3:17               ` Liu, Jinsong
2013-11-28 10:34                 ` Tim Deegan
2013-11-28 11:12                   ` Liu, Jinsong
2013-11-28 11:14                     ` Tim Deegan
2013-11-28 11:18                       ` Liu, Jinsong
2013-11-28 11:26                       ` Ian Campbell
2013-11-28 11:45                         ` Tim Deegan
2013-11-29  9:48                           ` Jan Beulich
2013-11-27 14:00 ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=529617ED.4020508@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=Ian.Campbell@citrix.com \
    --cc=haoxudong.hao@gmail.com \
    --cc=jbeulich@suse.com \
    --cc=jinsong.liu@intel.com \
    --cc=keir@xen.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.