On 19.10.22 19:45, Li, Xin3 wrote:
+static inline void __init lkgs_init(void) { #ifdef
+CONFIG_PARAVIRT_XXL #ifdef CONFIG_X86_64
+ if (cpu_feature_enabled(X86_FEATURE_LKGS))
+ pv_ops.cpu.load_gs_index = native_lkgs;
For this to work correctly when running as a Xen PV guest, you need
to add
setup_clear_cpu_cap(X86_FEATURE_LKGS);
to xen_init_capabilities() in arch/x86/xen/enlighten_pv.c, as
otherwise the Xen specific .load_gs_index vector will be overwritten.
Yeah, we definitely should add it to disable LKGS in a Xen PV guest.
So does it mean that the Xen PV uses a black list during feature detection?
If yes then new features are often required to be masked with an
explicit call to setup_clear_cpu_cap.
Wouldn't a white list be better?
Then the job is more just on the Xen PV side, and it can selectively
enable a new feature, sometimes with Xen PV specific handling code added.
This is not how it works. Feature detection is generic code, so we'd need to
tweak that for switching to a whitelist.
Yes, a Xen PV guest is basically a Linux system. However IIRC, the Xen PV
CPUID is para-virtualized, so it's Xen hypervisor's responsibility to decide
features exposed to a Xen PV guest. No?
Additionally most features don't require any Xen PV specific handling. This is
needed for some paravirtualized privileged operations only. So switching to a
whitelist would add more effort.
LKGS is allowed only in ring 0, thus only Xen hypervisor could use it.
Attachment:
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature