>>> On 28.06.16 at 03:58, <feng...@intel.com> wrote: > As you know, SMAP/SMEP may affect the 32-bit pv guests, after discussed > internally, our current idea is that we can just disable this two feature for > Xen hypervisor itself, hence only enable it for HVM guests. Do you think this > is acceptable from your perspective?
I think at most we should go as far as making this an option. That's better than requiring people to turn off SMEP/SMAP completely to gain back performance, and better than forcing people to accept this security wise step backwards without any alternative. And once an option, I think I'd still like to have current behavior remain the default; distros could choose to alter that default with - presumably - a one line patch. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
