>>> On 06.12.16 at 15:47, <andrew.coop...@citrix.com> wrote: > As for UMIP itself, there are a number of issues which we should > consider here. > > First, this adds quite a lot of emulation and extra handling in security > sensitive areas. That isn't a problem per say, but given concerns with > emulation in general (and indeed the efforts to remove all emulation > from some usecases), making it unilaterally enabled is a problem.
As mentioned in the commit description. > As such, I think emulated-UMIP is an option which the user must > explicitly opt-in to. The easiest option might be to defer adding > emulated-UMIP until I have split the default and max featureset options > in the CPUID policy ABI (which is the task I am currently working ok). Makes sense. > However, it would also require only enabling the SVM GP intercept in the > hvm_update_guest_vendor() path (which should be renamed to something > slightly more generic like hvm_cpuid_policy_updated()). Why that? We always need it intercepted as long as the guest wants UMIP, but the hardware doesn't offer it. The feature isn't tied to the vendor being Intel or some such. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
