This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] Configuration of nestedhvm

To: Keir Fraser <keir@xxxxxxx>
Subject: RE: [Xen-devel] Configuration of nestedhvm
From: "Dong, Eddie" <eddie.dong@xxxxxxxxx>
Date: Fri, 8 Oct 2010 16:47:52 +0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Dong, Eddie" <eddie.dong@xxxxxxxxx>
Delivery-date: Fri, 08 Oct 2010 01:52:21 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C8D49364.256F0%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1A42CE6F5F474C41B63392A5F80372B22DBEA5AA@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <C8D49364.256F0%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Actmf7Fhjj9F1X8UQAiSevQQTVQBcAAIcuFwAAWnxlYAAUz7IAABKtVvAABnTLA=
Thread-topic: [Xen-devel] Configuration of nestedhvm
Keir Fraser wrote:
> On 08/10/2010 08:56, "Dong, Eddie" <eddie.dong@xxxxxxxxx> wrote:
>>> What's the point when a per-domain config option is going to be
>>> implemented? You can then simply not configure nestedhvm for a
>>> domain you want to test without that capability? I suppose it makes
>>> your second patch make a bit more sense than it would in total
>>> isolation. 
>> I want double-lock (AND) like other components such as IOMMU.
>> If the global switch is off, even per domain configuration is turned
>> on, the final effect is "OFF". 
>> The point here is to avoid manual mistake when the nested code is
>> built in as formal release but targeting for pilot. Relying on HVM
>> guest configuration only may cause the host crash or performance
>> impact if the code has a bug and a guest enables nested
>> virtualization feature. 
>> This switch is mainly for developer only at least for now.
> Well, at least it should only be disallowing toolstack to set the
> per-domain config option. Then it won't need to be accessed on every

The tools side patch will hypercall to try to set, but it is hypervisor's 
decision to allow the setting or not.
The userland CPUID emulation will rely on the VMM returned setting.

> use of is_nestedhvm(). So again it depends on that, mainly tool-side,
> patch. 

It is chicken and egg then :) emulation of per domain setting hypercall relies 
on the global setting. is_nestedhvm relies on the per domain setting :)

But it is fine too, as if you want the global control, and Chris may merge the 
patch into his if he needs to repost..

>  -- Keir

So can Ian have a look at the previous Chris patch again? What is the reason to 
block that patch?

Thx, Eddie

Xen-devel mailing list