在 2023-07-06 00:32,Daniel P. Berrangé 写道:
On Mon, Jul 03, 2023 at 02:30:28PM +0800, Lin Ma wrote:
VMX(kernel v6.0) supports Notification VM exit feature under commit
2f4073e0.
QEMU supports it as well since v7.2 under commit e2e69f6b.
Add this feature into libvirt now.
An example of Domain XML snippet to configure this feature:
<features>
<kvm>
<notify-vmexit state='on' mode='run' notify-window='16384'/>
</kvm>
</features>
IIUC this setting is intended to fix a CVE, but it is opt-in so
everything remains vulnerable until all mgmt apps are udated to
add this. This is already off to a bad start, but lets suppose
we do want to update every single app to add this XML...
Is '16384' a good default value for notify-window ? If so why
hasn't QEMU just set this as the global default ? Is there
some downside to setting this that makes it impossible to just
"do the right thing" in QEMU ?
The original QEMU commit message isn't very enlightening about
how this should actually be used in practice.
I'm unenthusiastic about exposing settings like this from libvirt
unless there is credible guidance / documentation that makes it
possible for apps to follow a plan that's more than just guesswork.
Otherwise this just feels like a feature tickbox.
Sorry for the late response.
I used to try to figure out such a reliable guidance / documentation,
But found nothing.
The '16384' is just a guesswork and an example, By far I havn't figure
out the internal hardware threshold of the notify-window due to no
notify-vmexit capable processors in my hand.
Your opinion and concern make sense,Let's keep the current situation,
Not expose it to management software.
Thank you very much for the comments and the review!
Lin
