Xen project Mailing List

Re: Support situation for nestedhvm

From: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>

Date: Thu, 9 Nov 2023 09:50:36 +0000

Cc: Elliott Mitchell <ehem+xen@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 09 Nov 2023 09:50:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi, On Tue, Nov 07, 2023 at 08:15:32PM +0000, Andrew Cooper wrote: > On 07/11/2023 7:53 pm, Elliott Mitchell wrote: > > I ran into the nestedhvm via the following path. I was considering the > > feasibility of shedding tasks from a desktop onto a server running Xen. > > I was looking at `man xl.cfg` and noticed "nestedhvm". > > > > Since one of the tasks the computer handled was running other OSes in > > fully simulated environments, this seemed to be something I was looking > > for. No where did I ever see anything hinting "This configuration option > > is completely unsupported and risky to use". > > This one is explicitly covered in SUPPORT.md, and has had XSAs out > against it in the past for being unexpectedly active when it oughtn't to > have been. > > > Things simply started exploding without any warnings. > > Things also explode if you try to create a VM with 10x more RAM than you > have, or if you try `./xenwatchdogd --help`, or `xl debug-keys c`, or > many other things. > > The xl manpage probably ought to state explicitly that the option is > experimental, but that the extent of what I'd consider reasonable here. > > You can't solve educational matters with technical measures. > > ~Andrew > No, but we can prevent users unexpectedly shooting themselves in the foot. Elliott's point (as I understood it) was that we could have an "experimental" switch, that would warn and error out when experimental features are used without it. This is just cfg sugar coating for xl, and would improve UX. Cargo uses the same sort of idea in the Rust ecosystem to make a clear distinction between unstable features that may change and stable ones that are meant to stay and just work. Having "experimental=nestedhvm,foo" is one option, having "experimental=1" be a required flag to enable experimental features is another. Heck, even renaming "nestedhvm" to "experimental-nestedhvm" would be an improvement. ``` Error: nestedhvm=1 is an unstable experimental feature not encouraged for production purposes. Enable it with experimental-nestedhvm=1 instead. ``` We can't fix it overnight, but we can't make it _very_ clear it's unstable to anyone currently using the feature. Cheers, Alejandro

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.