Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: xen on i7-12700: works with cet-no-ibt !!



Thanks for all the hints.  I ended up disabling more and more until I
found a clue that pointed to "CET"
(https://www.intel.com/content/www/us/en/developer/articles/technical/technical-look-control-flow-enforcement-technology.html)
and after seeing a screenshot  Manuel pointed out "cet=no-ibt" as a boot
option.   So my boot line is

  menu=Xen:gop 6;load /netbsd-XEN3_DOM0.gz bootdev=dk1 rndseed=/var/db/entropy-file console=pc;multiboot /xen.gz cet=no-ibt console=vga dom0_mem=12000M

(with the gop 6 being to adapt to 1920x1280).

With that, it booted, and then I removed (one at a time...) the other
"no"s, and lastly re-enabeld VT-d and SR-IOV at the biods level -- and
it still works fine.

This is with xen 4.18 built with gcc 10 under NetBSD 10.

Clearly the Xen people think the defaults are ok.

I theorize without understanding that gcc 10 is too old to build for CET
(endbranch instructions, shadow stacks), and that it is a bug in xen to
enable anything CET without knowing that it was prepared for.

I think only 12th-gen (Alder Lake) and later have CET, and these seem
fairly newfangled for the NetBSD "keep-using-what-works even when not
retro-leaning" crowd.

VT-d seems to shave 0.4s off 70.5s.

This CPU has EPT and HAP.

It looks like the dom0-pv vs bare metal slowdown is still huge, 70.1s
for PV vs 27.6s for bare metal.

I'll try a PVH dom0, and domUs both PV, PVH, PVHVM.


Home | Main Index | Thread Index | Old Index