[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection

To: Jan Beulich <JBeulich@xxxxxxxx>
From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
Date: Thu, 7 Aug 2014 16:28:17 +0000
Accept-language: en-US
Cc: "keir@xxxxxxx" <keir@xxxxxxx>, "ian.campbell@xxxxxxxxxx" <ian.campbell@xxxxxxxxxx>, "stefano.stabellini@xxxxxxxxxxxxx" <stefano.stabellini@xxxxxxxxxxxxx>, "tim@xxxxxxx" <tim@xxxxxxx>, "ian.jackson@xxxxxxxxxxxxx" <ian.jackson@xxxxxxxxxxxxx>, "Dugger, Donald D" <donald.d.dugger@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, "Paul.Durrant@xxxxxxxxxx" <Paul.Durrant@xxxxxxxxxx>, "Lv, Zhiyuan" <zhiyuan.lv@xxxxxxxxx>, "Zhang, Yang Z" <yang.z.zhang@xxxxxxxxx>, "Ye, Wei" <wei.ye@xxxxxxxxx>
Delivery-date: Thu, 07 Aug 2014 16:28:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: AQHPqgd0sKj4lus6ZUOc5LgvdVTq2Ju0oJOAgAtM91D//6WDAIABak7AgACrs3D//4D+AIABCJLQgACwkbCAAAV2MIAAARpwgAADWMCAAAEIIIAAzHj2gAAPo3CAAHHXAIABJ9mg
Thread-topic: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection

> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: Wednesday, August 06, 2014 11:45 PM
> 
> >>> On 06.08.14 at 18:08, <kevin.tian@xxxxxxxxx> wrote:
> >>  From: Konrad Rzeszutek Wilk [mailto:konrad.wilk@xxxxxxxxxx]
> >> On Wed, Aug 06, 2014 at 03:04:31AM +0000, Zhang, Yang Z wrote:
> >> > Malicious guest is just an example. We can assume a normal guest never
> >> does it.
> >>
> >> What!? No you can't. That is thundering towards an XSA! The normal
> >> guest can become compromised.
> >
> > It would be a severe security hole to write-protect only the CPU path while
> > leaving DMA writes valid. When we say a page is write-protected, it must be
> > consistently enforced in both CPU/DMA paths. Now there is no other way to
> > achieve it lacking of VT-d page fault, except treating it fully as a 
> > emulated
> > MMIO range (means removing mapping in both EPT/VT-d page table), or
> > excluding VT-d like this patch originally does.
> 
> A fully emulated range means more than just removing the mapping
> though: No passed through device must access the memory range,
> since you can't emulate such accesses. While this is fine for existing
> uses (LAPIC, HPET, ...), I don't think it is for things like a frame
> buffer. If otoh talk is exclusively about GPU page tables, then this

I don't understand here. why would a pass-through device wants to access
frame buffer (I think you meant 'virtual' frame buffer)? Note XenGT itself
doesn't use VT-d, and we didn't see such usage of having another device
DMA to GPU resource. Then it's just same as any existing emulated MMIO
ranges e.g. on a virtual NIC, where no pass-through device would access 
them.

> ought to be fine, but would - to me - not fit with other aspects
> discussed in the context of these patches (like the supposedly large
> number of pages needing to be tracked for a guest).
> 

So what's your suggestion here?

Thanks
Kevin

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Jan Beulich

References:
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Tian, Kevin
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Zhang, Yang Z
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Tian, Kevin
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Zhang, Yang Z
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Tian, Kevin
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Zhang, Yang Z
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Tian, Kevin
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Zhang, Yang Z
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Tian, Kevin
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH RFC 2/2] xen: arm: Enable physical address space compression (PDX) on arm64
Next by Date: [Xen-devel] [PATCH v3] xen: domain_update_node_affinity: Bail out early if no VCPUs are allocated
Previous by thread: Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
Next by thread: Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.