[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

On Wed, 15 Oct 2014, Peter Maydell wrote:
> On 15 October 2014 11:16, Paul Durrant <paul.durrant@xxxxxxxxxx> wrote:
> > The ioreq-server API added to Xen 4.5 offers better security than
> > the existing Xen/QEMU interface because the shared pages that are
> > used to pass emulation request/results back and forth are removed
> > from the guest's memory space before any requests are serviced.
> > This prevents the guest from mapping these pages (they are in a
> > well known location) and attempting to attack QEMU by synthesizing
> > its own request structures. Hence, this patch modifies configure
> > to detect whether the API is available, and adds the necessary
> > code to use the API if it is.
> This commit message doesn't mention it, but presumably this is
> all x86-specific given it's in a file which is only used for
> x86 Xen?

Unfortunately even though it is pretty x86 specific, it is still
compiled on ARM, even though it is never actually used (it is used in
i386 emulation with Xen acceleration support, while on ARM we only use
the PV machine).

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.