[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case

To: "Tamas K Lengyel" <tamas.lengyel@xxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 21 Mar 2017 11:06:28 -0600
Cc: Sergej Proskurin <proskurin@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 21 Mar 2017 17:06:37 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 21.03.17 at 17:43, <tamas.lengyel@xxxxxxxxxxxx> wrote:
> On Tue, Mar 21, 2017 at 10:38 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>>> On 21.03.17 at 17:30, <tamas.lengyel@xxxxxxxxxxxx> wrote:
>>> On Tue, Mar 21, 2017 at 3:54 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>> Furthermore, wasn't HVMOP_altp2m_vcpu_enable_notify
>>>> supposed to always be available to the guest (as long as altp2m
>>>> is enabled)? You don't allow this here anymore.
>>>
>>> Absolutely not, that's one of the main reasons why I want the
>>> external_only option to be available in the first place. For malware
>>> analysis it is a huge hole if the guest can decide that it wants
>>> certain EPT violations to be handled by the guest without first going
>>> to the hypervisor or if it can start switching its EPT tables around.
>>
>> In which case I guess we need three modes (besides disabled):
>> - guest can alter permissions
>> - guest can pick tables
>> - guest can do nothing
> 
> Why do you think those other two modes would be needed? I have no
> use-case for any of these other then where the guest can do nothing. I
> also don't see what would be the usecase for the other two that would
> warrant their addition over the mixed use that exists already.

Well, "mixed" I understand is what I've listed first. And the 2nd
option clearly is more secure than the first _without_ taking
away all control from the guest. The set above is basically my
summary of things wanted by the different parties, as I've
understood the discussion so far. I quite possibly may be wrong
with that ...

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
  - From: Tamas K Lengyel

References:
- [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
  - From: Tamas K Lengyel
- Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
  - From: Tamas K Lengyel
- Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
  - From: Tamas K Lengyel

Prev by Date: Re: [Xen-devel] [PATCH v2 6/6] x86/viridian: implement the crash MSRs
Next by Date: Re: [Xen-devel] [PATCH 3/3] tools: sched: add support for 'null' scheduler
Previous by thread: Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
Next by thread: Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.