[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] x86/altp2m: Allow setting the #VE info page for an arbitrary VCPU



On Thu, Sep 20, 2018 at 3:55 PM Razvan Cojocaru
<rcojocaru@xxxxxxxxxxxxxxx> wrote:
>
> On 9/20/18 5:42 PM, George Dunlap wrote:
> > I do have a question about your proposed use case.  You're running
> > this in 'mixed' mode, right, and using the altp2m to hide a secure bit
> > of code from the operating system?  What's to stop a rogue operating
> > system that doesn't want to be introspected from calling
> > HVMOP_altp2m_vcpu_enable_notify with INVALID_GFN to disable this?
>
> Nothing, but we're not running this in mixed mode. :)
> We're after 'external', for the very same reasons you've mentioned.
>
> Everything important is done in dom0-only. If there's something to be
> done that the in-guest agent would like, it has to ask the introspection
> agent in dom0 via VMCALL events.

OK, got it, thanks.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.