[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility

To: Alexandru Stefan ISAILA <aisaila@xxxxxxxxxxxxxxx>
From: Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>
Date: Wed, 19 Feb 2020 09:37:36 -0700
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 19 Feb 2020 16:38:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Feb 19, 2020 at 2:19 AM Alexandru Stefan ISAILA
<aisaila@xxxxxxxxxxxxxxx> wrote:
>
> At this moment a guest can call vmfunc to change the altp2m view. This
> should be limited in order to avoid any unwanted view switch.
>
> The new xc_altp2m_set_visibility() solves this by making views invisible
> to vmfunc.
> This is done by having a separate arch.altp2m_working_eptp that is
> populated and made invalid in the same places as altp2m_eptp. This is
> written to EPTP_LIST_ADDR.
> The views are made in/visible by marking them with INVALID_MFN or
> copying them back from altp2m_eptp.
> To have consistency the visibility also applies to
> p2m_switch_domain_altp2m_by_id().

I'm just wondering, what prevents the guest from calling this HVM op
before doing vmfunc? This seems to only make a difference in case the
altp2m mode is either set as external or limited (or have a more
fine-grained XSM policy loaded). Is that correct? If so, perhaps
mention that in the commit message and as a comment on the libxc
function so that people don't get a false sense of security when using
the mixed mode.

Thanks,
Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility
  - From: Alexandru Stefan ISAILA

References:
- [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility
  - From: Alexandru Stefan ISAILA

Prev by Date: Re: [Xen-devel] [PATCH 2/2] smp: convert cpu_hotplug_begin into a blocking lock acquisition
Next by Date: Re: [Xen-devel] [PATCH] x86: "spec-ctrl=no-xen" should also disable branch hardening
Previous by thread: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility
Next by thread: Re: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.