[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility

  • To: Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>
  • From: Alexandru Stefan ISAILA <aisaila@xxxxxxxxxxxxxxx>
  • Date: Thu, 20 Feb 2020 09:25:36 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitdefender.com; dmarc=pass action=none header.from=bitdefender.com; dkim=pass header.d=bitdefender.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MZsK2TZ9dYI8Oc3ZuKlHx5bXvMH/NjsGntZK9lMNGyM=; b=iOeUqRPJyxPbzjVWsVyb0afKgOGfeWNDlfx8BFiEMoosgrrTWcx980OEgauc8/qQSYObqNrgALcD+OOqEzChY1P7HAt4o5Yen7qt6ETbOJ0BswlVqgWdVsrRFwsG2b+2x02AbpD+wP0npqLuy7rkOAEVoNDW5XycB1xc2MaINsl5+0Y45FPDqzsx3syZF3fK776MnKm0Avb2u1z5n/03mV/lYMegOG9pu7irag+neVyxg1LpNt27CSsfK/7/t4ClXyV9wgC5AZUazQn+cK4r8SsgDR9kYQgXdWcbzctiPBcRA4uJyhgZthluaBrpO7G6GuF2diYDy/e0NPgyuEvzIA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KRV0bRfKm42b5k8q7b5xOYCW88oEJhNK3GLGG159trPwowvjaCTVDXY1fXJBCjszmgiEoxmyVBwuz7Rq7MSC8E5iD3VA18E9L4QeipWnxfIthCiTGwKhl4Jg2oL9/uPx+mSBr+HnyyGZWhR4tHD5i7I/OWVDiY5ErfwOZeZo9nUoVwAKG/xrPZ8htIp5qQisfzSg6cILNgpqWlTSc4y0tkS3eMNk/zODH9g8josqvzHUc7RxNptyrhGDisQ3mkRdY08rt70bf0bK9j0Dac1T7wR8ugQuRlTgaxkSP6v3jBMeBOwlm0mblExV9miVd8m1Qm3jFAVYmcBjMF5PT9WXpA==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=aisaila@xxxxxxxxxxxxxxx;
  • Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Thu, 20 Feb 2020 09:25:42 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHV5wWKuFf2vClElk6nKYx34YpPrKgit70AgAEZnoA=
  • Thread-topic: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility

On 19.02.2020 18:37, Tamas K Lengyel wrote:
> On Wed, Feb 19, 2020 at 2:19 AM Alexandru Stefan ISAILA
> <aisaila@xxxxxxxxxxxxxxx> wrote:
>> At this moment a guest can call vmfunc to change the altp2m view. This
>> should be limited in order to avoid any unwanted view switch.
>> The new xc_altp2m_set_visibility() solves this by making views invisible
>> to vmfunc.
>> This is done by having a separate arch.altp2m_working_eptp that is
>> populated and made invalid in the same places as altp2m_eptp. This is
>> written to EPTP_LIST_ADDR.
>> The views are made in/visible by marking them with INVALID_MFN or
>> copying them back from altp2m_eptp.
>> To have consistency the visibility also applies to
>> p2m_switch_domain_altp2m_by_id().
> I'm just wondering, what prevents the guest from calling this HVM op
> before doing vmfunc? This seems to only make a difference in case the
> altp2m mode is either set as external or limited (or have a more
> fine-grained XSM policy loaded). Is that correct? If so, perhaps

Yes, that is correct.

> mention that in the commit message and as a comment on the libxc
> function so that people don't get a false sense of security when using
> the mixed mode.

I will add this fact in the commit message and in libxc. Good thing to 
point that out.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.