[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V2] common/mem_access: merged mem_access setting interfaces

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
Date: Mon, 20 Mar 2017 18:01:53 +0200
Cc: wei.liu2@xxxxxxxxxx, ravi.sahita@xxxxxxxxx, tamas@xxxxxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, jbeulich@xxxxxxxx
Delivery-date: Mon, 20 Mar 2017 16:01:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 03/20/2017 04:20 PM, Andrew Cooper wrote:
> On 20/03/17 09:50, Razvan Cojocaru wrote:
>> xc_altp2m_set_mem_access() and xc_set_mem_access() end up doing the same 
>> thing
>> in the hypervisor, but the former is a HVMOP and the latter a DOMCTL. Since
>> nobody is currently using, or has stated intent to use, this functionality
>> specifically as an HVMOP, this patch removes the HVMOP while adding an extra
>> parameter to the more flexible DOMCTL variant, in which the altp2m view can 
>> be
>> transmitted (0 for the default view, or when altp2m is disabled).
>> The xen-access test has been updated in the process.
>>
>> Signed-off-by: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
> 
> I am sorry to be awkward here, but as this patch stands, it definitely
> breaks the original usecase altp2m was introduced for.  Therefore, I
> don't it is appropriate to take in this form.
> 
> The problem is that the current permissions are too coarse-grained.
> 
> Intel's use case needs all hypercalls usable by the guest, as the agent
> is entirely in-guest.  (It also occurs to me that scenario might be
> useful to develop within.)

Actually upon reading this again:

https://lists.xenproject.org/archives/html/xen-devel/2015-06/msg01319.html

it doesn't look like Intel's use case is for entirely in-guest agents
(although granted that's a possiblity):

"The altp2m capability allows for para-virtualized guest software agent
within or across domains to be able to enforce memory introspection
policies in an efficient manner. Altp2m also allows para-virtualized
guest agent components to be isolated within an HVM (in terms of guest
physical memory) for secure VM introspection as well as various other
security and privacy usages that require efficient memory isolation."

I could be misreading this, but "para-virtualized guest agent
components" sound more like a different domain than a typical
in-HVM-guest application.


Thanks,
Razvan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH V2] common/mem_access: merged mem_access setting interfaces
  - From: Razvan Cojocaru
- Re: [Xen-devel] [PATCH V2] common/mem_access: merged mem_access setting interfaces
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v4 04/14] golang/xenlight: Implement libxl_domain_info and libxl_domain_unpause
Next by Date: Re: [Xen-devel] [PATCH V2] common/mem_access: merged mem_access setting interfaces
Previous by thread: Re: [Xen-devel] [PATCH V2] common/mem_access: merged mem_access setting interfaces
Next by thread: Re: [Xen-devel] [PATCH V2] common/mem_access: merged mem_access setting interfaces
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.