[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility
On Wed, Feb 19, 2020 at 2:19 AM Alexandru Stefan ISAILA <aisaila@xxxxxxxxxxxxxxx> wrote: > > At this moment a guest can call vmfunc to change the altp2m view. This > should be limited in order to avoid any unwanted view switch. > > The new xc_altp2m_set_visibility() solves this by making views invisible > to vmfunc. > This is done by having a separate arch.altp2m_working_eptp that is > populated and made invalid in the same places as altp2m_eptp. This is > written to EPTP_LIST_ADDR. > The views are made in/visible by marking them with INVALID_MFN or > copying them back from altp2m_eptp. > To have consistency the visibility also applies to > p2m_switch_domain_altp2m_by_id(). I'm just wondering, what prevents the guest from calling this HVM op before doing vmfunc? This seems to only make a difference in case the altp2m mode is either set as external or limited (or have a more fine-grained XSM policy loaded). Is that correct? If so, perhaps mention that in the commit message and as a comment on the libxc function so that people don't get a false sense of security when using the mixed mode. Thanks, Tamas _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |