[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-ia64-devel] RE: PATCH: merge iva
Le Mardi 13 Juin 2006 21:49, Magenheimer, Dan (HP Labs Fort Collins) a écrit :
> The reason that there are two groups of privileged registers,
> one in privregs (directly accessible by the guest) and one
> in arch_vcpu (not directly accesible) is that arch_vcpu is
> for registers that are not performance-sensitive AND might
> otherwise need to be validated before every use.
I fully agree.
> example, iva is used every time an interruption is reflected
> to a guest, which happens many thousands of times/second.
(Note: I think it is not correct, because callback mechanism is now used).
> If the guest could randomly (maliciously or accidentally)
> change iva, Xen should re-validate it before using it (e.g.
> to ensure that it is not in Xen address space, to ensure
> it is not an I/O address etc.)
As you noticed, these checks are not performed.
Xen address space is protected with PL. So even if guest sets iva to Xen
address space, Xen won't crash.
IA64 doesn't do any checks on IVA. Why Xen/ia64 should do checks ?
> By allowing it to be changed
> only via the privileged instruction (trapped/emulated), it
> need only be validated when set (once at boot time for Linux).
> I realize validation may not be fully implemented (and there may
> be some registers in the wrong place), but that's the intent.
I fully agree, but I don't understand what checks you'd like to see
I won't fight for this patch. I just think it cleans Xen/ia64 a little bit
(avoid useless VMX_DOMAIN tests), and simplify a little bit save&restore
(iva don't have to be in the vcpu_context).
Xen-ia64-devel mailing list