|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v1 2/8]: PVH mmu changes
On Wed, Sep 26, 2012 at 1:27 AM, Mukesh Rathor <mukesh.rathor@xxxxxxxxxx> wrote: >> > I'm not convinced that a guest level TLB flush is either necessary >> > or sufficient here. What we are doing is removing entries from the >> > P2M which means that we need to do the appropriate HAP flush in the >> > hypervisor, which must necessarily invalidate any stage 1 mappings >> > which this flush might also touch (i.e. the HAP flush must be a >> > super set of this flush). >> > >> > Without the HAP flush in the hypervisor you risk guests being able >> > to see old p2m mappings via the TLB entries which is a security >> > issue AFAICT. >> >> Yes, you are right, we need a flush in the hypervisor to flush the >> EPT. It could probably live in the implementation of >> XENMEM_add_to_physmap. >> >> This one should be just for the vma mappings, so in the case of >> xen_unmap_domain_mfn_range is unnecessary (given that it is >> not removing the vma mappings). > > > My head spins looking at INVEPT and INVVPID docs, but doesn't it already > happen in ept_set_entry(): > > if ( needs_sync ) > ept_sync_domain(p2m->domain); Yes, the point of having a clean p2m interface is that you shouldn't need to figure out when to do hap flushes. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |