[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc
On 02/07/14 17:58, Mihai DonÈu wrote: > On Wed, 2 Jul 2014 17:00:08 +0100 Andrew Cooper wrote: >> On 02/07/14 16:51, Jan Beulich wrote: >>>>>> On 02.07.14 at 15:33, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >>>> Added new XEN_DOMCTL_set_pagefault_info hypercall, used by libxc's >>>> new xc_domain_set_pagefault_info() function to set per-domain page >>>> fault injection information. This information is then used to call >>>> hvm_inject_page_fault() at the first VMENTRY where the guest status >>>> matches and there are no other pending traps. >>> So the first question that strikes me here: What good can it do to >>> be able to inject arbitrary page faults, possibly at times where >>> the guest OS is absolutely not expecting them? > I have not yet had the chance to say: thank you all for your review! No worries - this certainly is an interesting series to consider. > > There were times when we wanted to get certain information from the > guest but couldn't because it was swapped out. We now handle that > situation by injecting a #PF and then let the OS respond as it would > under a normal circumstance. After the data is brought in, it traps > again into our application and we get what we need, but yes, it > requires deep knowledge about the guest OS in order to do it without > crashing it. It's doable only if you have the means necessary to > inspect its state fully, which is why some of the submitted patches > exist. What is the threat model here? It seems to me that the only safe place to organise this is from a device driver in the guest. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |