[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.5 v10 15/19] xen/arm: Temporarily disable mem_access for hypervisor access



Hello Tamas,

On 26/09/2014 10:39, Tamas K Lengyel wrote:
On Thu, Sep 25, 2014 at 6:19 PM, Julien Grall <julien.grall@xxxxxxxxxx
<mailto:julien.grall@xxxxxxxxxx>> wrote:
    I don't think that modifying temporary the permission is the right
    thing to do because:
             - p2m_set_mem_access is called 2 times which means 2 TLB
    flush (and I'm not counting the table mapping), ie it's very slow
             - The other VCPU of the guest are still running. So you may
    not catch unwanted access.


That is a problem. The only way around that I see is to pause the domain
for the duration of this copy in case the mem_access permissions need to
be disabled.

[..]

So you mean only check the mem_access permissions when we failed to get
the page. I'm not sure what you propose afterwards. If there is a
mem_access restriction, just return an -errno? It would mean if a
mem_access listener is trapped that page than the guest can't execute
the hypercall. Since we would also want this system to be invisible to
the guest, that I'm affraid is not a good approach.

The P2M is storing the type of the mapping. With this type you can easily know if the previous mapping was read/write and therefore know if the guest can effectively copy data to the page or not.

I don't see why we would need something more complicate as we want ignore mem_access for now.

Regards,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.