[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation



>>> On 01.12.14 at 10:24, <tiejun.chen@xxxxxxxxx> wrote:
> We always reserve these ranges since we never allow any stuff to
> poke them.
> 
> But in theory some untrusted VM can maliciously access them. So we
> need to intercept this approach. But we just don't want to leak
> anything or introduce any side affect since other OSs may touch them
> by careless behavior, so its enough to have a lightweight way, and
> it shouldn't be same as those broken pages which cause domain crush.

This needs a better explanation: If the devices associated with the
reserved region being touched are assigned to the guest, it is
permitted to touch them. If it touches regions of devices not yet or
not anymore assigned to it, the behavior should match real
hardware: Writes ignored and reads return all ones. I.e. such
accesses should get handed to the DM in that latter case.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.