[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] One question about the hypercall to translate gfn to mfn.

> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: Wednesday, December 10, 2014 6:36 PM
> >>> On 10.12.14 at 02:14, <kevin.tian@xxxxxxxxx> wrote:
> >>  From: Tim Deegan [mailto:tim@xxxxxxx]
> >> It's been suggested before that we should revive this hypercall, and I
> >> don't think it's a good idea.  Whenever a domain needs to know the
> >> actual MFN of another domain's memory it's usually because the
> >> security model is problematic.  In particular, finding the MFN is
> >> usually followed by a brute-force mapping from a dom0 process, or by
> >> passing the MFN to a device for unprotected DMA.
> >
> > In our case it's not because the security model is problematic. It's
> > because GPU virtualization is done in Dom0 while the memory virtualization
> > is done in hypervisor.
> Which by itself is a questionable design decision.

I don't think we want to put a ~20K LOC device model in hypervisor.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.