[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC v2 1/3] xen/pvh: enable mmu_update hypercall

El 02/04/15 a les 12.42, Ian Campbell ha escrit:
> On Thu, 2015-04-02 at 12:26 +0200, Roger Pau Monne wrote:
>> This is needed for performing save/restore of PV guests.
> 
> It's quite a big interface though, isn't it?

AFAICT it contains MMU_NORMAL_PT_UPDATE, MMU_PT_UPDATE_PRESERVE_AD and
MMU_MACHPHYS_UPDATE.

> Could we restrict it to a subset of the operations perhaps? Or at least
> justify here how it has been audited and found to be safe to allow an
> HVM guest this access.

XSA-109 should have fixed all issues with this operations. IIRC only
MMU_MACHPHYS_UPDATE is needed for save/restore of PV guests, but I will
have to check. If that's the case, I could restrict PVH domains to only
have access to that operation.

Roger.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.