[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH V2] common/mem_access: merged mem_access setting interfaces
On 03/20/2017 04:20 PM, Andrew Cooper wrote: > On 20/03/17 09:50, Razvan Cojocaru wrote: >> xc_altp2m_set_mem_access() and xc_set_mem_access() end up doing the same >> thing >> in the hypervisor, but the former is a HVMOP and the latter a DOMCTL. Since >> nobody is currently using, or has stated intent to use, this functionality >> specifically as an HVMOP, this patch removes the HVMOP while adding an extra >> parameter to the more flexible DOMCTL variant, in which the altp2m view can >> be >> transmitted (0 for the default view, or when altp2m is disabled). >> The xen-access test has been updated in the process. >> >> Signed-off-by: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx> > > I am sorry to be awkward here, but as this patch stands, it definitely > breaks the original usecase altp2m was introduced for. Therefore, I > don't it is appropriate to take in this form. > > The problem is that the current permissions are too coarse-grained. > > Intel's use case needs all hypercalls usable by the guest, as the agent > is entirely in-guest. (It also occurs to me that scenario might be > useful to develop within.) Actually upon reading this again: https://lists.xenproject.org/archives/html/xen-devel/2015-06/msg01319.html it doesn't look like Intel's use case is for entirely in-guest agents (although granted that's a possiblity): "The altp2m capability allows for para-virtualized guest software agent within or across domains to be able to enforce memory introspection policies in an efficient manner. Altp2m also allows para-virtualized guest agent components to be isolated within an HVM (in terms of guest physical memory) for secure VM introspection as well as various other security and privacy usages that require efficient memory isolation." I could be misreading this, but "para-virtualized guest agent components" sound more like a different domain than a typical in-HVM-guest application. Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |