[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case
>>> On 21.03.17 at 17:43, <tamas.lengyel@xxxxxxxxxxxx> wrote: > On Tue, Mar 21, 2017 at 10:38 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote: >>>>> On 21.03.17 at 17:30, <tamas.lengyel@xxxxxxxxxxxx> wrote: >>> On Tue, Mar 21, 2017 at 3:54 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote: >>>> Furthermore, wasn't HVMOP_altp2m_vcpu_enable_notify >>>> supposed to always be available to the guest (as long as altp2m >>>> is enabled)? You don't allow this here anymore. >>> >>> Absolutely not, that's one of the main reasons why I want the >>> external_only option to be available in the first place. For malware >>> analysis it is a huge hole if the guest can decide that it wants >>> certain EPT violations to be handled by the guest without first going >>> to the hypervisor or if it can start switching its EPT tables around. >> >> In which case I guess we need three modes (besides disabled): >> - guest can alter permissions >> - guest can pick tables >> - guest can do nothing > > Why do you think those other two modes would be needed? I have no > use-case for any of these other then where the guest can do nothing. I > also don't see what would be the usecase for the other two that would > warrant their addition over the mixed use that exists already. Well, "mixed" I understand is what I've listed first. And the 2nd option clearly is more secure than the first _without_ taking away all control from the guest. The set above is basically my summary of things wanted by the different parties, as I've understood the discussion so far. I quite possibly may be wrong with that ... Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |