[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4] altp2m: Allow specifying external-only use-case



>>> On 21.03.17 at 17:43, <tamas.lengyel@xxxxxxxxxxxx> wrote:
> On Tue, Mar 21, 2017 at 10:38 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>>> On 21.03.17 at 17:30, <tamas.lengyel@xxxxxxxxxxxx> wrote:
>>> On Tue, Mar 21, 2017 at 3:54 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>> Furthermore, wasn't HVMOP_altp2m_vcpu_enable_notify
>>>> supposed to always be available to the guest (as long as altp2m
>>>> is enabled)? You don't allow this here anymore.
>>>
>>> Absolutely not, that's one of the main reasons why I want the
>>> external_only option to be available in the first place. For malware
>>> analysis it is a huge hole if the guest can decide that it wants
>>> certain EPT violations to be handled by the guest without first going
>>> to the hypervisor or if it can start switching its EPT tables around.
>>
>> In which case I guess we need three modes (besides disabled):
>> - guest can alter permissions
>> - guest can pick tables
>> - guest can do nothing
> 
> Why do you think those other two modes would be needed? I have no
> use-case for any of these other then where the guest can do nothing. I
> also don't see what would be the usecase for the other two that would
> warrant their addition over the mixed use that exists already.

Well, "mixed" I understand is what I've listed first. And the 2nd
option clearly is more secure than the first _without_ taking
away all control from the guest. The set above is basically my
summary of things wanted by the different parties, as I've
understood the discussion so far. I quite possibly may be wrong
with that ...

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.