[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] x86/altp2m: Allow setting the #VE info page for an arbitrary VCPU

To: George Dunlap <dunlapg@xxxxxxxxx>, Adrian Pop <apop@xxxxxxxxxxxxxxx>
From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
Date: Thu, 20 Sep 2018 17:55:32 +0300
Cc: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Sergej Proskurin <proskurin@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 20 Sep 2018 14:55:55 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 9/20/18 5:42 PM, George Dunlap wrote:
> I do have a question about your proposed use case.  You're running
> this in 'mixed' mode, right, and using the altp2m to hide a secure bit
> of code from the operating system?  What's to stop a rogue operating
> system that doesn't want to be introspected from calling
> HVMOP_altp2m_vcpu_enable_notify with INVALID_GFN to disable this?

Nothing, but we're not running this in mixed mode. :)
We're after 'external', for the very same reasons you've mentioned.

Everything important is done in dom0-only. If there's something to be
done that the in-guest agent would like, it has to ask the introspection
agent in dom0 via VMCALL events.

Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2] x86/altp2m: Allow setting the #VE info page for an arbitrary VCPU
  - From: George Dunlap

References:
- [Xen-devel] [PATCH v2] x86/altp2m: Allow setting the #VE info page for an arbitrary VCPU
  - From: Adrian Pop
- Re: [Xen-devel] [PATCH v2] x86/altp2m: Allow setting the #VE info page for an arbitrary VCPU
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH] xen: Make XEN_BACKEND selectable by DomU
Next by Date: Re: [Xen-devel] [PATCH 7/7] amd-iommu: add lookup_page method to iommu_ops
Previous by thread: Re: [Xen-devel] [PATCH v2] x86/altp2m: Allow setting the #VE info page for an arbitrary VCPU
Next by thread: Re: [Xen-devel] [PATCH v2] x86/altp2m: Allow setting the #VE info page for an arbitrary VCPU
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.