|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush
>From: Isaku Yamahata [mailto:yamahata@xxxxxxxxxxxxx] >Sent: 2006年5月11日 10:32 >> Yes, same page now. On this point, we have to trust. Hey, para-domain >> is para-virtualized so it should be cooperative. Cooperative here >means >> para-domain needs to conform with para-interfaces defined by Xen. >One >> of Xen's responsibility is to service domain's request (good or bad) and >> ensure bad request from one crazy domain not interfering with others. >> You know there're infinite approaches to destroy domain itself easier >than >> passing a bogus va at grant unmap. :-) > >If domain's bad behaviour is contained within a domain, it's okay. Yes, that's my point. >It will get an undesirable result or xen destroys it as a result. >The issue here is that trusting dom0 when unmapping granted pages >may affect a whole system or xen itself potentially. Xen itself will not be affected. The granted frame or mapping virtual address always belong to domain, instead of xen itself. >The effect isn't contained within the domain itself. >Dom0 may destroy data of xen or another domain. > Dom0 can't destroy data of xen. If yes, that's a bug. Dom0 can destroy data of any other domain. No way to prevent that by Xen. So dom0 needs to be well cooperative with Xen to ensure a safe environment. Thanks, Kevin _______________________________________________ Xen-ia64-devel mailing list Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-ia64-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |