From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim Deegan <tim@xen.org>
Subject: Re: [RFC 3/4] HVM x86 deprivileged mode: Code for
 switching into/out of deprivileged mode
Date: Wed, 12 Aug 2015 14:26:13 +0100
Message-ID: <20150812132613.GA26376@deinos.phlegethon.org>
References: <1438879519-564-1-git-send-email-Ben.Catterall@citrix.com>
	<1438879519-564-4-git-send-email-Ben.Catterall@citrix.com>
	<20150810094928.GC3094@deinos.phlegethon.org>
	<55C87989.6050700@citrix.com>
	<20150811095535.GA884@deinos.phlegethon.org>
	<55CA2824.4020405@citrix.com>
	<20150811170522.GD884@deinos.phlegethon.org>
	<55CB487D.8020701@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <55CB487D.8020701@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ben Catterall <Ben.Catterall@citrix.com>
Cc: xen-devel@lists.xensource.com, keir@xen.org, ian.campbell@citrix.com, george.dunlap@eu.citrix.com, Andrew Cooper <andrew.cooper3@citrix.com>, jbeulich@suse.com
List-Id: xen-devel@lists.xenproject.org

At 14:22 +0100 on 12 Aug (1439389325), Ben Catterall wrote:
> On 11/08/15 18:05, Tim Deegan wrote:
> > BTW, I think there need to be three stacks anyway, since the depriv
> > code shouldn't be allowed to write to the priv code's stack frames.
> > Or maybe I've misunderstood how much access the depriv code will have.
> So, just to clarify:
> 
> We have a separate deprivileged stack allocated which the deprivileged 
> code uses. This is mapped in user mode.
> 
> We have the privileged stack which Xen runs on. To prevent this being 
> clobbered when we are in our mode and take an interrupt, we copy this 
> out to a buffer. This buffer is the saved privileged stack state.
> 
> So, we sort of have three stacks already, just the privileged stack is 
> copied out to a buffer, rather than switching pointers to another 
> interrupt stack.
> 
> Hopefully that clarifies?

Yes, thanks -- the buffer is what I was thinking of as a third stack.

Cheers,

Tim.