Re: [PATCH v4 2/2] xen: move TLB-flush filtering out into populate_physmap during vm creation

[Wei Liu <wei.liu2@citrix.com>]

On Fri, Sep 16, 2016 at 03:47:23AM -0700, Dongli Zhang wrote:
> > > +    /*
> > > +     * MEMF_no_tlbflush can be set only during vm creation phase when
> > > +     * is_ever_unpaused is still false before this domain gets unpaused for
> > > +     * the first time.
> > > +     */
> > > +    if ( unlikely(!d->is_ever_unpaused) )
> > > +        a->memflags |= MEMF_no_tlbflush;
> > 
> > So you no longer mean to expose this to the caller?
> 
> hmmm.... I would prefer to expose this to the toolstack if it is OK for
> maintainers.
> 
> I copy and paste Wei's comments below:
> 
> ==============================================
> 
> > Rule 1. It is toolstack's responsibility to set the "MEMF_no_tlbflush" bit
> > in memflags. The toolstack developers should be careful that
> > "MEMF_no_tlbflush" should never be used after vm creation is finished.
> > 
> 
> Is it possible to have a safety catch for this in the hypervisor? In
> general IMHO we should avoid providing an interface that is possible to
> create a security problem.
> 
> ==============================================
> 
> Hi Wei, since it is possible to have a safety catch now in the hypervisor (the
> bit is allowed only before VM creation is finished), is it OK for you to expose
> MEMF_no_tlbflush bit to toolstack?
> 

What is the scenario that you would want toolstack to set such flag?

Shouldn't hypervisor always set the flag when the guest is never
unpaused and always clear / ignore that flag if the guest is ever
unpaused? If that's all is needed, why does toolstack need to get
involved?

Do I miss something here?

Wei.


> Thank you very much!
> 
> Dongli Zhang

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel