From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefano Stabellini <sstabellini@kernel.org>
Subject: Re: [ARM] Native application design and discussion (I
 hope)
Date: Tue, 9 May 2017 11:29:08 -0700 (PDT)
Message-ID: <alpine.DEB.2.10.1705091127390.24729@sstabellini-ThinkPad-X260>
References: <CAOcqxo0vMTAiTVY63__aBFwot6BzNcFzfSPdSD-5ABamUAmqXQ@mail.gmail.com>
 <alpine.DEB.2.10.1704061349310.2759@sstabellini-ThinkPad-X260>
 <CAOcqxo2n9gtwUz0xv0t22aA=mO8UZboT3ciuoN_e5q6isAWaNw@mail.gmail.com>
 <alpine.DEB.2.10.1704071622390.2759@sstabellini-ThinkPad-X260>
 <alpine.DEB.2.10.1704111330140.2759@sstabellini-ThinkPad-X260>
 <1492020822.3287.33.camel@citrix.com>
 <alpine.DEB.2.10.1704121207270.2759@sstabellini-ThinkPad-X260>
 <CAOcqxo0mZDZE7Jh6MCRJHCnq1q5CC4PNhA0rJz4BoyGENpK_tQ@mail.gmail.com>
 <d79290b9-4621-4da2-139d-50a4362736ea@epam.com>
 <alpine.DEB.2.10.1704211352310.19860@sstabellini-ThinkPad-X260>
 <ad282972-8dd1-7303-5fae-c80bc494cb66@epam.com>
 <alpine.DEB.2.10.1704241007490.16723@sstabellini-ThinkPad-X260>
 <29f244da-2346-70a7-13f0-e5c0cbf490d7@epam.com>
 <alpine.DEB.2.10.1705051211550.2892@sstabellini-ThinkPad-X260>
 <1494324789.9501.7.camel@citrix.com>
 <a63bd7ba-957c-e6d3-34bb-339a0c2b224d@arm.com>
 <1494328112.9501.9.camel@citrix.com>
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="8323329-844562672-1494354549=:24729"
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1494328112.9501.9.camel@citrix.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>, Andrii Anisov <andrii_anisov@epam.com>, Volodymyr Babchuk <vlad.babchuk@gmail.com>, george.dunlap@citrix.com, Xen Devel <xen-devel@lists.xen.org>, Julien Grall <julien.grall@arm.com>, Artem Mygaiev <joculator@gmail.com>
List-Id: xen-devel@lists.xenproject.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--8323329-844562672-1494354549=:24729
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: 8BIT

On Tue, 9 May 2017, Dario Faggioli wrote:
> > > And it should not be hard to give such code access to the context
> > > of
> > > the vCPU that was previously running (in x86, given we implement
> > > what
> > > we call lazy context switch, it's most likely still loaded in the
> > > pCPU!).
> > 
> > I agree with Stefano, switching to the idle vCPU is a pretty bad
> > idea.
> > 
> > the idle vCPU is a fake vCPU on ARM to stick with the common code
> > (we 
> > never leave the hypervisor). In the case of the EL0 app, we want to 
> > change exception level to run the code with lower privilege.
> > 
> > Also IHMO, it should only be used when there are nothing to run and
> > not 
> > re-purposed for running EL0 app.
> > 
> It's already purposed for running when there is nothing to do _or_ when
> there are tasklets.
> 
> I do see your point about privilege level, though. And I agree with
> George that it looks very similar to when, in the x86 world, we tried
> to put the infra together for switching to Ring3 to run some pieces of
> Xen code.

Right, and just to add to it, context switching to the idle vcpu has a
cost, but it doesn't give us any security benefits whatsever. If Xen is
going to spend time on context switching, it is better to do it in a
way that introduces a security boundary.
--8323329-844562672-1494354549=:24729
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs
IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v
cmcveGVuLWRldmVsCg==

--8323329-844562672-1494354549=:24729--