Re: [PATCH 7/9] Add VMRUN handler v3

["joro@8bytes.org" <joro@8bytes.org>]

On Thu, Sep 25, 2008 at 10:00:17PM +0200, Alexander Graf wrote:
> 
> On 25.09.2008, at 19:37, Joerg Roedel wrote:
> 
> >On Thu, Sep 25, 2008 at 07:32:55PM +0200, Alexander Graf wrote:
> >>>This is a big security hole. With this we give the guest access to  
> >>>its
> >>>own VMCB. The guest can take over or crash the whole host machine by
> >>>rewriting its VMCB. We should be more selective what we save in the
> >>>hsave area.
> >>
> >>Oh, right. I didn't even think of a case where the nested guest would
> >>have acvess to the hsave of itself. Since the hsave can never be used
> >>twice on one vcpu, we could just allocate our own memory for the  
> >>hsave
> >>in the vcpu context and leave the nested hsave empty.
> >
> >I think we could also gain performance by only saving the important
> >parts of the VMCB and not the whole page.
> 
> Is copying one page really that expensive? Is there any accelerated  
> function available for that that copies it with SSE or so? :-)

Copying data in memory is always expensive because the accesses may miss
in the caches and data must be fetched from memory. As far as I know
this can be around 150 cycles per cache line.

Joerg

> >-- 
> >          |           AMD Saxony Limited Liability Company & Co. KG
> >Operating |         Wilschdorfer Landstr. 101, 01109 Dresden, Germany
> >System    |                  Register Court Dresden: HRA 4896
> >Research  |              General Partner authorized to represent:
> >Center    |             AMD Saxony LLC (Wilmington, Delaware, US)
> >          | General Manager of AMD Saxony LLC: Dr. Hans-R. Deppe,  
> >Thomas McCoy
> >