From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?windows-1252?Q?Roger_Pau_Monn=E9?= <roger.pau@citrix.com>
Subject: Re: [PATCH RFC 2/2] xen/pvh: enable mmu_update hypercall
Date: Thu, 16 Oct 2014 13:30:28 +0200
Message-ID: <543FAC54.1090903@citrix.com>
References: <1413370425-15015-1-git-send-email-roger.pau@citrix.com>
	<1413370425-15015-3-git-send-email-roger.pau@citrix.com>
	<20141016075304.GA71219@deinos.phlegethon.org>
	<543FA1D9020000780003F13D@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta4.messagelabs.com ([85.158.143.247])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <roger.pau@citrix.com>) id 1XejGL-00020R-7t
	for xen-devel@lists.xenproject.org; Thu, 16 Oct 2014 11:30:33 +0000
In-Reply-To: <543FA1D9020000780003F13D@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>, Tim Deegan <tim@xen.org>
Cc: xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org

El 16/10/14 a les 10.45, Jan Beulich ha escrit:
>>>> On 16.10.14 at 09:53, <tim@xen.org> wrote:
>> At 12:53 +0200 on 15 Oct (1413374025), Roger Pau Monne wrote:
>>> This is needed for performing save/restore of PV guests.
>>
>> On IRC I suggested that this would be OK as long as there were other
>> checks to make sure that the target of all these ops is PV (in
>> particular that a PVH/HVM guest can't end up calling PV MM operations
>> on itself).

Silly question, but shouldn't all this checks already be in place in
case a PV Dom0 tries to execute mmu_update hypercalls against an HVM guest?

> And not just that - I can't even see how this would work at present:
> paging_write_guest_entry() uses
> v->arch.paging.mode->write_guest_entry, yet that actor gets filled
> by shadow code only. I don't currently see how for PVH, requiring
> HAP, this wouldn't end up in NULL dereferences. Am I overlooking
> some (non-grep-able) initialization of this and .cmpxchg_guest_entry?

It "works" because this is only used by the migration code, and the page
that's modified is never of the type PGT_writable_page. Should I look
into implementing this operations for HAP, or should I just prevent it's
usage from do_mmu_update if the caller turns out to be a HAP guest?

Roger.