From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?windows-1252?Q?J=FCrgen_Gro=DF?= <jgross@suse.com>
Subject: Re: [PATCH RFC v2 1/3] xen/pvh: enable mmu_update
	hypercall
Date: Thu, 02 Apr 2015 14:43:27 +0200
Message-ID: <551D396F.6090401@suse.com>
References: <1427970395-16203-1-git-send-email-roger.pau@citrix.com>	<1427970395-16203-2-git-send-email-roger.pau@citrix.com>	<1427971327.4037.40.camel@citrix.com>
	<551D2CFD.6050900@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <jgross@suse.com>) id 1YdeT6-0007kt-I7
	for xen-devel@lists.xenproject.org; Thu, 02 Apr 2015 12:43:32 +0000
In-Reply-To: <551D2CFD.6050900@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>, Ian Campbell <ian.campbell@citrix.com>, Roger Pau Monne <roger.pau@citrix.com>
Cc: xen-devel@lists.xenproject.org, Tim Deegan <tim@xen.org>, Jan Beulich <jbeulich@suse.com>
List-Id: xen-devel@lists.xenproject.org

On 04/02/2015 01:50 PM, Andrew Cooper wrote:
> On 02/04/15 11:42, Ian Campbell wrote:
>> On Thu, 2015-04-02 at 12:26 +0200, Roger Pau Monne wrote:
>>> This is needed for performing save/restore of PV guests.
>> It's quite a big interface though, isn't it?
>>
>> Could we restrict it to a subset of the operations perhaps? Or at least
>> justify here how it has been audited and found to be safe to allow an
>> HVM guest this access.
>
> It isn't actually very big, but does have quite a lot of PV knowledge
> built in.
>
> I would be happer with the safety of this patch if
> v->arch.old_guest_table got moved into the pv union, to make the code
> much clearer that it is specifically for PV guests.
>
> If I recall, this change only needed for MMU_MACHPHYS_UPDATE against a
> foreign domain.  Each of the 3 subops does check for
> paging_mode_translate/refcounts() of the target, which does prevent the
> hypercall being made against a non-PV domains.  From that point of view,
> it should be safe for HVM guests to use, as it is the target domain,
> rather than the source domain, which is important.
>
>
> However, with migration v2 dropping support for 2-level PV guests (which
> died with the 32bit hypervisor build), I believe I have removed all need
> for MMU_MACHPHYS_UPDATE hypercalls entirely (unless there are some done
> behind the scenes from the kernel).

There is one usage in the kernel in file arch/x86/xen/setup.c targeting
DOMID_SELF.


Juergen