From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [PATCH for-4.5 v10 15/19] xen/arm: Temporarily
 disable mem_access for hypervisor access
Date: Fri, 26 Sep 2014 14:43:41 +0200
Message-ID: <54255F7D.8070107@linaro.org>
References: <1411646212-17041-1-git-send-email-tklengyel@sec.in.tum.de>	<1411646212-17041-16-git-send-email-tklengyel@sec.in.tum.de>	<5424407D.70904@linaro.org>
	<CAErYnsjZoBZsqrnH3cpzJBJantt+9_-YAOQG6412_LHxddVCAQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CAErYnsjZoBZsqrnH3cpzJBJantt+9_-YAOQG6412_LHxddVCAQ@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Tamas K Lengyel <tamas.lengyel@zentific.com>
Cc: Ian Campbell <ian.campbell@citrix.com>, Tim Deegan <tim@xen.org>, Ian Jackson <ian.jackson@eu.citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Stefano Stabellini <stefano.stabellini@citrix.com>, Andres Lagar-Cavilla <andres@lagarcavilla.org>, Jan Beulich <jbeulich@suse.com>, Daniel De Graaf <dgdegra@tycho.nsa.gov>, Tamas K Lengyel <tklengyel@sec.in.tum.de>
List-Id: xen-devel@lists.xenproject.org

Hello Tamas,

On 26/09/2014 10:39, Tamas K Lengyel wrote:
> On Thu, Sep 25, 2014 at 6:19 PM, Julien Grall <julien.grall@linaro.org
> <mailto:julien.grall@linaro.org>> wrote:
>     I don't think that modifying temporary the permission is the right
>     thing to do because:
>              - p2m_set_mem_access is called 2 times which means 2 TLB
>     flush (and I'm not counting the table mapping), ie it's very slow
>              - The other VCPU of the guest are still running. So you may
>     not catch unwanted access.
>
>
> That is a problem. The only way around that I see is to pause the domain
> for the duration of this copy in case the mem_access permissions need to
> be disabled.

[..]

> So you mean only check the mem_access permissions when we failed to get
> the page. I'm not sure what you propose afterwards. If there is a
> mem_access restriction, just return an -errno? It would mean if a
> mem_access listener is trapped that page than the guest can't execute
> the hypercall. Since we would also want this system to be invisible to
> the guest, that I'm affraid is not a good approach.

The P2M is storing the type of the mapping. With this type you can 
easily know if the previous mapping was read/write and therefore know if 
the guest can effectively copy data to the page or not.

I don't see why we would need something more complicate as we want 
ignore mem_access for now.

Regards,

-- 
Julien Grall