From: Tamas K Lengyel <tamas@tklengyel.com>
To: George Dunlap <George.Dunlap@eu.citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Vlad Ioan Topan <itopan@bitdefender.com>,
Razvan Cojocaru <rcojocaru@bitdefender.com>,
Adrian Pop <apop@bitdefender.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Jan Beulich <jbeulich@suse.com>,
Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH 1/2] x86/mm: Change default value for suppress #VE in set_mem_access()
Date: Thu, 20 Jul 2017 10:14:35 -0600 [thread overview]
Message-ID: <CABfawh=oi0++4D-38tHJzS4w85AMiuagdA9o3y9eDO1abcuHdg@mail.gmail.com> (raw)
In-Reply-To: <CAFLBxZaqUFv1givvNTZ808y8rFPpM+Nk_cJdp8uYjSCaPD4a6g@mail.gmail.com>
On Thu, Jul 20, 2017 at 8:38 AM, George Dunlap
<George.Dunlap@eu.citrix.com> wrote:
> On Thu, Jun 15, 2017 at 7:49 PM, Tamas K Lengyel <tamas@tklengyel.com> wrote:
>> On Fri, Jun 9, 2017 at 10:51 AM, Adrian Pop <apop@bitdefender.com> wrote:
>>> From: Vlad Ioan Topan <itopan@bitdefender.com>
>>>
>>> The default value for the "suppress #VE" bit set by set_mem_access()
>>> currently depends on whether the call is made from the same domain (the
>>> bit is set when called from another domain and cleared if called from
>>> the same domain). This patch changes that behavior to inherit the old
>>> suppress #VE bit value if it is already set and to set it to 1
>>> otherwise, which is safer and more reliable.
>>
>> Could you elaborate on why do you think it is safer and more reliable
>> to switch the behavior? I believe the original idea was that the
>> domain should only be allowed to clear an SVE bit set by an external
>> tool. With this change it will allow the guest to request VE for any
>> page the external tool hasn't itself reserved specifically.
>
> Hmm? This patch by itself simply prevents the guest from changing the
> VE bit at all (either setting or clearing it).
>
> Or did you mean, "This patch series"?
No, technically the other patch is fine by itself. It can only be used
to set the SVE bit from a privileged domain, but by itself that is
fine. Only this patch is problematic if we want to allow a setup where
there is only an in-guest tool without a corresponding vm_event
mem_access listener.
Tamas
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-07-20 16:15 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-09 16:51 [PATCH 0/2] x86: Add a hvmop for setting the #VE suppress bit Adrian Pop
2017-06-09 16:51 ` [PATCH 1/2] x86/mm: Change default value for suppress #VE in set_mem_access() Adrian Pop
2017-06-15 18:49 ` Tamas K Lengyel
2017-07-20 14:38 ` George Dunlap
2017-07-20 16:14 ` Tamas K Lengyel [this message]
2017-06-09 16:51 ` [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit Adrian Pop
2017-06-12 15:51 ` Wei Liu
2017-06-12 17:30 ` Adrian Pop
2017-06-20 10:29 ` Adrian Pop
2017-06-15 19:01 ` Tamas K Lengyel
2017-06-16 8:39 ` Jan Beulich
2017-06-22 12:04 ` Adrian Pop
2017-06-22 12:13 ` Jan Beulich
2017-06-22 13:16 ` Adrian Pop
2017-06-22 15:53 ` Adrian Pop
2017-06-22 13:17 ` Adrian Pop
2017-07-20 15:11 ` George Dunlap
2017-07-20 16:26 ` Tamas K Lengyel
2017-06-16 15:29 ` Jan Beulich
2017-06-20 10:28 ` Adrian Pop
2017-06-12 15:46 ` [PATCH v2 0/2] x86: Add a hvmop for setting the #VE suppress bit Adrian Pop
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABfawh=oi0++4D-38tHJzS4w85AMiuagdA9o3y9eDO1abcuHdg@mail.gmail.com' \
--to=tamas@tklengyel.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=apop@bitdefender.com \
--cc=ian.jackson@eu.citrix.com \
--cc=itopan@bitdefender.com \
--cc=jbeulich@suse.com \
--cc=rcojocaru@bitdefender.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).