This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-ia64-devel] RE: PATCH: merge iva

To: "Magenheimer, Dan (HP Labs Fort Collins)" <dan.magenheimer@xxxxxx>, <xen-ia64-devel@xxxxxxxxxxxxxxxxxxx>, "Williamson, Alex (Linux Kernel Dev)" <alex.williamson@xxxxxx>
Subject: Re: [Xen-ia64-devel] RE: PATCH: merge iva
From: Tristan Gingold <Tristan.Gingold@xxxxxxxx>
Date: Wed, 14 Jun 2006 10:08:03 +0200
Delivery-date: Wed, 14 Jun 2006 01:15:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <516F50407E01324991DD6D07B0531AD5BC589A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References: <516F50407E01324991DD6D07B0531AD5BC589A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.5
Le Mardi 13 Juin 2006 21:49, Magenheimer, Dan (HP Labs Fort Collins) a écrit :
> The reason that there are two groups of privileged registers,
> one in privregs (directly accessible by the guest) and one
> in arch_vcpu (not directly accesible) is that arch_vcpu is
> for registers that are not performance-sensitive AND might
> otherwise need to be validated before every use. 
I fully agree.

> For
> example, iva is used every time an interruption is reflected
> to a guest, which happens many thousands of times/second.
(Note: I think it is not correct, because callback mechanism is now used).

> If the guest could randomly (maliciously or accidentally)
> change iva, Xen should re-validate it before using it (e.g.
> to ensure that it is not in Xen address space, to ensure
> it is not an I/O address etc.)
As you noticed, these checks are not performed.
Xen address space is protected with PL.  So even if guest sets iva to Xen 
address space, Xen won't crash.
IA64 doesn't do any checks on IVA.  Why Xen/ia64 should do checks ?

>  By allowing it to be changed
> only via the privileged instruction (trapped/emulated), it
> need only be validated when set (once at boot time for Linux).

> I realize validation may not be fully implemented (and there may
> be some registers in the wrong place), but that's the intent.
I fully agree, but I don't understand what checks you'd like to see 

I won't fight for this patch.  I just think it cleans Xen/ia64 a little bit 
(avoid useless VMX_DOMAIN tests), and simplify a little bit save&restore
(iva don't have to be in the vcpu_context).


Xen-ia64-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>