subject:"Re\: \[Xen\-devel\] Enabling #VE for a domain from dom0"

Re: [Xen-devel] Enabling #VE for a domain from dom0

2017-03-10 Thread Andrew Cooper

On 10/03/17 11:57, Vlad-Ioan TOPAN wrote: >>> Is there any reason for the other check I've mentioned, performed when >>> setting the "suppres #VE" bit in PTEs? Unsuppressing #VEs for a page >>> will only do anything if the guest has already enabled #VE, so the >>> previous issue doesn't apply in th

Re: [Xen-devel] Enabling #VE for a domain from dom0

2017-03-10 Thread Vlad-Ioan TOPAN

> > Is there any reason for the other check I've mentioned, performed when > > setting the "suppres #VE" bit in PTEs? Unsuppressing #VEs for a page > > will only do anything if the guest has already enabled #VE, so the > > previous issue doesn't apply in this case. > > suppress #VE has a negative

Re: [Xen-devel] Enabling #VE for a domain from dom0

2017-02-24 Thread Andrew Cooper

On 24/02/2017 23:02, Tamas K Lengyel wrote: > On Fri, Feb 24, 2017 at 8:10 AM, Andrew Cooper > wrote: >> On 24/02/17 14:42, Vlad-Ioan TOPAN wrote: #VE, by design, raises an exception in non-root context, without breaking out to the hypervisor. The vcpu in question needs to set

Re: [Xen-devel] Enabling #VE for a domain from dom0

2017-02-24 Thread Tamas K Lengyel

On Fri, Feb 24, 2017 at 8:10 AM, Andrew Cooper wrote: > On 24/02/17 14:42, Vlad-Ioan TOPAN wrote: >>> #VE, by design, raises an exception in non-root context, without >>> breaking out to the hypervisor. >>> >>> The vcpu in question needs to set up a suitable #VE handler, so it is >>> not safe for

Re: [Xen-devel] Enabling #VE for a domain from dom0

2017-02-24 Thread Andrew Cooper

On 24/02/17 14:42, Vlad-Ioan TOPAN wrote: >> #VE, by design, raises an exception in non-root context, without >> breaking out to the hypervisor. >> >> The vcpu in question needs to set up a suitable #VE handler, so it is >> not safe for an external entity to chose when a vcpu should start >> receiv

Re: [Xen-devel] Enabling #VE for a domain from dom0

2017-02-24 Thread Vlad-Ioan TOPAN

> #VE, by design, raises an exception in non-root context, without > breaking out to the hypervisor. > > The vcpu in question needs to set up a suitable #VE handler, so it is > not safe for an external entity to chose when a vcpu should start > receiving #VE's. The problem is that from a security

Re: [Xen-devel] Enabling #VE for a domain from dom0

2017-02-24 Thread Andrew Cooper

On 24/02/17 14:14, Vlad-Ioan TOPAN wrote: > Hello, > > We are trying to use the #VE support in Xen to monitor memory accesses > to certain pages from a kernel module in Windows. > > As it is written now, the #VE-enabling code appears to enforce being > called by a domain for itself (by each VCPU f

Re: [Xen-devel] Enabling #VE for a domain from dom0

Re: [Xen-devel] Enabling #VE for a domain from dom0

Re: [Xen-devel] Enabling #VE for a domain from dom0

Re: [Xen-devel] Enabling #VE for a domain from dom0

Re: [Xen-devel] Enabling #VE for a domain from dom0

Re: [Xen-devel] Enabling #VE for a domain from dom0

Re: [Xen-devel] Enabling #VE for a domain from dom0

7 matches

Site Navigation

Mail list logo

Footer information