On Thu, Jul 20, 2017 at 8:38 AM, George Dunlap <george.dun...@eu.citrix.com> wrote: > On Thu, Jun 15, 2017 at 7:49 PM, Tamas K Lengyel <ta...@tklengyel.com> wrote: >> On Fri, Jun 9, 2017 at 10:51 AM, Adrian Pop <a...@bitdefender.com> wrote: >>> From: Vlad Ioan Topan <ito...@bitdefender.com> >>> >>> The default value for the "suppress #VE" bit set by set_mem_access() >>> currently depends on whether the call is made from the same domain (the >>> bit is set when called from another domain and cleared if called from >>> the same domain). This patch changes that behavior to inherit the old >>> suppress #VE bit value if it is already set and to set it to 1 >>> otherwise, which is safer and more reliable. >> >> Could you elaborate on why do you think it is safer and more reliable >> to switch the behavior? I believe the original idea was that the >> domain should only be allowed to clear an SVE bit set by an external >> tool. With this change it will allow the guest to request VE for any >> page the external tool hasn't itself reserved specifically. > > Hmm? This patch by itself simply prevents the guest from changing the > VE bit at all (either setting or clearing it). > > Or did you mean, "This patch series"?
No, technically the other patch is fine by itself. It can only be used to set the SVE bit from a privileged domain, but by itself that is fine. Only this patch is problematic if we want to allow a setup where there is only an in-guest tool without a corresponding vm_event mem_access listener. Tamas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
