On Wed, Jul 19, 2017 at 7:24 PM, Tamas K Lengyel <ta...@tklengyel.com> wrote: >> I think the issue would be whether to allow a domain to set/clear the >> suppress #VE bit for its pages by calling the new HVMOP on itself. > > This problem is not limited to setting the SVE bit. It also applies to > swapping altp2m views. Pretty much all altp2m HVMOPs can be issued > from a user-space program without any way to check whether that > process is allowed to do that or not. If you don't think it is safe > for a domain to set SVE, the none of the altp2m ops are safe for the > domain to issue on itself. If we could say ensure only the kernel can > issue the hvmops, that would be OK. But that's not possible at the > moment AFAICT.
Wait, is that right? I think we normally restrict hypercalls to only being made from the guest kernel, don't we? -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
