On Fri, Sep 16, 2016 at 03:47:23AM -0700, Dongli Zhang wrote:
> > > + /*
> > > + * MEMF_no_tlbflush can be set only during vm creation phase when
> > > + * is_ever_unpaused is still false before this domain gets unpaused
> > > for
> > > + * the first time.
> > > + */
> > > + if ( unlikely(!d->is_ever_unpaused) )
> > > + a->memflags |= MEMF_no_tlbflush;
> > So you no longer mean to expose this to the caller?
> hmmm.... I would prefer to expose this to the toolstack if it is OK for
> I copy and paste Wei's comments below:
> > Rule 1. It is toolstack's responsibility to set the "MEMF_no_tlbflush" bit
> > in memflags. The toolstack developers should be careful that
> > "MEMF_no_tlbflush" should never be used after vm creation is finished.
> Is it possible to have a safety catch for this in the hypervisor? In
> general IMHO we should avoid providing an interface that is possible to
> create a security problem.
> Hi Wei, since it is possible to have a safety catch now in the hypervisor (the
> bit is allowed only before VM creation is finished), is it OK for you to
> MEMF_no_tlbflush bit to toolstack?
What is the scenario that you would want toolstack to set such flag?
Shouldn't hypervisor always set the flag when the guest is never
unpaused and always clear / ignore that flag if the guest is ever
unpaused? If that's all is needed, why does toolstack need to get
Do I miss something here?
> Thank you very much!
> Dongli Zhang
Xen-devel mailing list