On Thu, Sep 25, 2008 at 10:00:17PM +0200, Alexander Graf wrote: > > On 25.09.2008, at 19:37, Joerg Roedel wrote: > > >On Thu, Sep 25, 2008 at 07:32:55PM +0200, Alexander Graf wrote: > >>>This is a big security hole. With this we give the guest access to > >>>its > >>>own VMCB. The guest can take over or crash the whole host machine by > >>>rewriting its VMCB. We should be more selective what we save in the > >>>hsave area. > >> > >>Oh, right. I didn't even think of a case where the nested guest would > >>have acvess to the hsave of itself. Since the hsave can never be used > >>twice on one vcpu, we could just allocate our own memory for the > >>hsave > >>in the vcpu context and leave the nested hsave empty. > > > >I think we could also gain performance by only saving the important > >parts of the VMCB and not the whole page. > > Is copying one page really that expensive? Is there any accelerated > function available for that that copies it with SSE or so? :-)
Copying data in memory is always expensive because the accesses may miss in the caches and data must be fetched from memory. As far as I know this can be around 150 cycles per cache line. Joerg > >-- > > | AMD Saxony Limited Liability Company & Co. KG > >Operating | Wilschdorfer Landstr. 101, 01109 Dresden, Germany > >System | Register Court Dresden: HRA 4896 > >Research | General Partner authorized to represent: > >Center | AMD Saxony LLC (Wilmington, Delaware, US) > > | General Manager of AMD Saxony LLC: Dr. Hans-R. Deppe, > >Thomas McCoy > > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
