>>> On 10.01.15 at 00:04, <edmund.h.wh...@intel.com> wrote: > On 01/09/2015 02:41 PM, Andrew Cooper wrote: >> Having some non-OS part of the guest swap the EPT tables and >> accidentally turn a DMA buffer read-only is not going to end well. >> > > The agent can certainly do bad things, and at some level you have to assume it > is sensible enough not to. However, I'm not sure this is fundamentally more > dangerous than what a privileged domain can do today using the MEMOP... > operations, and people are already using those for very similar purposes.
I don't follow - how is what privileged domain can do related to the proposed changes here (which are - via VMFUNC - at least partially guest controllable, and that's also the case Andrew mentioned in his reply)? I'm having a hard time understanding how a P2M stripped of anything that's not plain RAM can be very useful to a guest. IOW without such fundamental aspects clarified I don't see a point in looking at the individual patches (which btw, according to your wording elsewhere, should have been marked RFC). Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
