Re: [Qemu-devel] [PATCH v2 2/2] Xen: Use the ioreq-server API when available

[Paul Durrant]

> -----Original Message-----
> From: Stefano Stabellini [mailto:address@hidden
> Sent: 13 October 2014 16:53
> To: Paul Durrant
> Cc: address@hidden; address@hidden; Stefano
> Stabellini; Peter Maydell; Paolo Bonzini; Michael Tokarev; Stefan Hajnoczi;
> Stefan Weil; Olaf Hering; Gerd Hoffmann; Alexey Kardashevskiy; Alexander
> Graf
> Subject: Re: [PATCH v2 2/2] Xen: Use the ioreq-server API when available
> 
> On Mon, 13 Oct 2014, Paul Durrant wrote:
> > The ioreq-server API added to Xen 4.5 offers better security than
> > the existing Xen/QEMU interface because the shared pages that are
> > used to pass emulation request/results back and forth are removed
> > from the guest's memory space before any requests are serviced.
> > This prevents the guest from mapping these pages (they are in a
> > well known location) and attempting to attack QEMU by synthesizing
> > its own request structures. Hence, this patch modifies configure
> > to detect whether the API is available, and adds the necessary
> > code to use the API if it is.
> >
> > Signed-off-by: Paul Durrant <address@hidden>
> 
> I think the patch is pretty good, just one comment below.
> 
[snip]
> > @@ -487,9 +494,52 @@ static void xen_region_del(MemoryListener
> *listener,
> >                             MemoryRegionSection *section)
> >  {
> >      xen_set_memory(listener, section, false);
> > +
> > +    if (section->mr != &ram_memory) {
> > +        XenIOState *state = container_of(listener, XenIOState,
> memory_listener);
> > +
> > +        xen_unmap_memory_section(xen_xc, xen_domid, state->ioservid,
> section);
> > +    }
> > +
> >      memory_region_unref(section->mr);
> >  }
> 
> I would prefer if you could move the xen_unmap_memory_section and
> xen_map_memory_section calls to xen_set_memory, where we already
> have a
> ram_memory check. Could you reuse it?
> 

Sure, I can do that.

  Paul