Address Space Isolation
Owner: royger
Time: Thu 10:50 AM 6 Jun +0100 (Europe/Lisbon) Final

AWS is working on a series to populate the direct map on demand:

After this is done we will no longer have the directmap fully populated, but there’s still further work until we can declare CPU contexts in Xen only have non-confidential information mapped:

  • Are all xenheap usages (so populated on the directmap) for non-confidential data?

  • pCPU stacks allocated from xenheap, and thus always mapped in the directmap. Currently we only have per-domain mappings, but not per-{v,p}CPU mappings.