On 04/12/20 22:38, Ashish Kalra wrote:
Earlier we used to dynamic resizing of the page encryption bitmap based on the guest hypercall, but potentially a malicious guest can make a hypercall which can trigger a really large memory allocation on the host side and may eventually cause denial of service. Hence now we don't do dynamic resizing of the page encryption bitmap as per the hypercall and allocate it statically based on guest memory allocation by walking through memslots and computing it's size. I will add the above comment to the fresh series of the patch-set i am going to post.
Sounds good, thanks. If there are no other changes I can include this in the commit message myself.
Paolo
