|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 5 of 6] Rework stale p2m auditing
At 16:48 -0500 on 14 Nov (1321289326), Andres Lagar-Cavilla wrote: > The p2m audit code doesn't even compile, let alone work. It also > partially supports ept. Make it: > > - compile > - lay groundwork for eventual ept support > - move out of the way of all calls and turn it into a domctl. It's > obviously not being used by anybody presently. > - enable it via said domctl Thanks for looking at this code (which, as you say, had considerably rotted). I'm not sure I'm a big fan of provoking audits from user-space rather than having them run on every operation; in previous incarnations there have been serial debug-keys that triggered auditing code (which would then be run before and after every operation) - I found that much more helpful in the case of failure, as it pointed to which operation had caused the problem rather than saying 'something bad happened at somne point'. If you really want to keep the hypercall, I think it could probably be part of the existing paging/shadow control domctl rather than having its own. That would have the advantage of preventing an untrusted domain from calling it on itself (which has in the past turned slightly bitrotted audit code into a denial-of-service vector!). Cheers, Tim. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |