[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote: > The Xen hypervisor has two basic access control function calls: IS_PRIV > and the xsm_* functions. Most privileged operations currently require > that both checks succeed, and many times the checks are at different > locations in the code. This patch eliminates the explicit and implicit > IS_PRIV checks that are duplicated in XSM hooks. The downside is that you loose some context in the hypercall implementation, i.e. the hint about whether a hypercall is available only to the toolstack, or to only stubdomains or more generally to all guests etc which is useful to have in front of you when changing the code. IOW I worry that we may end up introducing bugs due to hiding this context away behind the xsm wrapper, e.g. you think a function is privileged guest only but actually it is guest accessible. I wonder if there is any way we can get the benefits of this change without this downside? Perhaps in the name of the hook? e.g. For each existing xsm_<foo> we instead define exactly one of xsm_guest_<foo>, xsm_stubdom_<foo> or xsm_priv_<foo>. This might also let us define some macros for use in dummy.[ch] which simultaneously construct the correct function name and include the appropriate boilerplate perm check thus ensuring they don't get out of sync. > Some checks are removed due to non-obvious duplicates in their callers: If the duplicates are non-obvious wouldn't it be better to keep them as a belt-and-braces measure? Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |