[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Access control in Xen privcmd_ioctl_mmap

On 12/31/2012 03:44 PM, Tamas Lengyel wrote:
> In the privcmd Linux driver two checks in the functions
> privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they
> are trying to enforce hypervisor-level access control.  They should be
> removed as they break secondary control domains when performing dom0
> disaggregation. Xen itself provides adequate security controls around
> these hypercalls and these checks prevent those controls from
> functioning as intended.
> The patch applies to the stable Linux 3.7.1 kernel.

It also applies to (and I have tested it on) 3.8-rc1.

> Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>
> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.