[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Access control in Xen privcmd_ioctl_mmap

To: Tamas Lengyel <tamas.lengyel@xxxxxxxxxxxx>
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Wed, 02 Jan 2013 10:54:51 -0500
Cc: jeremy@xxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, konrad.wilk@xxxxxxxxxx
Delivery-date: Wed, 02 Jan 2013 15:55:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 12/31/2012 03:44 PM, Tamas Lengyel wrote:
> In the privcmd Linux driver two checks in the functions
> privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they
> are trying to enforce hypervisor-level access control.  They should be
> removed as they break secondary control domains when performing dom0
> disaggregation. Xen itself provides adequate security controls around
> these hypercalls and these checks prevent those controls from
> functioning as intended.
> 
> The patch applies to the stable Linux 3.7.1 kernel.

It also applies to (and I have tested it on) 3.8-rc1.

> Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>
> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Prev by Date: Re: [Xen-devel] [PATCH V5] xen/privcmd.c: improve performance of MMAPBATCH_V2.
Next by Date: Re: [Xen-devel] qemu-system-i386: memory leak?
Previous by thread: Re: [Xen-devel] [PATCH V5] xen/privcmd.c: improve performance of MMAPBATCH_V2.
Next by thread: Re: [Xen-devel] [PATCH] Access control in Xen privcmd_ioctl_mmap
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.