[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/2] xen/xsm: forbid PV guest console reads
>>> On 30.09.13 at 17:48, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: > When the hypervisor was compiled in debug mode (with VERBOSE defined), > PV guests incorrectly had access to both read and write to the console. > Change this to only allow write access; since such writes were limited > by log levels in 48d50de8e0, remove the dependency on VERBOSE > completely. I disagree, and iirc I disagreed already when you tried to drop the dependency on VERBOSE with that earlier patch. > Reported-by: Jan Beulich <JBeulich@xxxxxxxx> > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > --- > > Alternatively, if controlling writes with VERBOSE is still desired, the > ifdef VERBOSE can be retained surrounding the if() with the following > commit message: > > The CONSOLEIO_read operation was incorrectly allowed to PV guests if the > hypervisor was compiled in debug mode (with VERBOSE defined). That's what I'd want to see go in. Jan > xen/include/xsm/dummy.h | 8 +++----- > 1 file changed, 3 insertions(+), 5 deletions(-) > > diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h > index 052f3e0..1f4960d 100644 > --- a/xen/include/xsm/dummy.h > +++ b/xen/include/xsm/dummy.h > @@ -221,11 +221,9 @@ static XSM_INLINE int > xsm_memory_stat_reservation(XSM_DEFAULT_ARG struct domain > static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int > cmd) > { > XSM_ASSERT_ACTION(XSM_OTHER); > -#ifdef VERBOSE > - return xsm_default_action(XSM_HOOK, current->domain, NULL); > -#else > - return xsm_default_action(XSM_PRIV, current->domain, NULL); > -#endif > + if ( cmd == CONSOLEIO_write ) > + return xsm_default_action(XSM_HOOK, d, NULL); > + return xsm_default_action(XSM_PRIV, d, NULL); > } > > static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op) > -- > 1.8.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |