[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] xen/xsm: forbid PV guest console reads



>>> On 30.09.13 at 17:48, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
> When the hypervisor was compiled in debug mode (with VERBOSE defined),
> PV guests incorrectly had access to both read and write to the console.
> Change this to only allow write access; since such writes were limited
> by log levels in 48d50de8e0, remove the dependency on VERBOSE
> completely.

I disagree, and iirc I disagreed already when you tried to drop the
dependency on VERBOSE with that earlier patch.

> Reported-by: Jan Beulich <JBeulich@xxxxxxxx>
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> ---
> 
> Alternatively, if controlling writes with VERBOSE is still desired, the
> ifdef VERBOSE can be retained surrounding the if() with the following
> commit message:
> 
> The CONSOLEIO_read operation was incorrectly allowed to PV guests if the
> hypervisor was compiled in debug mode (with VERBOSE defined).

That's what I'd want to see go in.

Jan

>  xen/include/xsm/dummy.h | 8 +++-----
>  1 file changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 052f3e0..1f4960d 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -221,11 +221,9 @@ static XSM_INLINE int 
> xsm_memory_stat_reservation(XSM_DEFAULT_ARG struct domain
>  static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int 
> cmd)
>  {
>      XSM_ASSERT_ACTION(XSM_OTHER);
> -#ifdef VERBOSE
> -    return xsm_default_action(XSM_HOOK, current->domain, NULL);
> -#else
> -    return xsm_default_action(XSM_PRIV, current->domain, NULL);
> -#endif
> +    if ( cmd == CONSOLEIO_write )
> +        return xsm_default_action(XSM_HOOK, d, NULL);
> +    return xsm_default_action(XSM_PRIV, d, NULL);
>  }
>  
>  static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op)
> -- 
> 1.8.1.4




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.