[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap

To: Julien Grall <julien.grall@xxxxxxxxxx>
From: Mukesh Rathor <mukesh.rathor@xxxxxxxxxx>
Date: Thu, 20 Feb 2014 17:22:34 -0800
Cc: Xen-devel@xxxxxxxxxxxxxxxxxxx, Ian Campbell <ian.campbell@xxxxxxxxxx>, george.dunlap@xxxxxxxxxxxxx, tim@xxxxxxx, keir.xen@xxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, dgdegra@xxxxxxxxxxxxx
Delivery-date: Fri, 21 Feb 2014 01:23:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, 20 Feb 2014 13:49:58 +0000
Julien Grall <julien.grall@xxxxxxxxxx> wrote:

> On 02/20/2014 02:22 AM, Mukesh Rathor wrote:
> > On Wed, 12 Feb 2014 16:47:54 +0000
> > Julien Grall <julien.grall@xxxxxxxxxx> wrote:
> > 
> >> Hi Mukesh,
> >>
> >> On 12/17/2013 02:38 AM, Mukesh Rathor wrote:
> >>> In preparation for the next patch, we update xsm_add_to_physmap to
> >>> allow for checking of foreign domain. Thus, the current domain
> >>> must have the right to update the mappings of target domain with
> >>> pages from foreign domain.
> >>>
> >>> Signed-off-by: Mukesh Rathor <mukesh.rathor@xxxxxxxxxx>
> >>
> >> While I was playing with XSM on ARM, I have noticed that Daniel De
> >> Graff has added xsm_map_gfmn_foreign few months ago (see commit
> >> 0b201e6).
> >>
> >> Would it be suitable to use this XSM instead of extending
> >> xsm_add_to_physmap?
> >>
> >> Regards,
> >>
> > 
> > Not the same thing. add to physmap could be adding to a domain's
> > physmap pages from a foreign domain.
> 
> Let assume you don't modify xsm_add_to_physmap, in this case:
>    - xsm_add_to_physmap checks if the current domain is allowed to
> modify the p2m of a given domain
>    - xsm_map_gfmn_foreign checks if the given domain is allowed to
> have foreign mapping from the foreign domain
> 
> Both XSM are distinct and should be used together. You don't care that

I see, i thought you meant replace one with another. I am not a security 
expert, so just followed the suggestions. But looking at the code
looks like above is the way to go, and I can just drop my xsm_add_to_physmap
change patch (which btw doesn't check whether target has access to
foreign mappings, so is prob not correct). Thanks for noticing.

Mukesh

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Mukesh Rathor

References:
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Julien Grall
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Mukesh Rathor
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH net-next v5 1/9] xen-netback: Introduce TX grant map definitions
Next by Date: Re: [Xen-devel] Single step in HVM domU on Intel machine may see wrong DB6
Previous by thread: Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
Next by thread: Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.