[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] domctl: tighten XEN_DOMCTL_*_permission



At 14:08 +0100 on 06 May (1399381725), Jan Beulich wrote:
> With proper permission (and, for the I/O port case, wrap-around) checks
> added (note that for the I/O port case a count of zero is now being
> disallowed, in line with I/O memory handling):
> 
> XEN_DOMCTL_irq_permission:
> XEN_DOMCTL_ioport_permission:
> 
>  Of both IRQs and I/O ports there is only a reasonably small amount, so
>  there's no excess resource consumption involved here. Additionally
>  they both have a specialized XSM hook associated.
> 
> XEN_DOMCTL_iomem_permission:
> 
>  While this also has a specialized XSM hook associated (just like
>  XEN_DOMCTL_{irq,ioport}_permission), it's not clear whether it's
>  reasonable to expect XSM to restrict the number of ranges associated
>  with a domain via this hook (which is the main resource consumption
>  item here).
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Reviewed-by: Tim Deegan <tim@xxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.