[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.5 v6 00/16] Xen VMware tools support

To: Don Slutz <dslutz@xxxxxxxxxxx>
From: Tim Deegan <tim@xxxxxxx>
Date: Fri, 3 Oct 2014 09:09:18 +0200
Cc: Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Eddie Dong <eddie.dong@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, AravindGopalakrishnan <Aravind.Gopalakrishnan@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
Delivery-date: Fri, 03 Oct 2014 07:10:28 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 15:20 -0400 on 02 Oct (1412259615), Don Slutz wrote:
> On 10/02/14 06:05, Tim Deegan wrote:
> > At 16:00 -0400 on 26 Sep (1411743641), Don Slutz wrote:
> >> On 09/25/14 06:37, Tim Deegan wrote:
> >>> At 17:18 +0100 on 22 Sep (1411402700), Jan Beulich wrote:
> >>>>>>> On 22.09.14 at 17:38, <george.dunlap@xxxxxxxxxxxxx> wrote:
> >>>> That's indeed what was said so far. I wonder though whether opening
> >>>> this up without guest OS consent isn't gong to introduce a security
> >>>> issue inside the guest (depending on the exact functionality of these
> >>>> hypercalls).
> >>> Yes indeed.  VMware seems to have CPL checks on some of the commands
> >>> (but not all).  I guess Xen will be no worse than VMware if we do the
> >>> same, though I'd like to have an official spec to follow for that.
> >> Yes, VMware has CPL checks on some of the commands.  Not at all
> >> clear the include file has the correct statement.  I have not do any
> >> checking of CPL nor does QEMU.
> > That needs to be fixed somewhere.  If Xen/Qemu is going to provide
> > this interface it _must_ copy the privilege checks, even if we don't
> > understand why they're there -- in fact, _especially_ if we don't
> > understand why they're there! :)
> >
> > If the third-party header file isn't a reliable source, you'll have to
> > determine the correct behaviour by experiment.
> 
> I have done this.  Will be adding the check.

Great, thanks!

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH for-4.5 v6 00/16] Xen VMware tools support
  - From: Tim Deegan
- Re: [Xen-devel] [PATCH for-4.5 v6 00/16] Xen VMware tools support
  - From: Don Slutz

Prev by Date: [Xen-devel] [xen-4.4-testing test] 30548: tolerable trouble: blocked/broken/fail/pass - PUSHED
Next by Date: Re: [Xen-devel] [OSSTEST PATCH v2] sg-report-flight: Add a succcess/failure column header.
Previous by thread: Re: [Xen-devel] [PATCH for-4.5 v6 00/16] Xen VMware tools support
Next by thread: [Xen-devel] [PATCH 0/2] introduce XENMEM_cache_flush
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.