Xen project Mailing List

Re: [Xen-devel] [PATCH V2 2/3] xen/vm_event: Support for guest-requested events

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Tue, 30 Jun 2015 17:23:21 +0300

Cc: tim@xxxxxxx, kevin.tian@xxxxxxxxx, wei.liu2@xxxxxxxxxx, ian.campbell@xxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, jun.nakajima@xxxxxxxxx, andrew.cooper3@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, eddie.dong@xxxxxxxxx, Aravind.Gopalakrishnan@xxxxxxx, suravee.suthikulpanit@xxxxxxx, keir@xxxxxxx, boris.ostrovsky@xxxxxxxxxx, dgdegra@xxxxxxxxxxxxx

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

Delivery-date: Tue, 30 Jun 2015 14:23:03 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=SaaWtHbTQ6XuCmyF41IQPQK+jO6M0MABI16+DH+n97T2CspIJGZ3+sb/G2FSpIEwhDEg/REgpaFaqKPYbh5vLycMP5rGHSs6BS11EkxQzMCbQgG/GM7r6owK30INmHGTlqdQyrq40TdBymbKGWmrxKtGMCYInOz3HJT3bhjxwLIGG7/K16bSVYASUz382a+Wehv4YN9TGMlp7+GGqBj+M69pyNA+w2ziSnmKgu/MGtkgEl2QIHUZZgMw0kkb4UJ57jaIaBlITkaewCKRxOYaBzzXL1cQ5wxXG14+k+sIFEzyrQFz2vtazE8Y8fITpK4ATD0lJMBEnclvFEn7K5lhAQ==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/26/2015 10:02 AM, Jan Beulich wrote: >>>> On 15.06.15 at 11:03, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >> Added support for a new class of vm_events: VM_EVENT_REASON_REQUEST, >> sent via HVMOP_request_vm_event. The guest can request that a >> generic vm_event (containing only the vm_event-filled guest registers >> as information) be sent to userspace by setting up the correct >> registers and doing a VMCALL. For example, for a 64-bit guest, this >> means: EAX = 34 (hvmop), EBX = 24 (HVMOP_request_vm_event). > > I suppose you mean a 32-bit guest here? Also I'm not sure it's a good > idea to explicitly define a guest exposed hypercall to omit one of the > arguments normally required for it (the interface structure pointer): > Should there ever be a reason to allow the guest to control further > aspects of the operation by passing a structure, you'd then have to > define a new sub-op instead of being able to re-use the current one. > I.e. I'd strongly recommend requiring NULL to be passed here, and > checking this in the implementation of the handler. Would something like this do? 6391 case HVMOP_guest_request_vm_event: 6392 if ( !guest_handle_is_null(arg) ) 6393 rc = -EINVAL; 6394 else 6395 hvm_event_guest_request(); 6396 break; >> --- a/xen/arch/x86/hvm/hvm.c >> +++ b/xen/arch/x86/hvm/hvm.c >> @@ -6373,6 +6373,10 @@ long do_hvm_op(unsigned long op, >> XEN_GUEST_HANDLE_PARAM(void) arg) >> break; >> } >> >> + case HVMOP_request_vm_event: >> + hvm_event_requested(); >> + break; > > No XSM check here or in the handler? Shouldn't the admin controlling > guest properties from the host perspective be permitted control here? > Cc-ing Daniel for his input ... Thinking more about this, the goal here is to be able to monitor non-privileged guests from a privileged domain. Being able to subscribe to these events is subject to XSM checks (so an application in dom0 would be able to receive them), but if XSM checks are needed for the guest as well, then, at least for the purpose the code is intended for now, the default would need to be to allow this to happen. Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.