[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 02/11] hvmctl: convert HVMOP_set_pci_intx_level

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Mon, 20 Jun 2016 15:48:23 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 20 Jun 2016 14:48:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Daniel De Graaf writes ("Re: [PATCH 02/11] hvmctl: convert 
HVMOP_set_pci_intx_level"):
> On 06/20/2016 08:53 AM, Jan Beulich wrote:
> > Note that this adds validation of the "domain" interface structure
> > field, which previously got ignored.
> >
> > Note further that this retains the hvmop interface definitions as those
> > had (wrongly) been exposed to non-tool stack consumers (albeit the
> > operation wouldn't have succeeded when requested by a domain for
> > itself).
> >
> > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> > ---
> > TBD: xen/xsm/flask/policy/access_vectors says "also needs hvmctl", but
> >      I don't see how this has been done so far. With the change here,
> >      doing two checks in flask_hvm_control() (the generic one always
> >      and a specific one if needed) would of course be simple, but it's
> >      unclear how subsequently added sub-ops should then be dealt with
> >      (which don't have a similar remark).
> 
> I am not sure why that remark is there: it seems like it refers to an
> overall check in the HVM operation hypercall, which does not exist.
> 
> There is no reason to have an operation protected by two different
> access checks, so I think that both the previous and patched code
> are correct and the "also needs hvmctl" comment should be removed.
> With that, Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

This is a slight digression, but is it intended that all of these
hvmctl's are safe to expose to a deprivileged device model process in
dom0, or to a device model stub domain ?

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 02/11] hvmctl: convert HVMOP_set_pci_intx_level
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 00/11] hvmctl hypercall
  - From: Jan Beulich
- [Xen-devel] [PATCH 02/11] hvmctl: convert HVMOP_set_pci_intx_level
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 02/11] hvmctl: convert HVMOP_set_pci_intx_level
  - From: Daniel De Graaf

Prev by Date: Re: [Xen-devel] [PATCH 14/17] xsm: annotate setup functions with __init
Next by Date: Re: [Xen-devel] [PATCH 15/17] xsm: clean up unregistration
Previous by thread: Re: [Xen-devel] [PATCH 02/11] hvmctl: convert HVMOP_set_pci_intx_level
Next by thread: Re: [Xen-devel] [PATCH 02/11] hvmctl: convert HVMOP_set_pci_intx_level
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.