[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v5] altp2m: Allow specifying external-only use-case
On Wed, Mar 22, 2017 at 12:07:33PM -0600, Tamas K Lengyel wrote: > Currently setting altp2mhvm=1 in the domain configuration allows access to the > altp2m interface for both in-guest and external privileged tools. This poses > a problem for use-cases where only external access should be allowed, > requiring > the user to compile Xen with XSM enabled to be able to appropriately restrict > access. > > In this patch we deprecate the altp2mhvm domain configuration option and > introduce the altp2m option, which allows specifying if by default the altp2m > interface should be external-only. The information is stored in > HVM_PARAM_ALTP2M which we now define with specific XEN_ALTP2M_* modes. > If external mode is selected, the XSM check is shifted to use XSM_DM_PRIV > type check, thus restricting access to the interface by the guest itself. Note > that we keep the default XSM policy untouched. Users of XSM who wish to > enforce > external mode for altp2m can do so by adjusting their XSM policy directly, > as this domain config option does not override an active XSM policy. > > Also, as part of this patch we adjust the hvmop handler to require > HVM_PARAM_ALTP2M to be of a type other then disabled for all ops. This has > been > previously only required for get/set altp2m domain state, all other options > were gated on altp2m_enabled. Since altp2m_enabled only gets set during set > altp2m domain state, this change introduces no new requirements to the other > ops but makes it more clear that it is required for all ops. > > Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx> > Signed-off-by: Sergej Proskurin <proskurin@xxxxxxxxxxxxx> > --- > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > Cc: Wei Liu <wei.liu2@xxxxxxxxxx> > Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Cc: Jan Beulich <jbeulich@xxxxxxxx> > Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > > v4: Take patch out of ARM altp2m series. No hypervisor-side changes > other then not touching ARM code anymore. Toolstack side introduces the > altp2m config field such that it will require minimal churn once > ARM altp2m is added. > > v5: Add "limited" mode where the guest only has access to enable/disable > VMFUNC and #VE features. > --- > docs/man/xl.cfg.pod.5.in | 43 > ++++++++++++++++++++++++++++++++++++++++- > tools/libxl/libxl_create.c | 6 ++++-- > tools/libxl/libxl_dom.c | 18 +++++++++++++++-- > tools/libxl/libxl_types.idl | 14 ++++++++++++++ > tools/xl/xl_parse.c | 20 ++++++++++++++++++- Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |