[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Adrian Pop <apop@xxxxxxxxxxxxxxx>
Date: Thu, 22 Jun 2017 15:04:33 +0300
Cc: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 22 Jun 2017 12:04:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, Jun 16, 2017 at 02:39:10AM -0600, Jan Beulich wrote:
> >>> On 15.06.17 at 21:01, <tamas@xxxxxxxxxxxxx> wrote:
> > On Fri, Jun 9, 2017 at 10:51 AM, Adrian Pop <apop@xxxxxxxxxxxxxxx> wrote:
> >> --- a/xen/arch/x86/mm/mem_access.c
> >> +++ b/xen/arch/x86/mm/mem_access.c
> >> @@ -466,6 +466,58 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, 
> >> xenmem_access_t *access)
> >>  }
> >>
> >>  /*
> >> + * Set/clear the #VE suppress bit for a page.  Only available on VMX.
> >> + */
> >> +int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
> >> +                        unsigned int altp2m_idx)
> >> +{
> >> +    struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
> >> +    struct p2m_domain *ap2m = NULL;
> >> +    struct p2m_domain *p2m;
> >> +    mfn_t mfn;
> >> +    p2m_access_t a;
> >> +    p2m_type_t t;
> >> +    int rc;
> >> +
> >> +    if ( !cpu_has_vmx_virt_exceptions )
> >> +        return -EOPNOTSUPP;
> >> +
> >> +    /* This subop should only be used from a privileged domain. */
> >> +    if ( !current->domain->is_privileged )
> >> +        return -EINVAL;
> > 
> > This check looks wrong to me. If this subop should only be used by an
> > external (privileged) domain then I don't think this should be
> > implemented as an HVMOP, looks more like a domctl to me.
> 
> I think this wants to be an XSM_DM_PRIV check instead.

I'm not sure, but I expect that to not behave as intended security-wise
if Xen is compiled without XSM.  Would it?  It would be great if this
feature worked well without XSM too.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 0/2] x86: Add a hvmop for setting the #VE suppress bit
  - From: Adrian Pop
- [Xen-devel] [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit
  - From: Adrian Pop
- Re: [Xen-devel] [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit
  - From: Tamas K Lengyel
- Re: [Xen-devel] [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH 2/6] x86/shadow: Fixes to hvm_emulate_insn_fetch()
Next by Date: Re: [Xen-devel] [PATCH 3/6] x86/shadow: Use ERR_PTR infrastructure for sh_emulate_map_dest()
Previous by thread: Re: [Xen-devel] [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit
Next by thread: Re: [Xen-devel] [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.