[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] x86/hvm: Allow guest_request vm_events coming from userspace

On 01.08.2017 19:07, Tamas K Lengyel wrote:
On Tue, Aug 1, 2017 at 4:30 AM, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
On 01/08/17 10:46, Alexandru Isaila wrote:
Allow guest userspace code to request that a vm_event be sent out
via VMCALL. This functionality seems to be handy for a number of
Xen developers, as stated on the mailing list (thread "[Xen-devel]
HVMOP_guest_request_vm_event only works from guest in ring0").
This is a use case in communication between a userspace application
in the guest and the introspection application in dom0.

Signed-off-by: Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>

This issue has been argued several times before, and while I am in
favour of the change, there is a legitimate argument that it breaks one
of our security boundaries.

One intermediate option comes to mind however.

Could we introduce a new monitor op which permits the use of
HVMOP_guest_request_vm_event from userspace?  This way, it requires a
positive action on behalf of the introspection agent to relax the CPL
check, rather than having the CPL check unconditionally relaxed.

I agree, it would be required to gate this on a monitor option that is
disabled by default.

That's the way we'll move forward. About that: would you prefer a new libxc function that toggles only the userspace part, or that we add a bool parameter to the existing xc_monitor_guest_request()?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.