|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 4/4] x86/hvm: add stricter permissions checks to ioreq server control plane
>>> On 16.03.18 at 17:58, <paul.durrant@xxxxxxxxxx> wrote: > There has always been an intention in the ioreq server API that only the > domain that creates an ioreq server should be able to manipulate it. > However, so far, nothing has enforced this. This means that two domains > with DM_PRIV over a target domain can currently manipulate each others > ioreq servers. > > A previous patch added code to take a reference and store a pointer to the > domain that creates an ioreq server. This patch now adds checks to the > functions that manipulate the ioreq server to make sure they are being > called by the same domain. > > Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |