[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated
>>> On 10.09.12 at 21:49, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: > Some checks are removed due to non-obvious duplicates in their callers: > > * acpi_enter_sleep is checked by its only caller > * map_domain_pirq has IS_PRIV_FOR checked in physdev_map_pirq ... and ioapic_guest_write(). Please have this list complete, as it is going to be necessary to fully validate this (now and retrospectively once applied) for the absence of security holes. > * PHYSDEVOP_alloc_irq_vector is a noop, does not need IS_PRIV NAK. This nevertheless is a privileged operation (i.e. must not succeed for unprivileged guests). > * Many PHYSDEVOP access checks are within the implementation functions For the above named reason, please fully document this. > * do_platform_op, do_domctl, and do_sysctl all have per-operation > XSM hooks > * do_console_io has changed to IS_PRIV from an explicit domid==0 I see a point in actually limiting this to Dom0 - that's the only domain that can't possibly have a virtual console. But I'm not really opposed to changing this. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |