[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated



>>> On 10.09.12 at 21:49, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
> Some checks are removed due to non-obvious duplicates in their callers:
> 
>  * acpi_enter_sleep is checked by its only caller
>  * map_domain_pirq has IS_PRIV_FOR checked in physdev_map_pirq

... and ioapic_guest_write(). Please have this list complete, as it
is going to be necessary to fully validate this (now and
retrospectively once applied) for the absence of security holes.

>  * PHYSDEVOP_alloc_irq_vector is a noop, does not need IS_PRIV

NAK. This nevertheless is a privileged operation (i.e. must not
succeed for unprivileged guests).

>  * Many PHYSDEVOP access checks are within the implementation functions

For the above named reason, please fully document this.

>  * do_platform_op, do_domctl, and do_sysctl all have per-operation
>    XSM hooks
>  * do_console_io has changed to IS_PRIV from an explicit domid==0

I see a point in actually limiting this to Dom0 - that's the only
domain that can't possibly have a virtual console. But I'm not
really opposed to changing this.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.