|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated
On 09/11/2012 03:29 AM, Jan Beulich wrote: >>>> On 10.09.12 at 21:49, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: >> Some checks are removed due to non-obvious duplicates in their callers: >> >> * acpi_enter_sleep is checked by its only caller >> * map_domain_pirq has IS_PRIV_FOR checked in physdev_map_pirq > > ... and ioapic_guest_write(). Please have this list complete, as it > is going to be necessary to fully validate this (now and > retrospectively once applied) for the absence of security holes. I'll check callers again when resubmitting; I didn't generate this list the first time I was doing the checks, so it has obviously missed a few. The ioapic_guest_write function is checked by PHYSDEVOP_apic_write, so it's also protected. > >> * PHYSDEVOP_alloc_irq_vector is a noop, does not need IS_PRIV > > NAK. This nevertheless is a privileged operation (i.e. must not > succeed for unprivileged guests). Do we depend on this behavior? Anyway, I'll revert this chunk or replace it with an xsm hook if there's an appropriate one. >> * Many PHYSDEVOP access checks are within the implementation functions > > For the above named reason, please fully document this. > Will do on resubmit. [snip remainder, addressed in the thread with Ian's reply] _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |