Re: [Xen-devel] [PATCH 3/4] xen/arm: support vcpu_op hypercalls

[Ian Campbell <Ian.Campbell@xxxxxxxxxx>]

On Tue, 2013-04-23 at 12:32 +0100, Stefano Stabellini wrote:
> On Tue, 9 Apr 2013, Ian Campbell wrote:
> > On Thu, 2013-03-21 at 18:42 +0000, Stefano Stabellini wrote:
> > 
> > It's possible that we might want to restrict the available operations?
> > e.g. remove VPCUOP_initialize/up if we are doing this via PSCI instead?
> > 
> > My concern is that there have been security bugs in VCPUOP_initialize on
> > x86 in the past and if we don't have to expose that possibility on ARM
> > lets not.
> 
> I think that restricting the vcpu_op available is a good idea. Smaller
> the ABI, smaller the surface of attack.
> 
> However the resulting patch won't be extremely pretty (usually all
> hypercalls go straight to common code).

Yes :-/

I expect this is going to be something we want to do in several places,
and also that we are going to want this capability on x86 too once PVH
takes hold and the deprecation plan for PVMMU comes into play in half a
decades time (I expect PVMMU stuff to become a compile time option for
some time before it gets fully deprecated/removed).

So perhaps it is worth trying to find an acceptable longterm solution?
We should probably involve Keir & Jan too.

For start_info and evtchn_upcall_mask I've added XEN_HAVE_FOO defines,
perhaps this is a path to follow e.g. with XEN_HAVE_PV_VCPUOP (or some
better name).

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel