[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v7 10/10] xen/common: do not implicitly permit access to mapped I/O memory
- To: "Arianna Avanzini" <avanzini.arianna@xxxxxxxxx>, "Julien Grall" <julien.grall@xxxxxxxxxx>
- From: "Jan Beulich" <JBeulich@xxxxxxxx>
- Date: Mon, 26 May 2014 12:14:01 +0100
- Cc: Ian.Campbell@xxxxxxxxxxxxx, paolo.valente@xxxxxxxxxx, keir@xxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, dario.faggioli@xxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, julien.grall@xxxxxxxxxx, etrudeau@xxxxxxxxxxxx, tim@xxxxxxx, viktor.kleinik@xxxxxxxxxxxxxxx
- Delivery-date: Mon, 26 May 2014 11:14:17 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
>>> On 26.05.14 at 12:53, <julien.grall@xxxxxxxxxx> wrote:
>
> On 26/05/14 11:14, Jan Beulich wrote:
>>
>> Or maybe I wasn't wrong - the patch context doesn't really make
>> clear whether it's the granting or mapping operation that gets
>> adjusted here (since an earlier patch moved the mapping one into
>> this function).
>
> ret = -EPERM;
> - if ( !iomem_access_permitted(current->domain, mfn, mfn_end) )
> + if ( !iomem_access_permitted(d, mfn, mfn_end) )
> break;
>
> ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn_end, add);
>
> There is an xsm_iomem_mapping just after, so the change has been done in
> XEN_DOMCTL_memory_mapping.
In which case I indeed stick to my original comment - it's perhaps
best to check _both_.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
