[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Boris Ostrovsky" <boris.ostrovsky@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 18 Dec 2015 10:10:45 -0700
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, keir@xxxxxxx, roger.pau@xxxxxxxxxx
Delivery-date: Fri, 18 Dec 2015 17:10:55 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 18.12.15 at 17:59, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 18/12/15 16:37, Jan Beulich wrote:
>>>>> On 18.12.15 at 17:28, <andrew.cooper3@xxxxxxxxxx> wrote:
>>> On 17/12/15 23:00, Boris Ostrovsky wrote:
>>>> diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
>>>> index a7767f8..871aca0 100644
>>>> --- a/xen/arch/x86/mm.c
>>>> +++ b/xen/arch/x86/mm.c
>>>> @@ -3019,6 +3019,25 @@ long do_mmuext_op(
>>>>              break;
>>>>          }
>>>>  
>>>> +        if ( has_hvm_container_domain(d) )
>>>> +        {
>>>> +            switch ( op.cmd )
>>>> +            {
>>>> +            case MMUEXT_PIN_L1_TABLE:
>>>> +            case MMUEXT_PIN_L2_TABLE:
>>>> +            case MMUEXT_PIN_L3_TABLE:
>>>> +            case MMUEXT_PIN_L4_TABLE:
>>>> +            case MMUEXT_UNPIN_TABLE:
>>>> +                if ( is_control_domain(d) )
>>>> +                    break;
>>> This needs to be an XSM check, rather than a dom0 check.  Consider the
>>> usecase of a PVH/DMLite domain builder stubdomain.
>> But wouldn't that be the control domain then? Afaict by making this
>> an XSM check we'd also permit the hardware domain access to these,
>> for no reason. In fact we should probably further restrict this to
>> d != pg_owner.
> 
> Any domain needing to construct PV domains needs to be able to make
> these hypercalls against the target domain.
> 
> Therefore, the only valid check is whether XSM will permit 'current' to
> issue the hypercall against 'd', irrespective of whether current is the
> control domain, the hardware domain, or something else.
> 
> I think all that is needed is xsm_mmuext_op(XSM_TARGET, d, pg_owner)

Which, as Boris has just pointed out, is already there. But which
also allows the d to issue such operations on itself.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables
  - From: Boris Ostrovsky
- Re: [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH 2/4] build: Alloc space for sched list in the link file
Next by Date: Re: [Xen-devel] [PATCH 2/4] build: Alloc space for sched list in the link file
Previous by thread: Re: [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables
Next by thread: Re: [Xen-devel] [PATCH v3] x86/HVM: Merge HVM and PVH hypercall tables
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.