[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 07/17] flask: unify {get, set}vcpucontext permissions


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Mon, 20 Jun 2016 10:50:25 -0400
  • Delivery-date: Mon, 20 Jun 2016 14:50:31 +0000
  • Ironport-phdr: 9a23:ZQN1YRBa1l0xyvLN20nMUyQJP3N1i/DPJgcQr6AfoPdwSP/9psbcNUDSrc9gkEXOFd2CrakU2qyH7uu/CCQp2tWojjMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3DwdpPOO9QteU1JTmkbHvsMKCKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu5NznlpL1/A1zz158O34YIxu38I46Fp34d6XK77Z6U1S6BDRHRjajhtpZ7Wrx2LcS+jrjtZCD1XwVJ0BF3s6h3gU4i5mSz9rudnkH2TO8HsQK9yUjOl96pxEzfjiTsdNi5/+2bS3Ig4oKVGr1qOoBhz2JLZYYfdYPF3ZK/acPsRTHBNWcsXXCtEVMf0f4YJSuYMI+tch438vEcV6wuzA0+rHuy85CVPgyra1Ks73uBpPQyO8xYpFtxG5HjboNj6Lq46TfG+zK6Oyy7KKfxRx2Guu8Dzbhk9rKTUDvpLes3LxBxqTlmdgw==
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/20/2016 10:35 AM, Andrew Cooper wrote:
On 20/06/16 15:27, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
These permissions were initially split because they were in separate
domctls, but this split is very unlikely to actually provide security
benefits: it would require a carefully contrived situation for a domain
to both need access to one type of CPU register and also need to be
prohibited from accessing another type.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
I'm a:

Reviewed-by: Doug Goldstein <cardoe@xxxxxxxxxx>

But I'd like to see Andrew Cooper's R-b or comments as well.


I agree.  I can't see a plausible usecase for an entity being entitled
to read vcpu content, but not to modify it.

Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

That's not exactly what this patch does: the get and set permissions
are still split, but unified across the different types of registers.
Where previously there were 6 permissions, now there are 2.

A use case where you would be entitled to read but not modify is a
monitoring domain (remote virus scanner, for example) which needs
read access to scan but does not do remediation itself.

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.