Re: [Xen-devel] HVMOP_guest_request_vm_event only works from guest in ring0

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 04/08/16 08:23, Jan Beulich wrote:
>>>> On 03.08.16 at 23:00, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> On 08/03/16 23:44, Andrew Cooper wrote:
>>> --- a/xen/arch/x86/hvm/hvm.c
>>> +++ b/xen/arch/x86/hvm/hvm.c
>>> @@ -5194,8 +5194,14 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
>>>      switch ( mode )
>>>      {
>>>      case 8:       
>>> +        if ( eax == __HYPERVISOR_hvm_op &&
>>> +             regs->rdi == HVMOP_guest_request_vm_event )
>>> +            break;
>>>      case 4:
>>>      case 2:
>>> +        if ( eax == __HYPERVISOR_hvm_op &&
>>> +             regs->ebx == HVMOP_guest_request_vm_event )
>>> +            break;
>>>          hvm_get_segment_register(curr, x86_seg_ss, &sreg);
>>>          if ( unlikely(sreg.attr.fields.dpl) )
>>> {
>> Indeed, if everyone agrees that the patch is acceptable I'm happy to
>> send it to xen-devel. It'd obviously be great if this ends up upstream.
> Well, I'm not convinced special casing like this is a good idea.

Why?  Userspace can very easily make this action happen, but only in
inefficient ways involving unnecessary emulation and likely pretending
to be malware.

Blocking access only increases the overhead of the communication
channel.  It doesn't in any way prevent it.

> And I'd really like to get a reference to previous discussions (as mentioned 
> by Andrew).

You mean the userspace hypercalls discussion?  "[Xen-devel] RFC
Userspace hypercalls"

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel