[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V2] x86/altp2m: Added xc_altp2m_set_mem_access_multi()

On 03/10/2017 09:31 AM, Jan Beulich wrote:
>>>> On 09.03.17 at 18:15, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> On 03/09/2017 06:56 PM, Jan Beulich wrote:
>>>>>> On 09.03.17 at 10:38, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>>> @@ -4535,6 +4536,30 @@ static int do_altp2m_op(
>>>>                                      a.u.set_mem_access.view);
>>>>          break;
>>>>  
>>>> +    case HVMOP_altp2m_set_mem_access_multi:
>>>> +        if ( a.u.set_mem_access_multi.pad ||
>>>> +             a.u.set_mem_access_multi.opaque >= 
>>>> a.u.set_mem_access_multi.nr 
>> )
>>>> +        {
>>>> +            rc = -EINVAL;
>>>> +            break;
>>>> +        }
>>>> +        rc = p2m_set_mem_access_multi(d, 
>>>> a.u.set_mem_access_multi.pfn_list,
>>>> +                                      
>>>> a.u.set_mem_access_multi.access_list,
>>>> +                                      a.u.set_mem_access_multi.nr,
>>>> +                                      a.u.set_mem_access_multi.opaque,
>>>> +                                      MEMOP_CMD_MASK,
>>>> +                                      a.u.set_mem_access_multi.view);
>>>> +        if ( rc > 0 )
>>>> +        {
>>>> +            a.u.set_mem_access_multi.opaque = rc;
>>>> +            if ( __copy_to_guest(arg, &a, 1) )
>>>> +                rc = -EFAULT;
>>>> +            else
>>>> +                rc = hypercall_create_continuation(__HYPERVISOR_hvm_op, 
>> "lh",
>>>> +                                                   HVMOP_altp2m, arg);
>>>> +        }
>>>> +        break;
>>>
>>> Okay, so this is a hvmop, in which case I'm fine with the continuation
>>> model used.
>>>
>>> However - is this interface supposed to be usable by a guest on itself?
>>> Arguably the same question would apply to some of the other sub-op
>>> too, but anyway.
>>
>> Not for any of our use cases. The whole point is for dom0 (or another
>> suitably privileged domain) to monitor another guest that consequently
>> can't, by design, evade detection of bad behaviour by acting at a higher
>> privilege level than the protection software. It wouldn't make sense for
>> a domain to be doing this on itself.
> 
> In which case this should be a domctl.

Fair enough, if nobody objects I'll then just modify
XENMEM_access_op_set_access_multi to take a view_id as well an just
piggyback on that. It already does the right thing underneath.


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.