[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v8] x86/altp2m: support for setting restrictions for an array of pages
>>> On 11.12.17 at 15:46, <rcojocaru@xxxxxxxxxxxxxxx> wrote: > Quite likely I'm not grasping the full meaning of your objection, > however the added code is merely another interface to already existing > core code - so while admittedly there's room for improvement for the EPT > code below it, this patch really only extends the scope of altp2m's > existing version of set_mem_access() (which currently works on a single > page). In that, it at least doesn't seem to make things worse (it's > really just an optimization - whatever badness this code can cause with > a single call, can already be achieved exactly with a sequence of > xc_altp2m_set_mem_access() calls). That's true. Yet as just said in reply to George, any addition (like the one here) increases the amount of code needing auditing (and perhaps changing) before it could reach fully supported state. This is what I dislike. However, I've also said earlier that I wouldn't stand in the way of doing additions like the one here as long as the code is properly documented as security unsupported. As you've certainly seen, George has meanwhile pointed out that this is already the case. Hence while I won't ack any extension of the badness, I also won't argue against it (at least not in a way preventing the code from going in). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |