[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v8] x86/altp2m: support for setting restrictions for an array of pages

>>> On 11.12.17 at 15:46, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
> Quite likely I'm not grasping the full meaning of your objection,
> however the added code is merely another interface to already existing
> core code - so while admittedly there's room for improvement for the EPT
> code below it, this patch really only extends the scope of altp2m's
> existing version of set_mem_access() (which currently works on a single
> page). In that, it at least doesn't seem to make things worse (it's
> really just an optimization - whatever badness this code can cause with
> a single call, can already be achieved exactly with a sequence of
> xc_altp2m_set_mem_access() calls).

That's true. Yet as just said in reply to George, any addition (like the
one here) increases the amount of code needing auditing (and
perhaps changing) before it could reach fully supported state. This
is what I dislike. However, I've also said earlier that I wouldn't stand
in the way of doing additions like the one here as long as the code
is properly documented as security unsupported. As you've certainly
seen, George has meanwhile pointed out that this is already the case.
Hence while I won't ack any extension of the badness, I also won't
argue against it (at least not in a way preventing the code from
going in).


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.