[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT

> I will absolutely nack any interface where if the caller says,
> "Please
> remove read permission", the hypervisor says, "OK!" but then allows
> read
> permission anyway -- particularly in one which is allegedly designed
> for
> security tools.
> If it's not practical / more work than it's worth doing at the moment
> to
> implement p2m_access_n on NPT, then you should return an error when
> it's
> requested.
> The same really should be true for write-only permission as well --
> if
> it's not possible to allow writes but not reads, then you should
> return
> an error when such permissions are requested.

I will limit the supported access rights and return error for
read/write only and _n. 


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.