[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT

To: George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
From: Isaila Alexandru <aisaila@xxxxxxxxxxxxxxx>
Date: Fri, 20 Jul 2018 14:58:59 +0300
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=aisaila@xxxxxxxxxxxxxxx;
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, tamas@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Fri, 20 Jul 2018 11:59:29 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

> I will absolutely nack any interface where if the caller says,
> "Please
> remove read permission", the hypervisor says, "OK!" but then allows
> read
> permission anyway -- particularly in one which is allegedly designed
> for
> security tools.
> 
> If it's not practical / more work than it's worth doing at the moment
> to
> implement p2m_access_n on NPT, then you should return an error when
> it's
> requested.
> 
> The same really should be true for write-only permission as well --
> if
> it's not possible to allow writes but not reads, then you should
> return
> an error when such permissions are requested.

I will limit the supported access rights and return error for
read/write only and _n. 

Regards, 
Alex

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: Alexandru Isaila
- Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: George Dunlap
- Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: Isaila Alexandru
- Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: Razvan Cojocaru
- Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: Isaila Alexandru
- Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
  - From: George Dunlap

Prev by Date: [Xen-devel] [freebsd-master test] 125467: regressions - trouble: blocked/fail
Next by Date: [Xen-devel] [xen-4.8-testing test] 125365: regressions - FAIL
Previous by thread: Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
Next by thread: Re: [Xen-devel] [PATCH v3] x86/mm: Add mem access rights to NPT
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.