|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3] hvm/altp2m: Clarify the proper way to extend the altp2m interface
On Tue, Jul 31, 2018 at 04:03:31PM +0100, George Dunlap wrote: > diff --git a/xen/include/public/hvm/params.h b/xen/include/public/hvm/params.h > index 2ec2e7c80f..daa28a86be 100644 > --- a/xen/include/public/hvm/params.h > +++ b/xen/include/public/hvm/params.h > @@ -239,6 +239,11 @@ > * mixed: allow access to all altp2m ops for both in-guest and external > tools > * external: allow access to external privileged tools only > * limited: guest only has limited access (ie. control VMFUNC and #VE) > + * > + * Note that 'mixed' mode has not been evaluated for safety from a > + * security perspective. Before using this mode in a > + * security-critical environment, each subop should be evaluated for > + * safety, with unsafe subops blacklisted in xsm_hvm_altp2mhvm_op(). Oh, one minor nit: I think I will replace xsm_hvm_altp2mhvm_op with just "XSM" if possible -- there is no need to mention an internal function in public header. Wei. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |