WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] XSM support for recently added priv hypercall ops

To: "George S. Coker, II" <george.coker@xxxxxxxxx>
Subject: Re: [Xen-devel] XSM support for recently added priv hypercall ops
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Thu, 13 Dec 2007 18:13:35 -0500
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, gscoker@xxxxxxxxxxxxxx
Delivery-date: Thu, 13 Dec 2007 15:14:40 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <ff0b9d4e0712131043l5f805cc2x5285155d813ced80@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

George,

when these hooks are enforced, do today's libraries and applications react approriately?

Would it not make sense to use the same hook for getting the cpu context and the extended cpu context?

   Stefan

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 12/13/2007 01:43:16 PM:

> The attached patch provides an update to XSM and the associated
> security modules.  This patch enables
> XSM to interpose on the recently added privileged hypercall operations
> as well as refactors the existing
> IO assignment hooks.
>
> The patch applies cleanly against changeset 16606:8f0cbfc478d6.
>
> Signed-off by: George Coker <george.coker@xxxxxxxxx>, <gscoker@xxxxxxxxxxxxxx>
>
> XSM:
>
> The following hooks are added:
>     xsm_sendtrigger
>     xsm_test_assign_device
>     xsm_assign_device
>     xsm_bind_pt_irq
>     xsm_pin_mem_cacheattr
>     xsm_ext_vcpucontext
>     xsm_firmware_info
>     xsm_acpi_sleep
>     xsm_change_freq
>     xsm_getideltime
>     xsm_debug_keys
>     xsm_getcpuinfo
>     xsm_availheap
>     xsm_add_range
>     xsm_remove_range
>
> The following hooks are deprecated:
>     xsm_irq_permission
>     xsm_iomem_permission
>     xsm_ioport_permission
>
> The functionality provided by the deprecated hooks has been refactored
> into the xsm_add_range and
> xsm_remove_range hooks.  The refactoring enables XSM to centralize the
> interposition on IO resource
> assignment.  The refactoring was necessitated by the addition of the
> XEN_DOMCTL_memory_mapping
> and XEN_DOMCTL_ioport_mapping operations to support HVM domains.
>
> ACM:
>     - no updates to ACM
>
> FLASK:
>      - updated and refactored to implement the new XSM hooks
> [attachment "update-xsm-121307-xen-16606.diff" deleted by Stefan
> Berger/Watson/IBM] _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel