|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xen: add gntdev
On 05/12/12 11:15, Manuel Bouyer wrote: > On Tue, Dec 04, 2012 at 03:07:39PM -0500, Thor Lancelot Simon wrote: >> On Tue, Dec 04, 2012 at 04:26:19PM +0100, Roger Pau Monn? wrote: >>> >>> Independently of what we end up doing as default for handling raw file >>> disks, could someone review this code? >>> >>> It's the first time I've done a device, so someone with more experience >>> should review it. >> >> I am not sure I entirely follow what this code's doing, but it seems to >> me it may allow arbitrary physical pages to be exposed to userspace >> processes in dom0 -- or in a domU, albeit only if dom0 userspace says so. >> >> Is that a correct understanding of one of its effects? If so, there's >> a problem, since not being able to do precisely that is one important >> assumption of the 4.4BSD security model. > > If I read it properly, It allows only to map pages that are part of a > grant. You provide the ioctl a grant reference, and this is what > the driver uses to find the physical pages. So it should be limited to > pages that are referenced by a grant. Yes, it should be limited to grant pages, you are not able to map arbitrary mfns. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |