[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap

To: Mukesh Rathor <mukesh.rathor@xxxxxxxxxx>
From: Mukesh Rathor <mukesh.rathor@xxxxxxxxxx>
Date: Fri, 21 Feb 2014 15:53:18 -0800
Cc: Xen-devel@xxxxxxxxxxxxxxxxxxx, Ian Campbell <ian.campbell@xxxxxxxxxx>, george.dunlap@xxxxxxxxxxxxx, Julien Grall <julien.grall@xxxxxxxxxx>, tim@xxxxxxx, keir.xen@xxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, dgdegra@xxxxxxxxxxxxx
Delivery-date: Fri, 21 Feb 2014 23:54:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, 20 Feb 2014 17:22:34 -0800
Mukesh Rathor <mukesh.rathor@xxxxxxxxxx> wrote:

> On Thu, 20 Feb 2014 13:49:58 +0000
> Julien Grall <julien.grall@xxxxxxxxxx> wrote:
> 
> > On 02/20/2014 02:22 AM, Mukesh Rathor wrote:
> > > On Wed, 12 Feb 2014 16:47:54 +0000
> > > Julien Grall <julien.grall@xxxxxxxxxx> wrote:
> > > 
> > >> Hi Mukesh,
> > >>
> > >> On 12/17/2013 02:38 AM, Mukesh Rathor wrote:
> > >>> In preparation for the next patch, we update xsm_add_to_physmap
> > >>> to allow for checking of foreign domain. Thus, the current
> > >>> domain must have the right to update the mappings of target
> > >>> domain with pages from foreign domain.
> > >>>
> > >>> Signed-off-by: Mukesh Rathor <mukesh.rathor@xxxxxxxxxx>
> > >>
> > >> While I was playing with XSM on ARM, I have noticed that Daniel
> > >> De Graff has added xsm_map_gfmn_foreign few months ago (see
> > >> commit 0b201e6).
> > >>
> > >> Would it be suitable to use this XSM instead of extending
> > >> xsm_add_to_physmap?
> > >>
> > >> Regards,
> > >>
> > > 
> > > Not the same thing. add to physmap could be adding to a domain's
> > > physmap pages from a foreign domain.
> > 
> > Let assume you don't modify xsm_add_to_physmap, in this case:
> >    - xsm_add_to_physmap checks if the current domain is allowed to
> > modify the p2m of a given domain
> >    - xsm_map_gfmn_foreign checks if the given domain is allowed to
> > have foreign mapping from the foreign domain
> > 
> > Both XSM are distinct and should be used together. You don't care
> > that
> 
> I see, i thought you meant replace one with another. I am not a
> security expert, so just followed the suggestions. But looking at the
> code looks like above is the way to go, and I can just drop my
> xsm_add_to_physmap change patch (which btw doesn't check whether
> target has access to foreign mappings, so is prob not correct).
> Thanks for noticing.


BTW, in include/xsm/xsm.h, shouldn't 

static inline int xsm_map_gmfn_foreign (struct domain *d, struct domain *t)

be

static inline int xsm_map_gmfn_foreign (xsm_default_t def, struct domain *d, 
struct domain *t)

not sure how you were able to compile xsm enabled in arm???

thanks
Mukesh


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Julien Grall

References:
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Julien Grall
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Mukesh Rathor
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Julien Grall
- Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
  - From: Mukesh Rathor

Prev by Date: Re: [Xen-devel] function snprintf() in xen_save_domain.c for debugged
Next by Date: Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
Previous by thread: Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
Next by thread: Re: [Xen-devel] [V7 PATCH 5/7] pvh: change xsm_add_to_physmap
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.