[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM.



On Wed, Aug 3, 2016 at 11:56 AM, Julien Grall <julien.grall@xxxxxxx> wrote:
>
>
> On 03/08/16 18:51, Tamas K Lengyel wrote:
>>
>> On Wed, Aug 3, 2016 at 11:45 AM, Julien Grall <julien.grall@xxxxxxx>
>> wrote:
>>>
>>> The whole discussion of this series was to defer the exposition of altp2m
>>> HVMOP to the guest until we find a usage. I.e a simple:
>>>
>>> xsm_hvm_altp2m_op(XSM_PRIV/XSM_DM_PRIV, d);
>>>
>>> So why do you want to re-invent a new interface here?
>>
>>
>> I guess I misinterpreted your request of not having this interface
>> exposed to the guest. If we are fine with exposing the interface to
>> the guest but having XSM manage whether it's allowed by default I'm
>> certainly OK with that.
>
>
> By default the interface will not be exposed to the guest.
> XSM_PRIV/XSM_DM_PRIV only allow a privileged domain or a device model domain
> to use the interface. The guest will not be enabled to access it.

Yes. I guess our terminology differs about what we mean by "exposed".
In my book if the interface is available to the guest but access
attempts are denied by XSM that means the interface is exposed but
restricted.

>
> If the user decide to allow a guest accessing altp2m op with XSM, then I
> don't think it our business if a security issue is exposed.
>

I agree.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.