[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 2/7] xen: xsm: flask: introduce XENMAPSPACE_gmfn_share for memory sharing



Hi Jan,

2018-02-01 18:23 GMT+08:00 Jan Beulich <JBeulich@xxxxxxxx>:
>>>> On 30.01.18 at 18:50, <blackskygg@xxxxxxxxx> wrote:

[...]

>> --- a/xen/include/xsm/dummy.h
>> +++ b/xen/include/xsm/dummy.h
>> @@ -521,6 +521,12 @@ static XSM_INLINE int 
>> xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, str
>>      return xsm_default_action(action, d, t);
>>  }
>>
>> +static XSM_INLINE int xsm_map_gmfn_share(XSM_DEFAULT_ARG struct domain *d, 
>> struct domain *t)
>
> Line length.
>
>> +{
>> +    XSM_ASSERT_ACTION(XSM_TARGET);
>> +    return xsm_default_action(action, current->domain, t);
>
> How does this represent a proper default equivalent of ...
>
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1196,6 +1196,12 @@ static int flask_map_gmfn_foreign(struct domain *d, 
> struct domain *t)
>      return domain_has_perm(d, t, SECCLASS_MMU, MMU__MAP_READ | 
> MMU__MAP_WRITE);
>  }
>
> +static int flask_map_gmfn_share(struct domain *d, struct domain *t)
> +{
> +    return current_has_perm(t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE) 
> ?:
> +        domain_has_perm(d, t, SECCLASS_MMU, MMU__SHARE_MEM);
>
> ... this?

The full flask check tries to guarantee that:
  1) (c) over (d), which will always be checked somewhere higher in
      the call stack for these kinds of calls;
  2) (c) over (t), namely, MMU__MAP_READ/WRITE;
  3) (d) over (t), namely, MMU__SHARE_MEM

In my default builtin actions, checks 1) and 2) are done by the
xsm_default_action
function, but I can't think of a way to do check 3), because we don't
have the proper
equivalence of MMU__SHARE_MEM (xsm_default_action is definitely not a choice).
Want to hear your and other maintainers' suggestions about how to do
this properly.

>
> Jan
>


Cheers,

Zhongze Liu

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.