[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 4/4] x86/hvm: add stricter permissions checks to ioreq server control plane



>>> On 16.03.18 at 17:58, <paul.durrant@xxxxxxxxxx> wrote:
> There has always been an intention in the ioreq server API that only the
> domain that creates an ioreq server should be able to manipulate it.
> However, so far, nothing has enforced this. This means that two domains
> with DM_PRIV over a target domain can currently manipulate each others
> ioreq servers.
> 
> A previous patch added code to take a reference and store a pointer to the
> domain that creates an ioreq server. This patch now adds checks to the
> functions that manipulate the ioreq server to make sure they are being
> called by the same domain.
> 
> Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.