Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM

from [Keir Fraser] [Permanent Link][Original]
To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>, Derek Murray <Derek.Murray@xxxxxxxxxxxx>
Subject: Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM
From: Keir Fraser <keir@xxxxxxxxxxxxx>
Date: Fri, 11 May 2007 17:51:32 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Keir Fraser <keir@xxxxxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 11 May 2007 09:50:10 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1178896208.6520.171.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AceT7KCj32f4L//fEdu0qQAX8io7RQ==
Thread-topic: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM
User-agent: Microsoft-Entourage/11.3.3.061214 


On 11/5/07 16:10, "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote:

>> The untidiest cases are where set_foreigndom() is involved. These
>> involve do_mmu_update(), do_update_va_otherdomain() and some
>> mmuext_ops. In particular, on the do_update_va_otherdomain() path,
>> IS_PRIV is checked twice. It would seem to me that the cleanest way
>> to do this is to have the permission check first (can domain X access
>> MFN Y of domain Z?), then carry out the set_foreigndom() logic.
>> 
> 
> I think I agree.

In this case you theoretically race reuse of the domid, don't you? Actually
you are saved by the RCU mechanism, but why is doing the check after
set_foreigndom() hard? The error path out of e.g., do_mmu_update() will
correctly give up the foreign reference.

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, George S. Coker, II
Next by Date:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, George S. Coker, II
Previous by Thread:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, George S. Coker, II
Next by Thread:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, George S. Coker, II
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy