From: George Dunlap <george.dunlap@citrix.com>
To: Jan Beulich <JBeulich@suse.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Wei Liu <wei.liu2@citrix.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Tim Deegan <tim@xen.org>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: Ping: [PATCH] XSA-77: widen scope again
Date: Mon, 9 May 2016 17:19:38 +0100 [thread overview]
Message-ID: <5730B89A.2050904@citrix.com> (raw)
In-Reply-To: <572C6DF202000078000E8F07@prv-mh.provo.novell.com>
On 06/05/16 09:12, Jan Beulich wrote:
>>>> On 29.04.16 at 11:35, <JBeulich@suse.com> wrote:
>> As discussed on the hackathon, avoid us having to issue security
>> advisories for issues affecting only heavily disaggregated tool stack
>> setups, which no-one appears to use (or else they should step up to get
>> things into shape).
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> Ping?
>
>> ---
>> As we want to retain supported status of stubdom qemu: Does qemu use
>> any others when use in a stub domain?
>>
>> --- a/docs/misc/xsm-flask.txt
>> +++ b/docs/misc/xsm-flask.txt
>> @@ -59,68 +59,16 @@ http://www.xenproject.org/security-polic
>>
>> __HYPERVISOR_domctl (xen/include/public/domctl.h)
>>
>> - The following subops are covered by this statement. subops not listed
>> - here are considered safe for disaggregation.
>> + All subops except for the following are covered by this statement.
Sorry I'm just getting to this -- I think the wording is a bit unclear here.
The previous wording made it clear what "covered by this statement"
means -- i.e., "subops not listed here are considered safe for
disaggregation".
Maybe something like this:
"All subops except the following are covered by this statement. (That
is, only the subops below are considered safe for disaggregation.)"
>>
>> - * XEN_DOMCTL_createdomain
>> - * XEN_DOMCTL_destroydomain
>> - * XEN_DOMCTL_getmemlist
>> - * XEN_DOMCTL_setvcpuaffinity
>> - * XEN_DOMCTL_shadow_op
>> - * XEN_DOMCTL_max_mem
>> - * XEN_DOMCTL_setvcpucontext
>> - * XEN_DOMCTL_getvcpucontext
>> - * XEN_DOMCTL_max_vcpus
>> - * XEN_DOMCTL_scheduler_op
>> - * XEN_DOMCTL_iomem_permission
>> - * XEN_DOMCTL_gethvmcontext
>> - * XEN_DOMCTL_sethvmcontext
>> - * XEN_DOMCTL_set_address_size
>> - * XEN_DOMCTL_assign_device
>> - * XEN_DOMCTL_pin_mem_cacheattr
>> - * XEN_DOMCTL_set_ext_vcpucontext
>> - * XEN_DOMCTL_get_ext_vcpucontext
>> - * XEN_DOMCTL_test_assign_device
>> - * XEN_DOMCTL_set_target
>> - * XEN_DOMCTL_deassign_device
>> - * XEN_DOMCTL_get_device_group
>> - * XEN_DOMCTL_set_machine_address_size
>> - * XEN_DOMCTL_debug_op
>> - * XEN_DOMCTL_gethvmcontext_partial
>> - * XEN_DOMCTL_vm_event_op
>> - * XEN_DOMCTL_mem_sharing_op
>> - * XEN_DOMCTL_setvcpuextstate
>> - * XEN_DOMCTL_getvcpuextstate
>> - * XEN_DOMCTL_set_access_required
>> - * XEN_DOMCTL_set_virq_handler
>> - * XEN_DOMCTL_set_broken_page_p2m
>> - * XEN_DOMCTL_setnodeaffinity
>> - * XEN_DOMCTL_gdbsx_guestmemio
>> + * XEN_DOMCTL_ioport_mapping
>> + * XEN_DOMCTL_memory_mapping
>> + * XEN_DOMCTL_bind_pt_irq
>> + * XEN_DOMCTL_unbind_pt_irq
>>
>> __HYPERVISOR_sysctl (xen/include/public/sysctl.h)
>>
>> - The following subops are covered by this statement. subops not listed
>> - here are considered safe for disaggregation.
>> -
>> - * XEN_SYSCTL_readconsole
>> - * XEN_SYSCTL_tbuf_op
>> - * XEN_SYSCTL_physinfo
>> - * XEN_SYSCTL_sched_id
>> - * XEN_SYSCTL_perfc_op
>> - * XEN_SYSCTL_getdomaininfolist
>> - * XEN_SYSCTL_debug_keys
>> - * XEN_SYSCTL_getcpuinfo
>> - * XEN_SYSCTL_availheap
>> - * XEN_SYSCTL_get_pmstat
>> - * XEN_SYSCTL_cpu_hotplug
>> - * XEN_SYSCTL_pm_op
>> - * XEN_SYSCTL_page_offline_op
>> - * XEN_SYSCTL_lockprof_op
>> - * XEN_SYSCTL_cputopoinfo
>> - * XEN_SYSCTL_numainfo
>> - * XEN_SYSCTL_cpupool_op
>> - * XEN_SYSCTL_scheduler_op
>> - * XEN_SYSCTL_coverage_op
>> + All subops are covered by this statement.
"... (That is, no subops are considered safe for disaggregation.)"
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-05-09 16:20 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-29 9:35 [PATCH] XSA-77: widen scope again Jan Beulich
2016-05-06 8:12 ` Ping: " Jan Beulich
2016-05-09 16:19 ` George Dunlap [this message]
2016-05-10 6:41 ` Jan Beulich
2016-05-06 14:26 ` Wei Liu
2016-05-09 9:31 ` Jan Beulich
2016-05-09 10:56 ` Wei Liu
2016-05-09 11:18 ` Jan Beulich
2016-05-09 11:20 ` Wei Liu
2016-05-09 14:16 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5730B89A.2050904@citrix.com \
--to=george.dunlap@citrix.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.