Re: [PATCH v3 1/2] x86/mem-sharing: Bulk mem-sharing entire domains

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>, Tamas K Lengyel <tamas@tklengyel.com>
Cc: Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH v3 1/2] x86/mem-sharing: Bulk mem-sharing entire domains
Date: Fri, 13 May 2016 11:35:21 -0400	[thread overview]
Message-ID: <5735F439.3050203@tycho.nsa.gov> (raw)
In-Reply-To: <57360A4902000078000EB485@prv-mh.provo.novell.com>

On 05/13/2016 11:09 AM, Jan Beulich wrote:
>>>> On 13.05.16 at 16:50, <tamas@tklengyel.com> wrote:
[...]
>>>> @@ -1468,6 +1505,69 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg)
>>>>           }
>>>>           break;
>>>>
>>>> +        case XENMEM_sharing_op_bulk_share:
>>>> +        {
>>>> +            unsigned long max_sgfn, max_cgfn;
>>>> +            struct domain *cd;
>>>> +
>>>> +            rc = -EINVAL;
>>>> +            if ( !mem_sharing_enabled(d) )
>>>> +                goto out;
>>>> +
>>>> +            rc = rcu_lock_live_remote_domain_by_id(mso.u.bulk.client_domain,
>>>> +                                                   &cd);
>>>> +            if ( rc )
>>>> +                goto out;
>>>> +
>>>> +            rc = xsm_mem_sharing_op(XSM_DM_PRIV, d, cd, mso.op);
>>>
>>> Either you pass XENMEM_sharing_op_share here, or you need to
>>> update xen/xsm/flask/policy/access_vectors (even if it's only a
>>> comment which needs updating).
>>
>> Right, it should actually be sharing_op_share here.
>>
>>>
>>> That said - are this and the similar pre-existing XSM checks actually
>>> correct? I.e. is one of the two domains here really controlling the
>>> other? I would have expected that a tool stack domain initiates the
>>> sharing between two domains it controls...
>>
>> Not sure what was the original rationale behind it either.
>
> Daniel - any opinion on this one?

This hook checks two permissions; the primary check is that current (which
is not either argument) can perform HVM__MEM_SHARING on (cd).  When XSM is
disabled, this is checked as device model permissions.  I don't think this
is what you were asking about, because this is actually a control operation.

The other permission check invoked by this hook, only when XSM is enabled,
is a check for HVM__SHARE_MEM between (d) and (cd).  This is to allow a
security policy to be written that forbids memory sharing between different
users but allow it between VMs belonging to a single user (as an example).

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2016-05-13 15:35 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-12 15:25 [PATCH v3 1/2] x86/mem-sharing: Bulk mem-sharing entire domains Tamas K Lengyel
2016-05-12 15:25 ` [PATCH v3 2/2] tests/mem-sharing: Add bulk option to memshrtool Tamas K Lengyel
2016-05-13 12:00 ` [PATCH v3 1/2] x86/mem-sharing: Bulk mem-sharing entire domains Jan Beulich
2016-05-13 14:50   ` Tamas K Lengyel
2016-05-13 15:09     ` Jan Beulich
2016-05-13 15:31       ` Tamas K Lengyel
2016-05-13 16:12         ` Jan Beulich
2016-05-13 16:29           ` Tamas K Lengyel
2016-05-17  7:49             ` Jan Beulich
2016-05-13 15:35       ` Daniel De Graaf [this message]
2016-05-13 16:19         ` Jan Beulich
  -- strict thread matches above, loose matches on Subject: below --
2015-10-15 18:09 Tamas K Lengyel
2015-10-16  6:46 ` Jan Beulich
2015-10-16 17:02   ` Tamas K Lengyel
2015-10-19  9:04     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5735F439.3050203@tycho.nsa.gov \
    --to=dgdegra@tycho.nsa.gov \
    --cc=JBeulich@suse.com \
    --cc=tamas@tklengyel.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.