From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752017AbdBIQTb (ORCPT ); Thu, 9 Feb 2017 11:19:31 -0500 Received: from smtp.eu.citrix.com ([185.25.65.24]:5880 "EHLO SMTP.EU.CITRIX.COM" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751446AbdBIQTa (ORCPT ); Thu, 9 Feb 2017 11:19:30 -0500 X-IronPort-AV: E=Sophos;i="5.35,137,1484006400"; d="scan'208";a="40487776" Subject: Re: [Xen-devel] [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP To: Jan Beulich , Paul Durrant , Boris Ostrovsky References: <1486649866-4869-1-git-send-email-paul.durrant@citrix.com> <1486649866-4869-3-git-send-email-paul.durrant@citrix.com> <8ef1299559e24d96ba8bbab49baee5ae@AMSPEX02CL03.citrite.net> <16ec962f-0835-1244-ddd5-e711c5d7cefd@citrix.com> <589CA0FA0200007800138547@prv-mh.provo.novell.com> CC: "xen-devel@lists.xenproject.org" , Juergen Gross , "linux-kernel@vger.kernel.org" From: Andrew Cooper Message-ID: <680886ee-cdeb-e047-9bae-9f68cf87e69d@citrix.com> Date: Thu, 9 Feb 2017 16:08:10 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0 MIME-Version: 1.0 In-Reply-To: <589CA0FA0200007800138547@prv-mh.provo.novell.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-ClientProxiedBy: AMSPEX02CAS01.citrite.net (10.69.22.112) To AMSPEX02CL02.citrite.net (10.69.22.126) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/02/17 16:03, Jan Beulich wrote: >>>> On 09.02.17 at 16:56, wrote: >> On 09/02/17 15:50, Boris Ostrovsky wrote: >>> >>> On 02/09/2017 09:27 AM, Paul Durrant wrote: >>>>> -----Original Message----- >>>>> From: Paul Durrant [mailto:paul.durrant@citrix.com] >>>>> Sent: 09 February 2017 14:18 >>>>> To: xen-devel@lists.xenproject.org; linux-kernel@vger.kernel.org >>>>> Cc: Paul Durrant ; Boris Ostrovsky >>>>> ; Juergen Gross >>>>> Subject: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP >>>>> >>>>> Recently a new dm_op[1] hypercall was added to Xen to provide a >>>>> mechanism >>>>> for restricting device emulators (such as QEMU) to a limited set of >>>>> hypervisor operations, and being able to audit those operations in the >>>>> kernel of the domain in which they run. >>>>> >>>>> This patch adds IOCTL_PRIVCMD_DM_OP as gateway for >>>>> __HYPERVISOR_dm_op, >>>>> bouncing the callers buffers through kernel memory to allow the address >>>>> ranges to be audited (and negating the need to bounce through locked >>>>> memory in user-space). >>>> Actually, it strikes me (now that I've posted the patch) that I >>>> should probably just mlock the user buffers rather than bouncing them >>>> through kernel... Anyway, I'd still appreciate review on other >>>> aspects of the patch. >>> >>> Are you suggesting that the caller (user) mlocks the buffers? >> Doesn't libxc already use the hypercall buffer API for each of the buffers? >> >> The kernel oughtn’t to need to do anything special to the user pointers >> it has, other than call access_ok() on them. > And translate 32-bit layout to 64-bit for a compat caller. Ah yes (although that looks to be done suitably in the patch as presented). ~Andrew From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP Date: Thu, 9 Feb 2017 16:08:10 +0000 Message-ID: <680886ee-cdeb-e047-9bae-9f68cf87e69d@citrix.com> References: <1486649866-4869-1-git-send-email-paul.durrant@citrix.com> <1486649866-4869-3-git-send-email-paul.durrant@citrix.com> <8ef1299559e24d96ba8bbab49baee5ae@AMSPEX02CL03.citrite.net> <16ec962f-0835-1244-ddd5-e711c5d7cefd@citrix.com> <589CA0FA0200007800138547@prv-mh.provo.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cbrI0-0003X4-PV for xen-devel@lists.xenproject.org; Thu, 09 Feb 2017 16:09:44 +0000 In-Reply-To: <589CA0FA0200007800138547@prv-mh.provo.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Jan Beulich , Paul Durrant , Boris Ostrovsky Cc: Juergen Gross , "xen-devel@lists.xenproject.org" , "linux-kernel@vger.kernel.org" List-Id: xen-devel@lists.xenproject.org T24gMDkvMDIvMTcgMTY6MDMsIEphbiBCZXVsaWNoIHdyb3RlOgo+Pj4+IE9uIDA5LjAyLjE3IGF0 IDE2OjU2LCA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4gd3JvdGU6Cj4+IE9uIDA5LzAyLzE3 IDE1OjUwLCBCb3JpcyBPc3Ryb3Zza3kgd3JvdGU6Cj4+Pgo+Pj4gT24gMDIvMDkvMjAxNyAwOToy NyBBTSwgUGF1bCBEdXJyYW50IHdyb3RlOgo+Pj4+PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0t LQo+Pj4+PiBGcm9tOiBQYXVsIER1cnJhbnQgW21haWx0bzpwYXVsLmR1cnJhbnRAY2l0cml4LmNv bV0KPj4+Pj4gU2VudDogMDkgRmVicnVhcnkgMjAxNyAxNDoxOAo+Pj4+PiBUbzogeGVuLWRldmVs QGxpc3RzLnhlbnByb2plY3Qub3JnOyBsaW51eC1rZXJuZWxAdmdlci5rZXJuZWwub3JnIAo+Pj4+ PiBDYzogUGF1bCBEdXJyYW50IDxQYXVsLkR1cnJhbnRAY2l0cml4LmNvbT47IEJvcmlzIE9zdHJv dnNreQo+Pj4+PiA8Ym9yaXMub3N0cm92c2t5QG9yYWNsZS5jb20+OyBKdWVyZ2VuIEdyb3NzIDxq Z3Jvc3NAc3VzZS5jb20+Cj4+Pj4+IFN1YmplY3Q6IFtQQVRDSCAyLzNdIHhlbi9wcml2Y21kOiBB ZGQgSU9DVExfUFJJVkNNRF9ETV9PUAo+Pj4+Pgo+Pj4+PiBSZWNlbnRseSBhIG5ldyBkbV9vcFsx XSBoeXBlcmNhbGwgd2FzIGFkZGVkIHRvIFhlbiB0byBwcm92aWRlIGEKPj4+Pj4gbWVjaGFuaXNt Cj4+Pj4+IGZvciByZXN0cmljdGluZyBkZXZpY2UgZW11bGF0b3JzIChzdWNoIGFzIFFFTVUpIHRv IGEgbGltaXRlZCBzZXQgb2YKPj4+Pj4gaHlwZXJ2aXNvciBvcGVyYXRpb25zLCBhbmQgYmVpbmcg YWJsZSB0byBhdWRpdCB0aG9zZSBvcGVyYXRpb25zIGluIHRoZQo+Pj4+PiBrZXJuZWwgb2YgdGhl IGRvbWFpbiBpbiB3aGljaCB0aGV5IHJ1bi4KPj4+Pj4KPj4+Pj4gVGhpcyBwYXRjaCBhZGRzIElP Q1RMX1BSSVZDTURfRE1fT1AgYXMgZ2F0ZXdheSBmb3IKPj4+Pj4gX19IWVBFUlZJU09SX2RtX29w LAo+Pj4+PiBib3VuY2luZyB0aGUgY2FsbGVycyBidWZmZXJzIHRocm91Z2gga2VybmVsIG1lbW9y eSB0byBhbGxvdyB0aGUgYWRkcmVzcwo+Pj4+PiByYW5nZXMgdG8gYmUgYXVkaXRlZCAoYW5kIG5l Z2F0aW5nIHRoZSBuZWVkIHRvIGJvdW5jZSB0aHJvdWdoIGxvY2tlZAo+Pj4+PiBtZW1vcnkgaW4g dXNlci1zcGFjZSkuCj4+Pj4gQWN0dWFsbHksIGl0IHN0cmlrZXMgbWUgKG5vdyB0aGF0IEkndmUg cG9zdGVkIHRoZSBwYXRjaCkgdGhhdCBJCj4+Pj4gc2hvdWxkIHByb2JhYmx5IGp1c3QgbWxvY2sg dGhlIHVzZXIgYnVmZmVycyByYXRoZXIgdGhhbiBib3VuY2luZyB0aGVtCj4+Pj4gdGhyb3VnaCBr ZXJuZWwuLi4gQW55d2F5LCBJJ2Qgc3RpbGwgYXBwcmVjaWF0ZSByZXZpZXcgb24gb3RoZXIKPj4+ PiBhc3BlY3RzIG9mIHRoZSBwYXRjaC4KPj4+Cj4+PiBBcmUgeW91IHN1Z2dlc3RpbmcgdGhhdCB0 aGUgY2FsbGVyICh1c2VyKSBtbG9ja3MgdGhlIGJ1ZmZlcnM/Cj4+IERvZXNuJ3QgbGlieGMgYWxy ZWFkeSB1c2UgdGhlIGh5cGVyY2FsbCBidWZmZXIgQVBJIGZvciBlYWNoIG9mIHRoZSBidWZmZXJz Pwo+Pgo+PiBUaGUga2VybmVsIG91Z2h0buKAmXQgdG8gbmVlZCB0byBkbyBhbnl0aGluZyBzcGVj aWFsIHRvIHRoZSB1c2VyIHBvaW50ZXJzCj4+IGl0IGhhcywgb3RoZXIgdGhhbiBjYWxsIGFjY2Vz c19vaygpIG9uIHRoZW0uCj4gQW5kIHRyYW5zbGF0ZSAzMi1iaXQgbGF5b3V0IHRvIDY0LWJpdCBm b3IgYSBjb21wYXQgY2FsbGVyLgoKQWggeWVzIChhbHRob3VnaCB0aGF0IGxvb2tzIHRvIGJlIGRv bmUgc3VpdGFibHkgaW4gdGhlIHBhdGNoIGFzIHByZXNlbnRlZCkuCgp+QW5kcmV3CgpfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGlu ZyBsaXN0Clhlbi1kZXZlbEBsaXN0cy54ZW4ub3JnCmh0dHBzOi8vbGlzdHMueGVuLm9yZy94ZW4t ZGV2ZWwK