xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Adrian Pop <apop@bitdefender.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Tamas K Lengyel <tamas@tklengyel.com>,
	Wei Liu <wei.liu2@citrix.com>,
	Razvan Cojocaru <rcojocaru@bitdefender.com>,
	George Dunlap <george.dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit
Date: Thu, 22 Jun 2017 16:16:00 +0300	[thread overview]
Message-ID: <20170622131600.GA7010@hel> (raw)
In-Reply-To: <594BD0820200007800165C4B@prv-mh.provo.novell.com>

On Thu, Jun 22, 2017 at 06:13:22AM -0600, Jan Beulich wrote:
> >>> On 22.06.17 at 14:04, <apop@bitdefender.com> wrote:
> > On Fri, Jun 16, 2017 at 02:39:10AM -0600, Jan Beulich wrote:
> >> >>> On 15.06.17 at 21:01, <tamas@tklengyel.com> wrote:
> >> > On Fri, Jun 9, 2017 at 10:51 AM, Adrian Pop <apop@bitdefender.com> wrote:
> >> >> --- a/xen/arch/x86/mm/mem_access.c
> >> >> +++ b/xen/arch/x86/mm/mem_access.c
> >> >> @@ -466,6 +466,58 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, 
> > xenmem_access_t *access)
> >> >>  }
> >> >>
> >> >>  /*
> >> >> + * Set/clear the #VE suppress bit for a page.  Only available on VMX.
> >> >> + */
> >> >> +int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
> >> >> +                        unsigned int altp2m_idx)
> >> >> +{
> >> >> +    struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
> >> >> +    struct p2m_domain *ap2m = NULL;
> >> >> +    struct p2m_domain *p2m;
> >> >> +    mfn_t mfn;
> >> >> +    p2m_access_t a;
> >> >> +    p2m_type_t t;
> >> >> +    int rc;
> >> >> +
> >> >> +    if ( !cpu_has_vmx_virt_exceptions )
> >> >> +        return -EOPNOTSUPP;
> >> >> +
> >> >> +    /* This subop should only be used from a privileged domain. */
> >> >> +    if ( !current->domain->is_privileged )
> >> >> +        return -EINVAL;
> >> > 
> >> > This check looks wrong to me. If this subop should only be used by an
> >> > external (privileged) domain then I don't think this should be
> >> > implemented as an HVMOP, looks more like a domctl to me.
> >> 
> >> I think this wants to be an XSM_DM_PRIV check instead.
> > 
> > I'm not sure, but I expect that to not behave as intended security-wise
> > if Xen is compiled without XSM.  Would it?  It would be great if this
> > feature worked well without XSM too.
> 
> Well, without you explaining why you think this wouldn't work
> without XSM, I don't really know what to answer. I suppose
> you've grep-ed for other uses of this and/or other XSM_* values,
> finding that these exist in various places where all is fine without
> XSM?

I'll check what it does then because it's not very clear to me either.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  reply	other threads:[~2017-06-22 13:16 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-09 16:51 [PATCH 0/2] x86: Add a hvmop for setting the #VE suppress bit Adrian Pop
2017-06-09 16:51 ` [PATCH 1/2] x86/mm: Change default value for suppress #VE in set_mem_access() Adrian Pop
2017-06-15 18:49   ` Tamas K Lengyel
2017-07-20 14:38     ` George Dunlap
2017-07-20 16:14       ` Tamas K Lengyel
2017-06-09 16:51 ` [PATCH 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit Adrian Pop
2017-06-12 15:51   ` Wei Liu
2017-06-12 17:30     ` Adrian Pop
2017-06-20 10:29     ` Adrian Pop
2017-06-15 19:01   ` Tamas K Lengyel
2017-06-16  8:39     ` Jan Beulich
2017-06-22 12:04       ` Adrian Pop
2017-06-22 12:13         ` Jan Beulich
2017-06-22 13:16           ` Adrian Pop [this message]
2017-06-22 15:53           ` Adrian Pop
2017-06-22 13:17     ` Adrian Pop
2017-07-20 15:11     ` George Dunlap
2017-07-20 16:26       ` Tamas K Lengyel
2017-06-16 15:29   ` Jan Beulich
2017-06-20 10:28     ` Adrian Pop
2017-06-12 15:46 ` [PATCH v2 0/2] x86: Add a hvmop for setting the #VE suppress bit Adrian Pop

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170622131600.GA7010@hel \
    --to=apop@bitdefender.com \
    --cc=JBeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=rcojocaru@bitdefender.com \
    --cc=tamas@tklengyel.com \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).