From mboxrd@z Thu Jan  1 00:00:00 1970
From: Don Slutz <dslutz@verizon.com>
Subject: Re: [PATCH for-4.5 v6 00/16] Xen VMware tools support
Date: Thu, 02 Oct 2014 15:20:15 -0400
Message-ID: <542DA56F.8050400@terremark.com>
References: <1411236447-7435-1-git-send-email-dslutz@verizon.com>
	<1411394209.18331.113.camel@kazak.uk.xensource.com>
	<54203DE9.9040307@eu.citrix.com>
	<1411400048.26552.10.camel@kazak.uk.xensource.com>
	<54204280.2030408@eu.citrix.com>
	<542067EC020000780003731E@mail.emea.novell.com>
	<20140925103712.GA92778@deinos.phlegethon.org>
	<5425C5E9.6010102@terremark.com>
	<20141002100507.GB43394@deinos.phlegethon.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <20141002100507.GB43394@deinos.phlegethon.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Tim Deegan <tim@xen.org>, Don Slutz <dslutz@verizon.com>
Cc: Jun Nakajima <jun.nakajima@intel.com>, Kevin Tian <kevin.tian@intel.com>, Keir Fraser <keir@xen.org>, Ian Campbell <Ian.Campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, George Dunlap <george.dunlap@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Eddie Dong <eddie.dong@intel.com>, xen-devel@lists.xen.org, AravindGopalakrishnan <Aravind.Gopalakrishnan@amd.com>, Jan Beulich <JBeulich@suse.com>, Ian Jackson <ian.jackson@eu.citrix.com>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
List-Id: xen-devel@lists.xenproject.org

On 10/02/14 06:05, Tim Deegan wrote:
> At 16:00 -0400 on 26 Sep (1411743641), Don Slutz wrote:
>> On 09/25/14 06:37, Tim Deegan wrote:
>>> At 17:18 +0100 on 22 Sep (1411402700), Jan Beulich wrote:
>>>>>>> On 22.09.14 at 17:38, <george.dunlap@eu.citrix.com> wrote:
>>>> That's indeed what was said so far. I wonder though whether opening
>>>> this up without guest OS consent isn't gong to introduce a security
>>>> issue inside the guest (depending on the exact functionality of these
>>>> hypercalls).
>>> Yes indeed.  VMware seems to have CPL checks on some of the commands
>>> (but not all).  I guess Xen will be no worse than VMware if we do the
>>> same, though I'd like to have an official spec to follow for that.
>> Yes, VMware has CPL checks on some of the commands.  Not at all
>> clear the include file has the correct statement.  I have not do any
>> checking of CPL nor does QEMU.
> That needs to be fixed somewhere.  If Xen/Qemu is going to provide
> this interface it _must_ copy the privilege checks, even if we don't
> understand why they're there -- in fact, _especially_ if we don't
> understand why they're there! :)
>
> If the third-party header file isn't a reliable source, you'll have to
> determine the correct behaviour by experiment.

I have done this.  Will be adding the check.

>> I could look into doing this, but with the xl.cfg flag vmware_port=0
>> turns this all off, I do not see any need for CPL checking.
> I strongly disagree with this.  If our implementation of this
> interface makes guest OSes less secure than they would be under actual
> VMware then the config option is irrelevant.

Ok.

    -Don Slutz

> Cheers,
>
> Tim.