From: Paul Durrant <Paul.Durrant@citrix.com>
To: 'Boris Ostrovsky' <boris.ostrovsky@oracle.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Juergen Gross <jgross@suse.com>
Subject: Re: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP
Date: Thu, 9 Feb 2017 16:45:22 +0000 [thread overview]
Message-ID: <fe50586d3cfe4eebac75bc02af9c9d58@AMSPEX02CL03.citrite.net> (raw)
In-Reply-To: <fa41f70e-d98c-dda7-cc7b-1152c438d4e5@oracle.com>
> -----Original Message-----
> From: Boris Ostrovsky [mailto:boris.ostrovsky@oracle.com]
> Sent: 09 February 2017 15:50
> To: Paul Durrant <Paul.Durrant@citrix.com>; xen-devel@lists.xenproject.org;
> linux-kernel@vger.kernel.org
> Cc: Juergen Gross <jgross@suse.com>
> Subject: Re: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP
>
>
>
> On 02/09/2017 09:27 AM, Paul Durrant wrote:
> >> -----Original Message-----
> >> From: Paul Durrant [mailto:paul.durrant@citrix.com]
> >> Sent: 09 February 2017 14:18
> >> To: xen-devel@lists.xenproject.org; linux-kernel@vger.kernel.org
> >> Cc: Paul Durrant <Paul.Durrant@citrix.com>; Boris Ostrovsky
> >> <boris.ostrovsky@oracle.com>; Juergen Gross <jgross@suse.com>
> >> Subject: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP
> >>
> >> Recently a new dm_op[1] hypercall was added to Xen to provide a
> >> mechanism
> >> for restricting device emulators (such as QEMU) to a limited set of
> >> hypervisor operations, and being able to audit those operations in the
> >> kernel of the domain in which they run.
> >>
> >> This patch adds IOCTL_PRIVCMD_DM_OP as gateway for
> >> __HYPERVISOR_dm_op,
> >> bouncing the callers buffers through kernel memory to allow the address
> >> ranges to be audited (and negating the need to bounce through locked
> >> memory in user-space).
> >
> > Actually, it strikes me (now that I've posted the patch) that I should
> probably just mlock the user buffers rather than bouncing them through
> kernel... Anyway, I'd still appreciate review on other aspects of the patch.
>
>
> Are you suggesting that the caller (user) mlocks the buffers?
No, I meant calling get_user_pages() (which AIUI is essentially what the internals of sys_mlock does) on the buffers to make sure they don't get paged during execution of the (unlocked) ioctl.
Paul
>
> -boris
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
prev parent reply other threads:[~2017-02-09 16:45 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-09 14:17 [PATCH 0/3] xen/privcmd: support for dm_op and restriction Paul Durrant
2017-02-09 14:17 ` [PATCH 1/3] xen/privcmd: return -ENOSYS for unimplemented IOCTLs Paul Durrant
2017-02-09 14:40 ` Jan Beulich
[not found] ` <589C8D610200007800138429@prv-mh.provo.novell.com>
2017-02-09 15:26 ` Boris Ostrovsky
2017-02-09 15:28 ` Paul Durrant
2017-02-09 14:17 ` [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP Paul Durrant
2017-02-09 14:17 ` [PATCH 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT Paul Durrant
2017-02-09 14:43 ` Jan Beulich
[not found] ` <589C8E1D0200007800138448@prv-mh.provo.novell.com>
2017-02-09 14:45 ` Paul Durrant
[not found] ` <1486649866-4869-3-git-send-email-paul.durrant@citrix.com>
2017-02-09 14:27 ` [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP Paul Durrant
[not found] ` <8ef1299559e24d96ba8bbab49baee5ae@AMSPEX02CL03.citrite.net>
2017-02-09 15:50 ` Boris Ostrovsky
[not found] ` <fa41f70e-d98c-dda7-cc7b-1152c438d4e5@oracle.com>
2017-02-09 15:56 ` Andrew Cooper
2017-02-09 16:03 ` Jan Beulich
2017-02-09 16:08 ` Andrew Cooper
2017-02-09 16:45 ` Paul Durrant [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fe50586d3cfe4eebac75bc02af9c9d58@AMSPEX02CL03.citrite.net \
--to=paul.durrant@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).