|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] [PATCH] Hypercalls from HVM guests
On 22 Apr 2006, at 16:16, Steve Ofsthun wrote:
(1) is most important right now -- we should only permit the
hypercalls we need, and audit any others before they are added to the
list.
OK, is a bitmap filter of the inbound requests sufficient? For this
patch, I'll
just filter every hypercall except HYPERVISOR_xen_version() and return
ENOSYS?
That would be okay, but also:
1. VMMCALL_MAGIC needs to go, and be replaced by a first-class
hypercall (HYPERVISOR_hvm_op maybe). Either by having an hvm-specific
hypercall table, or by adding to the main jump table and have the
hvm_op function itself bail on non-hvm guests.
2. guest_handle_okay() should always return TRUE for an hvm guest
3. get rid of the __user modifiers in your new functions in
guest_access.h. We don't use those in Xen (except in a few files taken
fairly directly from Linux).
-- Keir
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|