This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM

To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM
From: Derek Murray <Derek.Murray@xxxxxxxxxxxx>
Date: Wed, 9 May 2007 15:04:35 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 09 May 2007 07:05:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1178574070.6520.87.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1178574070.6520.87.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I'm interested in whether this code could be used to supersede IS_PRIV (dom), particularly when doing an mmu_update operation.

As far as I can see, the xsm_mmu_normal_update() hook is called after set_foreigndom(). set_foreigndom() will fail if the calling domain is not privileged (!IS_PRIV(current->domain)) and the operation specifies a different domain as the foreigndom.

For disaggregation of the domain builder, we would like to be able to delegate this privilege to a small, trusted domain (domB): it seems to me that XSM would be the cleanest way to do this. Would it therefore be possible to add a hook in set_foreigndom() on the ! IS_PRIV(d) branch, or is there some security consequence that I am overlooking?


Derek Murray.

On 7 May 2007, at 22:41, George S. Coker, II wrote:

Updates in this patch set include:
    - adaptation to new create secure interface for domain_create
    - cleanup of xsm enable/disable framework through xsm_call macro
    - ifdef architecture/config specific hooks

Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
Xen-devel mailing list

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>