xen-devel
[Xen-devel] Re: xsm: Consolidate xsm processing within domain control hy
On 12/4/07 4:59 PM, "Mike D. Day" <ncmike@xxxxxxxxxx> wrote:
> On 04/12/07 16:54 -0500, George S. Coker, II wrote:
>>
>>>
>>>> 2) This will also impose on the security modules the responsibility to
>>>> acquire and hold locks on hypervisor resources. It would seem dangerous to
>>>> give modules this responsibility.
>>>
>>> I don't see it, the locking logic is still the same. Can you show me
>>> where the module needs to acquire locks differently than without the
>>> patch?
>>>
>> It's not that the locking logic is different. A security module may be
>> sloppy about its locking and cause Xen to crash without specifically
>> indicating a flaw in the security module.
>>
>> Getting locks right is tricky business, it would seem the Xen would want the
>> responsibility for the locking of resources to avoid the ills of race
>> conditions, etc.
>
> I agree with your comments, but I don't think the patch changes
> locking at all. If I'm wrong I agree that's a problem.
I guess I'm not quite following here. True the locking mechanisms won't be
any different. The same resources will be locked, hopefully, and released,
hopefully. The issue is one of interfaces, and which parts of Xen have
responsibility for resource management and which parts are responsible for
security. Having a clean delegation of responsibility is good for core xen
developers and xen security developers.
--
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|