|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] xsm_op() polymorphism
On Mon, Dec 10, 2007 at 07:05:03PM -0500, George S. Coker, II wrote:
> > If I'm reading the code right, then the xsm_op() hypercall is "untyped"
> > in the sense that you have to know why XSM is loaded before you can
> > interpret any of the contents (that is, the first argument points
> > directly to a flask op or acm op structure). This seems less than ideal
> > - can't we work out a way to make the struct self-identifying?
> >
>
> It depends on what you are concerned about. There are the magic
> numbers that are used right now to identify policy modules on boot but
> could become embedded as the first word of the xsm op structure. This
> would help the hypervisor be consistent with user-space - if that's
> what you are concerned about. It was not the intent to make the
> hypervisor runtime agile wrt a given security module except to not
> prevent a security module from runtime disablement - for obvious
> reasons more flexibility here is fraught with consistency problems.
My immediate concern is that we have to do some snooping into hypercalls
on Solaris (for reasons not of much interest) - and we can't actually
know what structure is being passed in without magically guessing what
type of structure it is. But more generally it's not a good interface to
not only have to assume something incoming is a particular struct, but
have no way of checking that (since the 'op' number-space is shared too)
If there's already a magic-number allocation for the XSMs then great, it
certainly seems like we should use that.
regards
john
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|