lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Aug 2011 09:06:04 +0100
From:	Ian Campbell <Ian.Campbell@...citrix.com>
To:	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
CC:	Stefano Stabellini <Stefano.Stabellini@...citrix.com>,
	"xen-devel@...ts.xensource.com" <xen-devel@...ts.xensource.com>,
	"Jeremy Fitzhardinge" <Jeremy.Fitzhardinge@...rix.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] xen: modify kernel mappings corresponding to granted
 pages

On Tue, 2011-08-09 at 16:50 +0100, Konrad Rzeszutek Wilk wrote:
> > > So I hadn't looked at this in detail, but I wonder if we can use the
> > > MULTIcall for this? It looks like we need to do two hypercalls so why
> > > not batch it?
> > 
> > That was going to be my next question. We should definitely batch these
> > if possible.
> > 
> > > And while we are it - we could change the MMU ops to only do this on
> > > initial domain and for the domU case do the old mechanism?
> > 
> > We need this in domU for driver domains and the like, don't we?
> 
> Sure, but I believe the majority of domU domains would not require this.

The overhead of this stuff is low if not used, isn't it? Compared with
the complexity of having domains know if they might be used as a driver
domain or not that seems like the tradeoff to be aiming for.

> I was thinking that when we start playing with the device/driver domains
> we would want to escalate the privilige level (or perhaps not)?

We don't want any escalation of privilege over and above what is
necessary to be a driver domain, which is generally none.

>  Or
> perhaps introcuce a new type - "if (xen_driver_domain())" to recognize
> that we are special ?

Where does the information to set xen_driver_domain == TRUE come from?

Ian.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ