On 2017-08-23 20:13, Gustavo Lima Chaves wrote: > * Jan Kiszka <[email protected]> [2017-08-23 23:40:09 +0000]: > >> From: Jan Kiszka <[email protected]> >> >> Specify in the docs and implement in the configuration files that cells >> with passive comm regions have only read access to it. This avoids that >> a passive cell, i.e. one that should also not be able to prevent >> configuration changes, can block them by declaring itself "running/ >> locked". >> >> Instead of checking in the hypervisor that a cell config does not permit >> writes to passive comm regions, we should eventually validate this >> offline via a config checker. > > When bringing an inmate "online", does the hypervisor read the cell's > general flags before jumping into each memory regions? It would be > even safer, if so, to AND the memory regions' flags with > ~JAILHOUSE_MEM_WRITE forcibly when evaluating them, no? >
The rational is that we could add almost arbitrary amount of checking or "patching" logic to the hypervisor /wrt cell configs, but we will still depend on consistent and correct files being supplied. So the idea is to eventually add an offline checker (likely written in a higher language than C) to the tool box, i.e. outside the hypervisor core. That's what my paragraph was about. Jan -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
