Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-26 Thread Jan Beulich
>>> On 25.10.17 at 11:37, wrote: > My current plan is to add the following new MAPSPACE to public/memory.h: > > +#define XENMEMSPACE_gmfn_foreign_share 6 /* Same as *_gmfn_foreign, but this > is > +for a privileged dom to > +

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-25 Thread Zhongze Liu
2017-10-25 17:37 GMT+08:00 Zhongze Liu : > Hi, > > My current plan is to add the following new MAPSPACE to public/memory.h: > > +#define XENMEMSPACE_gmfn_foreign_share 6 /* Same as *_gmfn_foreign, but this > is > +for a privileged

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-25 Thread Zhongze Liu
Hi, My current plan is to add the following new MAPSPACE to public/memory.h: +#define XENMEMSPACE_gmfn_foreign_share 6 /* Same as *_gmfn_foreign, but this is +for a privileged dom to +shared pages between two

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-23 Thread Zhongze Liu
Hi Jan, 2017-10-23 15:26 GMT+08:00 Jan Beulich : On 22.10.17 at 13:21, wrote: >> How about changing the policy to (c over d) && ((d over t) || (c over t))? >> Given that (c over d) is a must, which is always checked somewhere higher >> in the call

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-23 Thread Jan Beulich
>>> On 22.10.17 at 13:21, wrote: > How about changing the policy to (c over d) && ((d over t) || (c over t))? > Given that (c over d) is a must, which is always checked somewhere higher > in the call stack as Daniel pointed out, permitting (d over t) or (c > over t)

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-22 Thread Zhongze Liu
Hi Daniel and Jan, 2017-10-20 21:34 GMT+08:00 Daniel De Graaf : > On 10/20/2017 02:14 AM, Jan Beulich wrote: > > On 19.10.17 at 19:36, wrote: >>> >>> On 10/19/2017 07:58 AM, Jan Beulich wrote: >>> >>> On 19.10.17 at 04:36,

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-20 Thread Daniel De Graaf
On 10/20/2017 02:14 AM, Jan Beulich wrote: On 19.10.17 at 19:36, wrote: On 10/19/2017 07:58 AM, Jan Beulich wrote: On 19.10.17 at 04:36, wrote: --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -516,7 +516,8 @@ static XSM_INLINE int

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-20 Thread Daniel De Graaf
On 10/19/2017 08:55 PM, Zhongze Liu wrote: 2017-10-20 8:34 GMT+08:00 Zhongze Liu : Hi Daniel, 2017-10-20 1:36 GMT+08:00 Daniel De Graaf : On 10/18/2017 10:36 PM, Zhongze Liu wrote: The original dummy xsm_map_gmfn_foregin checks if source domain

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-20 Thread Jan Beulich
>>> On 19.10.17 at 19:36, wrote: > On 10/19/2017 07:58 AM, Jan Beulich wrote: > On 19.10.17 at 04:36, wrote: >>> --- a/xen/include/xsm/dummy.h >>> +++ b/xen/include/xsm/dummy.h >>> @@ -516,7 +516,8 @@ static XSM_INLINE int >

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-19 Thread Zhongze Liu
2017-10-20 8:34 GMT+08:00 Zhongze Liu : > Hi Daniel, > > 2017-10-20 1:36 GMT+08:00 Daniel De Graaf : >> On 10/18/2017 10:36 PM, Zhongze Liu wrote: >>> >>> The original dummy xsm_map_gmfn_foregin checks if source domain has the >>> proper >>> privileges

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-19 Thread Zhongze Liu
Hi Daniel, 2017-10-20 1:36 GMT+08:00 Daniel De Graaf : > On 10/18/2017 10:36 PM, Zhongze Liu wrote: >> >> The original dummy xsm_map_gmfn_foregin checks if source domain has the >> proper >> privileges over the target domain. Under this policy, it's not allowed if >> a Dom0

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-19 Thread Daniel De Graaf
On 10/19/2017 07:58 AM, Jan Beulich wrote: On 19.10.17 at 04:36, wrote: --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -516,7 +516,8 @@ static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, static XSM_INLINE int

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-19 Thread Daniel De Graaf
On 10/18/2017 10:36 PM, Zhongze Liu wrote: The original dummy xsm_map_gmfn_foregin checks if source domain has the proper privileges over the target domain. Under this policy, it's not allowed if a Dom0 wants to map pages from one DomU to another, which restricts some useful yet not dangerous

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-19 Thread Jan Beulich
>>> On 19.10.17 at 04:36, wrote: > --- a/xen/include/xsm/dummy.h > +++ b/xen/include/xsm/dummy.h > @@ -516,7 +516,8 @@ static XSM_INLINE int > xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, > static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct

[Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

2017-10-18 Thread Zhongze Liu
The original dummy xsm_map_gmfn_foregin checks if source domain has the proper privileges over the target domain. Under this policy, it's not allowed if a Dom0 wants to map pages from one DomU to another, which restricts some useful yet not dangerous use cases of the API, such as sharing pages