On Tue, Aug 1, 2017 at 4:30 AM, Andrew Cooper <andrew.coop...@citrix.com> wrote: > On 01/08/17 10:46, Alexandru Isaila wrote: >> Allow guest userspace code to request that a vm_event be sent out >> via VMCALL. This functionality seems to be handy for a number of >> Xen developers, as stated on the mailing list (thread "[Xen-devel] >> HVMOP_guest_request_vm_event only works from guest in ring0"). >> This is a use case in communication between a userspace application >> in the guest and the introspection application in dom0. >> >> Signed-off-by: Alexandru Isaila <aisa...@bitdefender.com> > > This issue has been argued several times before, and while I am in > favour of the change, there is a legitimate argument that it breaks one > of our security boundaries. > > One intermediate option comes to mind however. > > Could we introduce a new monitor op which permits the use of > HVMOP_guest_request_vm_event from userspace? This way, it requires a > positive action on behalf of the introspection agent to relax the CPL > check, rather than having the CPL check unconditionally relaxed.
I agree, it would be required to gate this on a monitor option that is disabled by default. Tamas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
