Re: [Xen-devel] [PATCH] xsm: add missing permissions discovered in testing

2016-11-07 Thread Wei Liu
On Mon, Nov 07, 2016 at 07:22:40AM +, Wei Liu wrote: > On Fri, Nov 04, 2016 at 11:35:20AM -0400, Daniel De Graaf wrote: > > Add two missing allow rules: > > > > 1. Device model domain construction uses getvcpucontext, discovered by > > Andrew Cooper in an (apparently) unrelated bisection. > >

Re: [Xen-devel] [PATCH] xsm: add missing permissions discovered in testing

2016-11-06 Thread Wei Liu
On Fri, Nov 04, 2016 at 11:35:20AM -0400, Daniel De Graaf wrote: > Add two missing allow rules: > > 1. Device model domain construction uses getvcpucontext, discovered by > Andrew Cooper in an (apparently) unrelated bisection. > > 2. When a domain is destroyed with a device passthrough active, th

Re: [Xen-devel] [PATCH] xsm: add missing permissions discovered in testing

2016-11-04 Thread Andrew Cooper
On 04/11/16 15:35, Daniel De Graaf wrote: > Add two missing allow rules: > > 1. Device model domain construction uses getvcpucontext, discovered by > Andrew Cooper in an (apparently) unrelated bisection. Merely observation of the logs while chasing an unrelated issue. ~Andrew > > 2. When a domai

[Xen-devel] [PATCH] xsm: add missing permissions discovered in testing

2016-11-04 Thread Daniel De Graaf
Add two missing allow rules: 1. Device model domain construction uses getvcpucontext, discovered by Andrew Cooper in an (apparently) unrelated bisection. 2. When a domain is destroyed with a device passthrough active, the calls to remove_{irq,ioport,iomem} can be made by the hypervisor itself (wh