At 11:53 +0100 on 05 May (1430826812), Andrew Cooper wrote:
> On 05/05/15 11:25, Paul Durrant wrote:
> > There are actually very few HVM parameters that a guest needs to read
> > and even fewer that a guest needs to write. Use white-lists to specify
> > those parameters and also ensre that, by default, newly introduced
> > parameters are not accessible.
> >
> > Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
> > Cc: Keir Fraser <k...@xen.org>
> > Cc: Jan Beulich <jbeul...@suse.com>
> > Cc: Andrew Cooper <andrew.coop...@citrix.com>
> > ---
> > xen/arch/x86/hvm/hvm.c | 39 ++++++++++++++++++++++-----------------
> > 1 file changed, 22 insertions(+), 17 deletions(-)
> >
> > diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> > index 03543dd..ccf19a4 100644
> > --- a/xen/arch/x86/hvm/hvm.c
> > +++ b/xen/arch/x86/hvm/hvm.c
> > @@ -5650,6 +5650,13 @@ static int hvm_allow_set_param(struct domain *d,
> >
> > switch ( a->index )
> > {
> > + /* The following parameters can be set by the guest. */
> > + case HVM_PARAM_CALLBACK_IRQ:
> > + case HVM_PARAM_VM86_TSS:
>
> The only case where the VM86_TSS is needed is when VT-x doesn't support
> unrestricted mode, in which case this parameter and IDENT_PT must be set
> up by the domain builder in order to execute hvmloader. Neither need to
> be settable by the guest.
IDENT_PT is indeed set up by the toolstack, but VM86_TSS is set by
hvmloader, as it's not needed until hvmloader enters real mode.
It would be OK to make those two params set-once param if you're feeling
keen, but in fact there's no harm in letting the guest change them --
after all it can write to the memory they point to.
Cheers,
Tim.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
