On 20/06/16 15:27, Doug Goldstein wrote: > On 6/20/16 9:04 AM, Daniel De Graaf wrote: >> These permissions were initially split because they were in separate >> domctls, but this split is very unlikely to actually provide security >> benefits: it would require a carefully contrived situation for a domain >> to both need access to one type of CPU register and also need to be >> prohibited from accessing another type. >> >> Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov> >> Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> > I'm a: > > Reviewed-by: Doug Goldstein <car...@cardoe.com> > > But I'd like to see Andrew Cooper's R-b or comments as well. >
I agree. I can't see a plausible usecase for an entity being entitled to read vcpu content, but not to modify it. Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
