On 20/06/16 15:50, Daniel De Graaf wrote: > On 06/20/2016 10:35 AM, Andrew Cooper wrote: >> On 20/06/16 15:27, Doug Goldstein wrote: >>> On 6/20/16 9:04 AM, Daniel De Graaf wrote: >>>> These permissions were initially split because they were in separate >>>> domctls, but this split is very unlikely to actually provide security >>>> benefits: it would require a carefully contrived situation for a >>>> domain >>>> to both need access to one type of CPU register and also need to be >>>> prohibited from accessing another type. >>>> >>>> Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov> >>>> Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> >>> I'm a: >>> >>> Reviewed-by: Doug Goldstein <car...@cardoe.com> >>> >>> But I'd like to see Andrew Cooper's R-b or comments as well. >>> >> >> I agree. I can't see a plausible usecase for an entity being entitled >> to read vcpu content, but not to modify it. >> >> Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com> > > That's not exactly what this patch does: the get and set permissions > are still split, but unified across the different types of registers. > Where previously there were 6 permissions, now there are 2.
The boundaries for those hypercalls were somewhat arbitrary, and definitely awkward to use. Some information is duplicated between them. I plan to make them all disappear, in favour of something more consistent when altering the migration stream semantics. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
