>>> On 19.12.18 at 15:07, <andrew.coop...@citrix.com> wrote: > On 19/12/2018 13:55, George Dunlap wrote: >> Yes, if someone uses XSM to bypass the IS_PRIV() functionality to give >> one domain access over another, then the lock checking will trigger. > > Noone should be able to trigger assertions in the hypervisor by simply > editing the XSM policy. > > This quite clearly demonstrates that the proposed logic isn't appropriate.
You could view it the other way around: Anyone who writes an XSM policy violating assumptions in the hypervisor is shooting themselves in the foot (read: introduces a bug). In particular I don't think something like fuzzed XSM policies would make any sense (which is no different to someone making random edits). Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
