Re: [PATCH] Access control in Xen privcmd_ioctl_mmap

From: Daniel De Graaf
Date: Wed Jan 02 2013 - 11:09:46 EST

Next message: Dave Jones: "order 4 alloc failures in security_context_to_sid_core"
Previous message: Lars-Peter Clausen: "Re: Support for Marvell 88E1510 and 88E1116R"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/31/2012 03:44 PM, Tamas Lengyel wrote:
> In the privcmd Linux driver two checks in the functions
> privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they
> are trying to enforce hypervisor-level access control. They should be
> removed as they break secondary control domains when performing dom0
> disaggregation. Xen itself provides adequate security controls around
> these hypercalls and these checks prevent those controls from
> functioning as intended.
>
> The patch applies to the stable Linux 3.7.1 kernel.

It also applies to (and I have tested it on) 3.8-rc1.

> Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>
> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Jones: "order 4 alloc failures in security_context_to_sid_core"
Previous message: Lars-Peter Clausen: "Re: Support for Marvell 88E1510 and 88E1116R"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]