> -----Original Message----- > From: Boris Ostrovsky [mailto:boris.ostrov...@oracle.com] > Sent: 09 February 2017 15:50 > To: Paul Durrant <paul.durr...@citrix.com>; xen-de...@lists.xenproject.org; > linux-ker...@vger.kernel.org > Cc: Juergen Gross <jgr...@suse.com> > Subject: Re: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP > > > > On 02/09/2017 09:27 AM, Paul Durrant wrote: > >> -----Original Message----- > >> From: Paul Durrant [mailto:paul.durr...@citrix.com] > >> Sent: 09 February 2017 14:18 > >> To: xen-de...@lists.xenproject.org; linux-ker...@vger.kernel.org > >> Cc: Paul Durrant <paul.durr...@citrix.com>; Boris Ostrovsky > >> <boris.ostrov...@oracle.com>; Juergen Gross <jgr...@suse.com> > >> Subject: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP > >> > >> Recently a new dm_op[1] hypercall was added to Xen to provide a > >> mechanism > >> for restricting device emulators (such as QEMU) to a limited set of > >> hypervisor operations, and being able to audit those operations in the > >> kernel of the domain in which they run. > >> > >> This patch adds IOCTL_PRIVCMD_DM_OP as gateway for > >> __HYPERVISOR_dm_op, > >> bouncing the callers buffers through kernel memory to allow the address > >> ranges to be audited (and negating the need to bounce through locked > >> memory in user-space). > > > > Actually, it strikes me (now that I've posted the patch) that I should > probably just mlock the user buffers rather than bouncing them through > kernel... Anyway, I'd still appreciate review on other aspects of the patch. > > > Are you suggesting that the caller (user) mlocks the buffers?
No, I meant calling get_user_pages() (which AIUI is essentially what the internals of sys_mlock does) on the buffers to make sure they don't get paged during execution of the (unlocked) ioctl. Paul > > -boris _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
