Re: [PATCH] Access control in Xen privcmd_ioctl_mmap

From: Daniel De Graaf
Date: Wed Jan 02 2013 - 11:09:46 EST

On 12/31/2012 03:44 PM, Tamas Lengyel wrote:
> In the privcmd Linux driver two checks in the functions
> privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they
> are trying to enforce hypervisor-level access control. They should be
> removed as they break secondary control domains when performing dom0
> disaggregation. Xen itself provides adequate security controls around
> these hypercalls and these checks prevent those controls from
> functioning as intended.
> The patch applies to the stable Linux 3.7.1 kernel.

It also applies to (and I have tested it on) 3.8-rc1.

> Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>
> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at