xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: anshul makkar <anshul.makkar@citrix.com>
To: xen-devel@lists.xen.org, konrad.wilk@oracle.com, dgdegra@tycho.nsa.gov
Subject: Re: [PATCH v4 03/34] xsm/xen_version: Add XSM for the xen_version hypercall
Date: Thu, 24 Mar 2016 15:34:37 +0000	[thread overview]
Message-ID: <56F4090D.5060003@citrix.com> (raw)
In-Reply-To: <1458064616-23101-4-git-send-email-konrad.wilk@oracle.com>

On 15/03/16 17:56, Konrad Rzeszutek Wilk wrote:
> All of XENVER_* have now an XSM check for their sub-ops.
>
> The subop for XENVER_commandline is now a priviliged operation.
> To not break guests we still return an string - but it is
> just '<denied>\0'.
>
> The rest: XENVER_[version|extraversion|capabilities|
> parameters|get_features|page_size|guest_handle|changeset|
> compile_info] behave as before - allowed by default for all
> guests if using the XSM default policy or with the dummy one.
>
> The admin can choose to change the sub-ops to be denied
> as they see fit.
>
> Also we add a local variable block.
>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>
> ---
> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
> Cc: Wei Liu <wei.liu2@citrix.com>
>
> v2: Do XSM check for all the XENVER_ ops.
> v3: Add empty data conditions.
> v4: Return <denied> for priv subops.
> v5: Move extraversion from priv to normal. Drop the XSM check
>      for the non-priv subops.
> v6: Add +1 for strlen(xen_deny()) to include NULL. Move changeset,
>      compile_info to non-priv subops.
> v7: Remove the \0 on xen_deny()
> v8: Add new XSM domain for xenver hypercall. Add all subops to it.
> v9: Remove the extra line, Add Ack from Daniel
> v10: Rename the XSM from xen_version_op to xsm_xen_version.
>      Prefix the types with 'xen' to distinguish it from another
>      hypercall performing similar operation. Removed Ack from Daniel
>      as it was so large. Add local variable block.
> ---
>   tools/flask/policy/policy/modules/xen/xen.te | 15 ++++++++
>   xen/common/kernel.c                          | 53 +++++++++++++++++++++-------
>   xen/common/version.c                         | 15 ++++++++
>   xen/include/xen/version.h                    |  2 +-
>   xen/include/xsm/dummy.h                      | 22 ++++++++++++
>   xen/include/xsm/xsm.h                        |  5 +++
>   xen/xsm/dummy.c                              |  1 +
>   xen/xsm/flask/hooks.c                        | 43 ++++++++++++++++++++++
>   xen/xsm/flask/policy/access_vectors          | 28 +++++++++++++++
>   xen/xsm/flask/policy/security_classes        |  1 +
>   10 files changed, 172 insertions(+), 13 deletions(-)
>
> diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
> index d35ae22..7e7400d 100644
> --- a/tools/flask/policy/policy/modules/xen/xen.te
> +++ b/tools/flask/policy/policy/modules/xen/xen.te
> @@ -73,6 +73,15 @@ allow dom0_t xen_t:xen2 {
>       pmu_ctrl
>       get_symbol
>   };
> +
> +# Allow dom0 to use all XENVER_ subops
> +# Note that dom0 is part of domain_type so this has duplicates.
> +allow dom0_t xen_t:version {
> +    xen_version xen_extraversion xen_compile_info xen_capabilities
> +    xen_changeset xen_platform_parameters xen_get_features xen_pagesize
> +    xen_guest_handle xen_commandline
> +};
> +
>   allow dom0_t xen_t:mmu memorymap;
>
>   # Allow dom0 to use these domctls on itself. For domctls acting on other
> @@ -137,6 +146,12 @@ if (guest_writeconsole) {
>   # pmu_ctrl is for)
>   allow domain_type xen_t:xen2 pmu_use;
>
> +# For normal guests all except XENVER_commandline
> +allow domain_type xen_t:version {
> +    xen_version xen_extraversion xen_compile_info xen_capabilities
> +    xen_changeset xen_platform_parameters xen_get_features xen_pagesize
> +    xen_guest_handle
> +};
>   ###############################################################################
>   #
>   # Domain creation
> diff --git a/xen/common/kernel.c b/xen/common/kernel.c
> index 0618da2..2699ac0 100644
> --- a/xen/common/kernel.c
> +++ b/xen/common/kernel.c
> @@ -13,6 +13,7 @@
>   #include <xen/nmi.h>
>   #include <xen/guest_access.h>
>   #include <xen/hypercall.h>
> +#include <xsm/xsm.h>
>   #include <asm/current.h>
>   #include <public/nmi.h>
>   #include <public/version.h>
> @@ -223,12 +224,15 @@ void __init do_initcalls(void)
>   /*
>    * Simple hypercalls.
>    */
> -
>   DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>   {
> +    bool_t deny = !!xsm_xen_version(XSM_OTHER, cmd);
> +
>       switch ( cmd )
>       {
>       case XENVER_version:
> +        if ( deny )
> +            return 0;
>           return (xen_major_version() << 16) | xen_minor_version();
>
>       case XENVER_extraversion:
> @@ -236,7 +240,7 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>           xen_extraversion_t extraversion;
>
>           memset(extraversion, 0, sizeof(extraversion));
> -        safe_strcpy(extraversion, xen_extra_version());
> +        safe_strcpy(extraversion, deny ? xen_deny() : xen_extra_version());
>           if ( copy_to_guest(arg, extraversion, ARRAY_SIZE(extraversion)) )
>               return -EFAULT;
>           return 0;
> @@ -247,10 +251,10 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>           xen_compile_info_t info;
>
>           memset(&info, 0, sizeof(info));
> -        safe_strcpy(info.compiler,       xen_compiler());
> -        safe_strcpy(info.compile_by,     xen_compile_by());
> -        safe_strcpy(info.compile_domain, xen_compile_domain());
> -        safe_strcpy(info.compile_date,   xen_compile_date());
> +        safe_strcpy(info.compiler,       deny ? xen_deny() : xen_compiler());
> +        safe_strcpy(info.compile_by,     deny ? xen_deny() : xen_compile_by());
> +        safe_strcpy(info.compile_domain, deny ? xen_deny() : xen_compile_domain());
> +        safe_strcpy(info.compile_date,   deny ? xen_deny() : xen_compile_date());
>           if ( copy_to_guest(arg, &info, 1) )
>               return -EFAULT;
>           return 0;
> @@ -261,7 +265,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>           xen_capabilities_info_t info;
>
>           memset(info, 0, sizeof(info));
> -        arch_get_xen_caps(&info);
> +        if ( !deny )
> +            arch_get_xen_caps(&info);
>
>           if ( copy_to_guest(arg, info, ARRAY_SIZE(info)) )
>               return -EFAULT;
> @@ -274,6 +279,9 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>               .virt_start = HYPERVISOR_VIRT_START
>           };
>
> +        if ( deny )
> +            params.virt_start = 0;
> +
>           if ( copy_to_guest(arg, &params, 1) )
>               return -EFAULT;
>           return 0;
> @@ -285,7 +293,7 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>           xen_changeset_info_t chgset;
>
>           memset(chgset, 0, sizeof(chgset));
> -        safe_strcpy(chgset, xen_changeset());
> +        safe_strcpy(chgset, deny ? xen_deny() : xen_changeset());
>           if ( copy_to_guest(arg, chgset, ARRAY_SIZE(chgset)) )
>               return -EFAULT;
>           return 0;
> @@ -302,6 +310,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>           switch ( fi.submap_idx )
>           {
>           case 0:
> +            if ( deny )
> +                break;
>               fi.submap = (1U << XENFEAT_memory_op_vnode_supported);
>               if ( VM_ASSIST(d, pae_extended_cr3) )
>                   fi.submap |= (1U << XENFEAT_pae_pgdir_above_4gb);
> @@ -342,19 +352,38 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>       }
>
>       case XENVER_pagesize:
> +        if ( deny )
> +            return 0;
>           return (!guest_handle_is_null(arg) ? -EINVAL : PAGE_SIZE);
>
>       case XENVER_guest_handle:
> -        if ( copy_to_guest(arg, current->domain->handle,
> -                           ARRAY_SIZE(current->domain->handle)) )
> +    {
> +        xen_domain_handle_t hdl;
> +        ssize_t len;
> +
> +        if ( deny )
> +        {
> +            len = sizeof(hdl);
> +            memset(&hdl, 0, len);
> +        } else
> +            len = ARRAY_SIZE(current->domain->handle);
> +
> +        if ( copy_to_guest(arg, deny ? hdl : current->domain->handle, len ) )
>               return -EFAULT;
>           return 0;
> -
> +    }
>       case XENVER_commandline:
> -        if ( copy_to_guest(arg, saved_cmdline, ARRAY_SIZE(saved_cmdline)) )
> +    {
> +        size_t len = ARRAY_SIZE(saved_cmdline);
> +
> +        if ( deny )
> +            len = strlen(xen_deny()) + 1;
> +
> +        if ( copy_to_guest(arg, deny ? xen_deny() : saved_cmdline, len) )
>               return -EFAULT;
>           return 0;
>       }
> +    }
>
>       return -ENOSYS;
>   }
> diff --git a/xen/common/version.c b/xen/common/version.c
> index b152e27..fc9bf42 100644
> --- a/xen/common/version.c
> +++ b/xen/common/version.c
> @@ -55,3 +55,18 @@ const char *xen_banner(void)
>   {
>       return XEN_BANNER;
>   }
> +
> +const char *xen_deny(void)
> +{
> +    return "<denied>";
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * tab-width: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/include/xen/version.h b/xen/include/xen/version.h
> index 81a3c7d..016a56c 100644
> --- a/xen/include/xen/version.h
> +++ b/xen/include/xen/version.h
> @@ -12,5 +12,5 @@ unsigned int xen_minor_version(void);
>   const char *xen_extra_version(void);
>   const char *xen_changeset(void);
>   const char *xen_banner(void);
> -
> +const char *xen_deny(void);
>   #endif /* __XEN_VERSION_H__ */
> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 1d13826..94b8855 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -727,3 +727,25 @@ static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned int
>   }
>
>   #endif /* CONFIG_X86 */
> +
> +#include <public/version.h>
> +static XSM_INLINE int xsm_xen_version (XSM_DEFAULT_ARG uint32_t op)
> +{
> +    XSM_ASSERT_ACTION(XSM_OTHER);
> +    switch ( op )
> +    {
> +    case XENVER_version:
> +    case XENVER_extraversion:
> +    case XENVER_compile_info:
> +    case XENVER_capabilities:
> +    case XENVER_changeset:
> +    case XENVER_platform_parameters:
> +    case XENVER_get_features:
> +    case XENVER_pagesize:
> +    case XENVER_guest_handle:
> +        /* These MUST always be accessible to any guest by default. */
> +        return xsm_default_action(XSM_HOOK, current->domain, NULL);
> +    default:
> +        return xsm_default_action(XSM_PRIV, current->domain, NULL);
> +    }
> +}
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 3afed70..db440f6 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -193,6 +193,7 @@ struct xsm_operations {
>       int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow);
>       int (*pmu_op) (struct domain *d, unsigned int op);
>   #endif
> +    int (*xen_version) (uint32_t cmd);
>   };
>
>   #ifdef CONFIG_XSM
> @@ -731,6 +732,10 @@ static inline int xsm_pmu_op (xsm_default_t def, struct domain *d, unsigned int
>
>   #endif /* CONFIG_X86 */
>
> +static inline int xsm_xen_version (xsm_default_t def, uint32_t op)
> +{
> +    return xsm_ops->xen_version(op);
> +}
>   #endif /* XSM_NO_WRAPPERS */
>
>   #ifdef CONFIG_MULTIBOOT
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index 0f32636..9791ad4 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -162,4 +162,5 @@ void xsm_fixup_ops (struct xsm_operations *ops)
>       set_to_dummy_if_null(ops, ioport_mapping);
>       set_to_dummy_if_null(ops, pmu_op);
>   #endif
> +    set_to_dummy_if_null(ops, xen_version);
>   }
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 4813623..d1bef43 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -26,6 +26,7 @@
>   #include <public/xen.h>
>   #include <public/physdev.h>
>   #include <public/platform.h>
> +#include <public/version.h>
>
>   #include <public/xsm/flask_op.h>
>
> @@ -1620,6 +1621,47 @@ static int flask_pmu_op (struct domain *d, unsigned int op)
>   }
>   #endif /* CONFIG_X86 */
>
> +static int flask_xen_version (uint32_t op)
> +{
> +    u32 dsid = domain_sid(current->domain);
> +
> +    switch ( op )
> +    {
> +    case XENVER_version:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_VERSION, NULL);
> +    case XENVER_extraversion:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_EXTRAVERSION, NULL);
> +    case XENVER_compile_info:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_COMPILE_INFO, NULL);
> +    case XENVER_capabilities:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_CAPABILITIES, NULL);
> +    case XENVER_changeset:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_CHANGESET, NULL);
> +    case XENVER_platform_parameters:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_PLATFORM_PARAMETERS, NULL);
> +    case XENVER_get_features:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_GET_FEATURES, NULL);
> +    case XENVER_pagesize:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_PAGESIZE, NULL);
> +    case XENVER_guest_handle:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_GUEST_HANDLE, NULL);
> +    case XENVER_commandline:
> +        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
> +                            VERSION__XEN_COMMANDLINE, NULL);
> +    default:
> +        return -EPERM;
> +    }
> +}
> +
>   long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
>   int compat_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
>
> @@ -1758,6 +1800,7 @@ static struct xsm_operations flask_ops = {
>       .ioport_mapping = flask_ioport_mapping,
>       .pmu_op = flask_pmu_op,
>   #endif
> +    .xen_version = flask_xen_version,
>   };
>
>   static __init void flask_init(void)
> diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
> index effb59f..628dd5c 100644
> --- a/xen/xsm/flask/policy/access_vectors
> +++ b/xen/xsm/flask/policy/access_vectors
> @@ -495,3 +495,31 @@ class security
>   # remove ocontext label definitions for resources
>       del_ocontext
>   }
> +
> +# Class version is used to describe the XENVER_ hypercall.
> +# Each sub-ops is described here - in the default case all of them should
> +# be allowed except the XENVER_commandline.
> +#
> +class version
> +{
> +# Often called by PV kernels to force an callback.
> +    xen_version
> +# Extra informations (-unstable).
> +    xen_extraversion
> +# Compile information of the hypervisor.
> +    xen_compile_info
> +# Such as "xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64".
> +    xen_capabilities
> +# Such as the virtual address of where the hypervisor resides.
> +    xen_platform_parameters
> +# Source code changeset.
> +    xen_changeset
> +# The features the hypervisor supports.
> +    xen_get_features
> +# Page size the hypervisor uses.
> +    xen_pagesize
> +# An value that the control stack can choose.
> +    xen_guest_handle
> +# Xen command line.
> +    xen_commandline
> +}
> diff --git a/xen/xsm/flask/policy/security_classes b/xen/xsm/flask/policy/security_classes
> index ca191db..cde4e1a 100644
> --- a/xen/xsm/flask/policy/security_classes
> +++ b/xen/xsm/flask/policy/security_classes
> @@ -18,5 +18,6 @@ class shadow
>   class event
>   class grant
>   class security
> +class version
>
>   # FLASK
>
Can we have more meaningful name for XSM class. "version" doesn't seem 
to be informative enough to convey the message as to why we need it to 
be secure. (Is it a resource, or domain specific or event or...)

My suggestion would be xenmetainfo or something more meaningful.

Anshul


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

  parent reply	other threads:[~2016-03-24 15:34 UTC|newest]

Thread overview: 124+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-15 17:56 [PATCH v4] xSplice v1 design and implementation Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 01/34] compat/x86: Remove unncessary #define Konrad Rzeszutek Wilk
2016-03-15 18:57   ` Andrew Cooper
2016-03-16 11:08   ` Jan Beulich
2016-03-17  0:44     ` Konrad Rzeszutek Wilk
2016-03-17  7:45       ` Jan Beulich
2016-03-15 17:56 ` [PATCH v4 02/34] libxc: Remove dead code (XENVER_capabilities) Konrad Rzeszutek Wilk
2016-03-15 18:04   ` Andrew Cooper
2016-03-15 18:08     ` Konrad Rzeszutek Wilk
2016-03-16 18:11   ` Wei Liu
2016-03-15 17:56 ` [PATCH v4 03/34] xsm/xen_version: Add XSM for the xen_version hypercall Konrad Rzeszutek Wilk
2016-03-18 11:55   ` Jan Beulich
2016-03-18 17:26     ` Konrad Rzeszutek Wilk
2016-03-21 11:22       ` Jan Beulich
2016-03-22 16:10         ` Konrad Rzeszutek Wilk
2016-03-22 17:54           ` Daniel De Graaf
2016-03-22 17:49   ` Daniel De Graaf
2016-03-24 15:34   ` anshul makkar [this message]
2016-03-24 19:19     ` Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane Konrad Rzeszutek Wilk
2016-03-15 18:29   ` Andrew Cooper
2016-03-15 20:19     ` Konrad Rzeszutek Wilk
2016-03-17  1:38       ` Konrad Rzeszutek Wilk
2016-03-17 14:28         ` Andrew Cooper
2016-03-18 12:36         ` Jan Beulich
2016-03-18 19:22           ` Konrad Rzeszutek Wilk
2016-03-21 12:45             ` Jan Beulich
2016-03-22 15:52               ` Konrad Rzeszutek Wilk
2016-03-22 16:06                 ` Jan Beulich
2016-03-22 18:57                   ` Konrad Rzeszutek Wilk
2016-03-22 19:28                     ` Andrew Cooper
2016-03-22 20:39                       ` Konrad Rzeszutek Wilk
2016-03-23  8:56                         ` Jan Beulich
2016-03-24  2:37                           ` Konrad Rzeszutek Wilk
2016-03-24  9:15                             ` Jan Beulich
2016-03-24 11:39                               ` Konrad Rzeszutek Wilk
2016-03-22 17:51   ` Daniel De Graaf
2016-03-15 17:56 ` [PATCH v4 05/34] libxc/libxl/python/xenstat: Use new XEN_VERSION_OP hypercall Konrad Rzeszutek Wilk
2016-03-15 18:45   ` Andrew Cooper
2016-03-16 12:31   ` George Dunlap
2016-03-16 18:11   ` Wei Liu
2016-03-17  1:08     ` Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 06/34] x86/arm: Add BUGFRAME_NR define and BUILD checks Konrad Rzeszutek Wilk
2016-03-15 18:54   ` Andrew Cooper
2016-03-16 11:49   ` Julien Grall
2016-03-18 12:40   ` Jan Beulich
2016-03-18 19:59     ` Konrad Rzeszutek Wilk
2016-03-21 12:49       ` Jan Beulich
2016-03-22 15:39         ` Konrad Rzeszutek Wilk
2016-03-22 15:58           ` Jan Beulich
2016-03-15 17:56 ` [PATCH v4 07/34] arm/x86: Use struct virtual_region to do bug, symbol, and (x86) exception tables Konrad Rzeszutek Wilk
2016-03-15 19:24   ` Andrew Cooper
2016-03-15 19:34     ` Konrad Rzeszutek Wilk
2016-03-15 19:51       ` Andrew Cooper
2016-03-15 20:02         ` Andrew Cooper
2016-03-16 10:33           ` Jan Beulich
2016-03-18 13:07   ` Jan Beulich
2016-03-22 20:18     ` Konrad Rzeszutek Wilk
2016-03-23  8:19       ` Jan Beulich
2016-03-23 11:17         ` Julien Grall
2016-03-23 11:21           ` Jan Beulich
2016-03-24  2:49         ` Konrad Rzeszutek Wilk
2016-03-24  9:20           ` Jan Beulich
2016-03-15 17:56 ` [PATCH v4 08/34] vmap: Make the while loop less fishy Konrad Rzeszutek Wilk
2016-03-15 19:33   ` Andrew Cooper
2016-03-17 11:49     ` Jan Beulich
2016-03-17 14:37       ` Andrew Cooper
2016-03-17 15:30         ` Jan Beulich
2016-03-17 16:06           ` Ian Jackson
2016-03-17 11:48   ` Jan Beulich
2016-03-17 16:08   ` Ian Jackson
2016-03-21 12:04     ` George Dunlap
2016-03-21 13:26       ` Jan Beulich
2016-03-21 14:22         ` George Dunlap
2016-03-21 15:05           ` Jan Beulich
2016-03-15 17:56 ` [PATCH v4 09/34] vmap: ASSERT on NULL Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 10/34] vmap: Add vmalloc_cb and vfree_cb Konrad Rzeszutek Wilk
2016-03-18 13:20   ` Jan Beulich
2016-03-15 17:56 ` [PATCH v4 11/34] xsplice: Design document Konrad Rzeszutek Wilk
2016-03-23 11:18   ` Jan Beulich
2016-03-23 20:12     ` Konrad Rzeszutek Wilk
2016-03-23 20:21       ` Konrad Rzeszutek Wilk
2016-03-24  3:15     ` Konrad Rzeszutek Wilk
2016-03-24  9:32       ` Jan Beulich
2016-03-15 17:56 ` [PATCH v4 12/34] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op Konrad Rzeszutek Wilk
2016-03-16 12:12   ` Julien Grall
2016-03-16 19:58     ` Konrad Rzeszutek Wilk
2016-03-23 13:51   ` Jan Beulich
2016-03-24  3:13     ` Konrad Rzeszutek Wilk
2016-03-24  9:29       ` Jan Beulich
2016-03-15 17:56 ` [PATCH v4 13/34] libxc: Implementation of XEN_XSPLICE_op in libxc Konrad Rzeszutek Wilk
2016-03-16 18:12   ` Wei Liu
2016-03-16 20:36     ` Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 14/34] xen-xsplice: Tool to manipulate xsplice payloads Konrad Rzeszutek Wilk
2016-03-16 18:12   ` Wei Liu
2016-03-15 17:56 ` [PATCH v4 15/34] xsplice: Add helper elf routines Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 16/34] xsplice: Implement payload loading Konrad Rzeszutek Wilk
2016-03-22 17:25   ` Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 17/34] xsplice: Implement support for applying/reverting/replacing patches Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 18/34] x86/xen_hello_world.xsplice: Test payload for patching 'xen_extra_version' Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 19/34] xsplice, symbols: Implement symbol name resolution on address Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 20/34] x86, xsplice: Print payload's symbol name and payload name in backtraces Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 21/34] xsplice: Add .xsplice.hooks functions and test-case Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 22/34] xsplice: Add support for bug frames Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 23/34] xsplice: Add support for exception tables Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 24/34] xsplice: Add support for alternatives Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 25/34] build_id: Provide ld-embedded build-ids Konrad Rzeszutek Wilk
2016-03-16 18:34   ` Julien Grall
2016-03-16 21:02     ` Konrad Rzeszutek Wilk
2016-03-17  1:12       ` Konrad Rzeszutek Wilk
2016-03-17 11:08         ` Julien Grall
2016-03-17 13:39           ` Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 26/34] HYPERCALL_version_op: Add VERSION_OP_build_id to retrieve build-id Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 27/34] libxl: info: Display build_id of the hypervisor using XEN_VERSION_OP_build_id Konrad Rzeszutek Wilk
2016-03-16 18:12   ` Wei Liu
2016-03-15 17:56 ` [PATCH v4 28/34] xsplice: Print build_id in keyhandler and on bootup Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 29/34] xsplice: Stacking build-id dependency checking Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 30/34] xsplice/xen_replace_world: Test-case for XSPLICE_ACTION_REPLACE Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 31/34] xsplice: Print dependency and payloads build_id in the keyhandler Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 32/34] xsplice: Prevent duplicate payloads from being loaded Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 33/34] xsplice: Add support for shadow variables Konrad Rzeszutek Wilk
2016-03-15 17:56 ` [PATCH v4 34/34] MAINTAINERS/xsplice: Add myself and Ross as the maintainers Konrad Rzeszutek Wilk
2016-03-16 11:10   ` Jan Beulich
2016-03-17  0:44     ` Konrad Rzeszutek Wilk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56F4090D.5060003@citrix.com \
    --to=anshul.makkar@citrix.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=konrad.wilk@oracle.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).