Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backdoor: allow avoiding iopl permission errors #8

Merged
merged 1 commit into from
Oct 7, 2020
Merged

backdoor: allow avoiding iopl permission errors #8

merged 1 commit into from
Oct 7, 2020

Conversation

lucab
Copy link
Contributor

@lucab lucab commented Oct 6, 2020
edited
Loading

This introduces additional methods for the backdoor-opening logic,
in order to allow consuming applications to keep going when changing
I/O access level is not allowed (see kernel_lockdown(7) on Linux).
In most cases the library may work without higher I/O level,
and actual failures can be handled via normal error-handling on RPC
methods.

Ref: https://github.com/lucab/vmw_backdoor-rs/issues/6

cgwalters
cgwalters reviewed Oct 6, 2020
View reviewed changes
src/backdoor.rs Outdated Show resolved Hide resolved
@lucab
backdoor: allow avoiding iopl permission errors
0e02703 
This introduces additional methods for the backdoor-opening logic,
in order to allow consuming applications to keep going when changing
I/O access level is not alloewd (see kernel_lockdown(7) on Linux).
In most cases the library may work without higher I/O level,
and actual failures can be handled via normal error-handling on RPC
methods.
@lucab lucab changed the title backdoor: allow ignoring iopl permission errors backdoor: allow avoiding iopl permission errors Oct 7, 2020
@lucab
Copy link
Contributor Author

lucab commented Oct 7, 2020
edited
Loading

I've repurposed the existing methods and added a new pair of _privileged methods on the side, how does that look to you?

I was actually unsure whether to do the opposite, i.e. keeping the existing methods with the iopl and adding _unprivileged ones without on the side. Thoughts?

cgwalters
cgwalters approved these changes Oct 7, 2020
View reviewed changes
Copy link
Member

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't deep dive into the logic, but superficially LGTM

@lucab
Copy link
Contributor Author

lucab commented Oct 7, 2020

@cgwalters thanks for the feedback!

@lucab lucab merged commit f94ccf0 into master Oct 7, 2020
@lucab lucab deleted the ups/iopl-eperm branch October 7, 2020 14:55
@lucab lucab mentioned this pull request Oct 8, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgwalters cgwalters cgwalters approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lucab @cgwalters