[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] domctl: relax getdomaininfo permissions

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 05 Aug 2016 07:54:47 -0600
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 05 Aug 2016 13:54:58 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 05.08.16 at 15:10, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 05/08/16 12:20, Jan Beulich wrote:
>> I wonder what good the duplication of the returned domain ID does: I'm
>> tempted to remove the one in the command-specific structure. Does
>> anyone have insight into why it was done that way?
> 
> I wonder whether the first incarnation of this hypercall lacked a domid
> field in the returned structure?  It seems like the kind of thing which
> would be omitted, until the sysctl list version got introduced.

Oh, good point - that makes clear why the field can't be dropped:
That sysctl would break then.

>> --- a/xen/include/xsm/dummy.h
>> +++ b/xen/include/xsm/dummy.h
>> @@ -61,7 +61,12 @@ static always_inline int xsm_default_act
>>          return 0;
>>      case XSM_TARGET:
>>          if ( src == target )
>> +        {
>>              return 0;
>> +    case XSM_XS_PRIV:
>> +            if ( src->is_xenstore )
>> +                return 0;
>> +        }
>>          /* fall through */
>>      case XSM_DM_PRIV:
>>          if ( target && src->target == target )
>> @@ -71,10 +76,6 @@ static always_inline int xsm_default_act
>>          if ( src->is_privileged )
>>              return 0;
>>          return -EPERM;
>> -    case XSM_XS_PRIV:
>> -        if ( src->is_xenstore || src->is_privileged )
>> -            return 0;
>> -        return -EPERM;
>>      default:
>>          LINKER_BUG_ON(1);
>>          return -EPERM;
> 
> What is this change in relation to?  I can't see how it is related to
> the XSM changes mentioned in the commit, as that is strictly for the use
> of XSM_OTHER.

I don't see any XSM changes mentioned in the description, there
was only the XSM_OTHER related question outside the description.
Anyway - the change above is what guarantees the XSM_XS_PRIV
check, as invoked by xsm_domctl()'s XEN_DOMCTL_getdomaininfo
case, to fall through into XSM_DM_PRIV - after all that's what the
whole patch is about.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2] domctl: relax getdomaininfo permissions
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH v2] domctl: relax getdomaininfo permissions
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v2] domctl: relax getdomaininfo permissions
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [PATCH 3/3] x86/microcode: Avoid undefined behaviour from signed integer overflow
Next by Date: Re: [Xen-devel] [PATCH] CODING_STYLE: Allow single-sentence comments without full stops
Previous by thread: Re: [Xen-devel] [PATCH v2] domctl: relax getdomaininfo permissions
Next by thread: Re: [Xen-devel] [PATCH v2] domctl: relax getdomaininfo permissions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.