[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 14/15] xsm, argo: notify: don't describe rings that cannot be sent to

  • To: 'Christopher Clark' <christopher.w.clark@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "DeGraaf, Daniel G" <dgdegra@xxxxxxx>
  • Date: Mon, 7 Jan 2019 23:06:58 +0000
  • Accept-language: en-US
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, James McKenzie <james@xxxxxxxxxxx>, Eric Chanudet <eric.chanudet@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Delivery-date: Mon, 07 Jan 2019 23:07:11 +0000
  • Ironport-phdr: 9a23:AtirShNtPMZh0E/yYDol6mtUPXoX/o7sNwtQ0KIMzox0KPzzosbcNUDSrc9gkEXOFd2Cra4c26yO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhzexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzca3HfdMeWGFPQMBfWSJcCY+4docDEfYNMeNeooLgpVUBsAG+CBGsCu3x1zFImnH406470+s9Hg/J0xctH84Vv3nQsNn5KLseXOKzwaLVzTvDdfRW2TLl5YTGfB4uv/CCXahqfsXLx0kjDx7OgFuKpozjPjOayOANuHWa4eZuSOmijHMoqw5srTexyccskJPGi5kTylDf7yp12ok1JdqmSENiZ9OvDZhetzmCOodrXs8uWX9ktDs6x7Ecp5K3YioHxI46yxPcc/CLbpSE7gj9WOqMITp0nmxpdby9ihqo70Ss1/PwWtGp3FtLqidJiMfAu3AC2hDJ68WLUPpw80Sn1D2SzQ7c8PtELloxlafDLp4hxaM/mYQLvETYGy/2hF32jKiLdkU44uSo6/roYrHhppKEMIF6lwPwPLo3lsK+A+o0LxECUGaU9+mgyLHv4Ff1T6lNjv0siqnVqpbaJd8BqaKjDA9V1Zgj5w6+DzegztsYgWEKIE9ZdB6dkYTlJlHDLOrmAfuhgVmgiipnyvPeMr3kGJrNL3zDkLn7fbZ67k5R0Bc8zd9C6J1KBbEBOuj8V1T3tNzDFBA1KQO0w+H5CNllzIMRRXqPArOFMKPVqVKI5PggI++Ra48PuDf9Nvsl6uXhjX88g1AdfK2p0YELZ3C/G/RsO1+Zbmb0gtcdDWcKuRIzQ/LwiF2DTTFffWq9X6Im6TE9FYKpEJnMRpy2jbyO2Se0BJxWZmRcBl+QFnfocp2OW+0QZyKKPs9hjjsEWKCvSoA/1BGirgv6y7t6LubK4SAXqZPj1MRv5+3SmhA+7yB7D8OY02uVVWF7gnsIRyMq3KB4uUF90UyD0bRijPNDC9NT4/dJUgY8NZ7d1OF6CM79WhjHftiXTFaqWNKmASs+Ttgp2d8Bf159G8m+jhDExyeqH74Vl7mQCZ077K3c2WL9J8Fny3bJzKMhlUUpQtNTNW26ga5y7xXcB5bSk0WclqaqaaQc0TXX+2eb02WOpl1YUBNrUaXeWnAfYlbWrcj45kPFSb+uEq4rPRdGyc6HMqFKcMHmjU1aRPf/P9TTe3++m2itChmWybOMdpDldn4B3CTdFEcEkwcT8WyANQglHCituW3eDDtwFVj3eUPj7fF+qG+nTk8z1wyKbVdu17+r9R4OnvGTUOkT3rUBuCcgtjV0GUyx0M7RC9qFvwBhZrlTYcsh4Fdb0mLUrxR9MYK6L6B5nFEebh53sljh1xVyEIpAkMwqoGk2wwp1LKKSyElBeC+A3ZDsJr3XLXH//Aqoa67NwVHSys6W+qcO6PQ8qlXjpBqpFk0k83h83NlV1mGT5pTODAYITZ3xVUM3/QBgp77Geik9+5/U1Xp0PKe1rDDC3MgpBOQ7xRq6cdlfLaWEFAvoHM0CHMWhNvEql0K1YRIFIOBS7q80Psy8e/Sa366rOf5qnCi6gmRf/IB9zkWM+jJ9SuHS2ZYJ2fOY0RGbWDf/l1ehtcb3lJtaajEPBGaw1SnkBJJLZq1zcocHE3uhI8qyxt9mnZ7iR2ZY9EK/B1MBwMKmYxySYEHn3QJO20Ubu2ComSy/zzxsjT4ptKSS0TfSzOTjaBoHIG9LRWZ4gVjwJoi0isgQXFK0YAgxiBul+UH6yrBHq6R/NWnTQFxIfzTxL2F6Uqu/qKCCb9RB6Z8yrSpXVP6zYUqZSrPmrBsa1jnsH2paxDwhaz6qvZD5lQRgiG2BNHZzsGbZecZoyBbQ+tPcQ+dd0ScYSylmlzbXAkOxP92o/dWPi5fDqfqyVm2/WZ1VaSnr14SAtCml6mJ2HR2zhfezmsfoEQIiyy/0y8FqVTnUrBb7eoTrz761Mf9jfkVyGVD89tB6GptknYs2mJEdwmQVhpSJ/XodkGfyPs9X1r75bHoIXTQL2cLa4BD52E1/KXKE35j5VnKSwsR/fdm2eHsW1Tgg781RFKiU7aBEnTF0olu3tw7eff99njIFw/s09HEam/0JuBYqziiFAbASGk9YPTb2mBuV9dy/oqRXZGKscbWr00p+h8quA62Gog5CQnr2ZpAiHSpo5MVlLF3MyGHz6p3jeNTIb9IcrQObkwrEj+hUNJ0xluEHhTF6OWLmo3Ip0fI0jRtr3ZuipoiIN31t/L6lAh5fLjD1Zd4T+jXsjalAmMaaxY+vHo97FTUPWJvlVuinECgXtfj9KwmOFzg8+T+nHu+QNg+F6Vx6qGrPHorjHHWePnpWhYFpRAOcP1BYmAAZRnMl2JU9Hxqp7MPkeUZ9oDsW4wi84lFcx+QtOxThX2P3oAazdixyWJWZNABR7AxJ+wHSK8PUprZjEicd8pC/oQilLm2Aex8OHWwPQlaDBV3oIv+p/9aWoMaCAe/rZdfDTq+HoOIaH9uBw5Oi1sNJtX7YOsqDM3Z4BtU9wUMFUndnTZeK0w4TQjAawnqeJ/WQow2xr2gu9Jiy
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AdSm3KMIHKGuWDNHS4CZhahZU15RZw==
  • Thread-topic: [PATCH v3 14/15] xsm, argo: notify: don't describe rings that cannot be sent to
> From: Christopher Clark <christopher.w.clark@xxxxxxxxx>
> Subject: [PATCH v3 14/15] xsm, argo: notify: don't describe rings that cannot 
> be sent to
> 
> Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>

I have not checked to see how commonly this function is called, but it looks 
like it may have the potential for producing excessive AVC denials when just 
checking.  If this is the case, using another XSM hook (or adding a bool 
parameter to the existing one) to distinguish between this case and the actual 
send attempt would let you use avc_has_perm_noaudit here to avoid that log 
spam. If this call doesn't happen in some automated/common fashion, it's fine 
as-is.

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.